Security Week
SD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure Networking
SD-WAN must be scalable, stable, secure, and fully operational to serve as a strong base for seamless modernization and progression to SASE.
The post SD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure Networking appeared first on SecurityWeek.
New Password Cracking Analysis Targets Bcrypt
Hive Systems conducts another study on cracking passwords via brute-force attacks, but it’s no longer targeting MD5.
The post New Password Cracking Analysis Targets Bcrypt appeared first on SecurityWeek.
Prophet Security Emerges From Stealth Mode With $11 Million in Funding
Bain Capital Ventures and angel investors invest $11 million in automated alerts analysis startup Prophet Security.
The post Prophet Security Emerges From Stealth Mode With $11 Million in Funding appeared first on SecurityWeek.
$10 Million Bounty on Iranian Hackers for Cyber Attacks on US Gov, Defense Contractors
Four Iranians are accused of hacking into critical systems at the Departments of Treasury and State and dozens of private US companies.
The post $10 Million Bounty on Iranian Hackers for Cyber Attacks on US Gov, Defense Contractors appeared first on SecurityWeek.
Spain Reopens a Probe Into a Pegasus Spyware Case After a French Request to Work Together
The judge with Spain’s National Court said there is reason to believe that the new information provided by France can “allow the investigations to advance.”
The post Spain Reopens a Probe Into a Pegasus Spyware Case After a French Request to Work Together appeared first on SecurityWeek.
The Battle Continues: Mandiant Report Shows Improved Detection But Persistent Adversarial Success
Mandiant's M-Trends 2024 report shows that defenses are improving – and that may be true. But the reality remains that these same statistics demonstrate that if anything, the attackers still retain the upper hand.
The post The Battle Continues: Mandiant Report Shows Improved Detection But Persistent Adversarial Success appeared first on SecurityWeek.
Russian Cyberspies Deliver ‘GooseEgg’ Malware to Government Organizations
Russia-linked APT28 deploys the GooseEgg post-exploitation tool against numerous US and European organizations.
The post Russian Cyberspies Deliver ‘GooseEgg’ Malware to Government Organizations appeared first on SecurityWeek.
UnitedHealth Says Patient Data Exposed in Change Healthcare Cyberattack
UnitedHealth confirms that personal and health information was stolen in a ransomware attack that could cost the company up to $1.6 billion.
The post UnitedHealth Says Patient Data Exposed in Change Healthcare Cyberattack appeared first on SecurityWeek.
Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability
Palo Alto Networks firewall vulnerability CVE-2024-3400, exploited as a zero-day, impacts a Siemens industrial product.
The post Siemens Industrial Product Impacted by Exploited Palo Alto Firewall Vulnerability appeared first on SecurityWeek.
Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor
The LockBit ransomware gang leaks data allegedly stolen from government contractor Tyler Technologies.
The post Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor appeared first on SecurityWeek.
Microsoft DRM Hack Could Allow Movie Downloads From Popular Streaming Services
Microsoft PlayReady vulnerabilities that could allow rogue subscribers to illegally download movies from popular streaming services.
The post Microsoft DRM Hack Could Allow Movie Downloads From Popular Streaming Services appeared first on SecurityWeek.
Research Shows How Attackers Can Abuse EDR Security Products
Vulnerabilities in Palo Alto Networks Cortex XDR allowed a security researcher to turn it into a malicious offensive tool.
The post Research Shows How Attackers Can Abuse EDR Security Products appeared first on SecurityWeek.
Rural Texas Towns Report Cyberattacks That Caused One Water System to Overflow
A hack that caused a small Texas town’s water system to overflow in January has been linked to a shadowy Russian hacktivist group, the latest case of a U.S. public utility becoming a target of foreign cyberattacks.
The post Rural Texas Towns Report Cyberattacks That Caused One Water System to Overflow appeared first on SecurityWeek.
CrushFTP Patches Exploited Zero-Day Vulnerability
CrushFTP patches a zero-day vulnerability allowing unauthenticated attackers to escape the VFS and retrieve system files.
The post CrushFTP Patches Exploited Zero-Day Vulnerability appeared first on SecurityWeek.
Thousands of Palo Alto Firewalls Potentially Impacted by Exploited Vulnerability
Shadowserver has identified roughly 6,000 internet-accessible Palo Alto Networks firewalls potentially vulnerable to CVE-2024-3400.
The post Thousands of Palo Alto Firewalls Potentially Impacted by Exploited Vulnerability appeared first on SecurityWeek.
MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days
MITRE R&D network hacked in early January by a state-sponsored threat group that exploited an Ivanti zero-day vulnerability.
The post MITRE Hacked by State-Sponsored Group via Ivanti Zero-Days appeared first on SecurityWeek.
Cannes Hospital Cancels Medical Procedures Following Cyberattack
Cannes Hospital Centre – Simone Veil cancels medical procedures after shutting down systems in response to a cyberattack.
The post Cannes Hospital Cancels Medical Procedures Following Cyberattack appeared first on SecurityWeek.
BreachRx Raises $6.5M to Revamp Incident Response Reporting Systems
Investors make an early-stage $6.5 million bet on BreachRx, a startup promising to shield cybersecurity executives from personal liability.
The post BreachRx Raises $6.5M to Revamp Incident Response Reporting Systems appeared first on SecurityWeek.
Threat-Intelligence Startup VulnCheck Closes $8M Seed Financing
VulnCheck banks $8 million in early stage capital to build 'exploit intelligence' technologies and services.
The post Threat-Intelligence Startup VulnCheck Closes $8M Seed Financing appeared first on SecurityWeek.
In Other News: OSS Backdooring Attempts, Botnet Operator Charged, Automotive Firm Attack
Noteworthy stories that might have slipped under the radar: OpenSSF and OpenJS incidents similar to XZ backdoor, Moldovan botnet operator charged, US automotive company targeted by FIN7.
The post In Other News: OSS Backdooring Attempts, Botnet Operator Charged, Automotive Firm Attack appeared first on SecurityWeek.