Several vulnerabilities patched recently in Siemens Sicam products could be exploited in attacks aimed at the energy sector.

The post Siemens Sicam Vulnerabilities Could Facilitate Attacks on Energy Sector appeared first on SecurityWeek.

Exploitation attempts targeting CVE-2024-5806, a critical MOVEit Transfer vulnerability patched recently, have started.

The post Exploitation Attempts Target New MOVEit Transfer Vulnerability appeared first on SecurityWeek.

The European Council has added six Russian hackers to the EU’s sanctions list for their cyberattacks against member states and Ukraine.

The post EU Sanctions Six Russian Hackers appeared first on SecurityWeek.

Employees of the Any.Run malware analysis service were recently targeted in a phishing attack that was part of a BEC campaign.

The post Malware Sandbox Any.Run Targeted in Phishing Attack appeared first on SecurityWeek.

Neiman Marcus has disclosed a data breach impacting 64,000 people just as a hacker announced the sale of customer data.

The post Neiman Marcus Data Breach Disclosed as Hacker Offers to Sell Stolen Information appeared first on SecurityWeek.

New attack named SnailLoad allows a remote attacker to infer websites and videos viewed by a user without direct access to network traffic.

The post New SnailLoad Attack Relies on Network Latency Variations to Infer User Activity appeared first on SecurityWeek.

The EFF has issued a warning over the use of automated license plate readers following the discovery of serious vulnerabilities. 

The post EFF Issues New Warning After Discovery of Automated License Plate Reader Vulnerabilities appeared first on SecurityWeek.

The US has imposed sanctions on 12 individuals who have leadership roles at Kaspersky in Russia and the UK.

The post US Sanctions 12 Kaspersky Executives  appeared first on SecurityWeek.

A recently patched Vision Pro vulnerability was classified by Apple as a DoS issue, but a researcher has shown that it’s ‘scary’.

The post Spatial Computing Hack Exploits Apple Vision Pro Flaw to Fill Room With Spiders, Bats appeared first on SecurityWeek.

The US government announced a ban on the sale of Kaspersky software over fears that the company is controlled by the Russian government.

The post US Bans Kaspersky Software appeared first on SecurityWeek.

Car dealership software provider CDK Global was in the process of restoring services impacted by a cyberattack when it discovered an additional hack.

The post Disruptions at Many Car Dealerships Continue as CDK Hack Worsens appeared first on SecurityWeek.

Hundreds of PC and server models may be affected by CVE-2024-0762, a privilege escalation and code execution flaw in Phoenix SecureCore UEFI firmware.

The post Hundreds of PC, Server Models Possibly Affected by Serious Phoenix UEFI Vulnerability appeared first on SecurityWeek.

Post-quantum cryptography (PQC) company PQShield has raised $37 million in Series B funding for its quantum-safe cryptography solutions.

The post Post-Quantum Cryptography Firm PQShield Raises $37 Million appeared first on SecurityWeek.

Roundup of the cybersecurity-related merger and acquisition (M&A) deals announced in the first half of June 2024.

The post Cybersecurity M&A Roundup for First Half of June 2024 appeared first on SecurityWeek.

CISA has notified RAD after finding a PoC exploit targeting a high-severity vulnerability in an outdated industrial switch.

The post CISA Warns of PoC Exploit for Vulnerability in RAD SecFlow-2 Industrial Switch appeared first on SecurityWeek.

AMD has launched an investigation after a notorious hacker announced selling sensitive data allegedly belonging to the company.

The post AMD Investigating Breach Claims After Hacker Offers to Sell Data appeared first on SecurityWeek.

Researchers have targeted the MTE security feature in Arm CPUs and showed how attackers could bypass protections.

The post New TikTag Attack Targets Arm CPU Security Feature  appeared first on SecurityWeek.

Serious vulnerabilities that can allow remote code execution and privilege escalation have been patched in VMware vCenter Server.

The post Critical Code Execution Vulnerabilities Patched in VMware vCenter Server appeared first on SecurityWeek.

US insurance company Globe Life is investigating a data breach involving unauthorized access to consumer and policyholder information. 

The post Insurance Company Globe Life Investigating Data Breach appeared first on SecurityWeek.

A British man has been arrested in Spain for allegedly being the ringleader of the notorious Scattered Spider cybercrime group.

The post UK Man Suspected of Being ‘Scattered Spider’ Leader Arrested appeared first on SecurityWeek.

Rockwell Automation has patched three high-severity vulnerabilities in its FactoryTalk View SE HMI software.

The post Rockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SE appeared first on SecurityWeek.

Microsoft is not rolling out Recall with Copilot+ PCs as it’s seeking additional feedback and working on improving security.

The post Microsoft Delaying Recall Feature to Improve Security appeared first on SecurityWeek.

Pyte has raised $5 million for its secure computation platform, bringing the total investment in the company to $12 million. 

The post Pyte Raises $5 Million for Secure Data Collaboration Solutions appeared first on SecurityWeek.

AWS announced passkey MFA for IAM and root users, IAM Access Analyzer updates, and Amazon GuardDuty Malware Protection for S3.

The post AWS Announces Authentication and Malware Protection Enhancements appeared first on SecurityWeek.

Analysis and insights on the prevalence and impact of password exposure vulnerabilities in ICS and other OT products.

The post Prevalence and Impact of Password Exposure Vulnerabilities in ICS/OT  appeared first on SecurityWeek.

The Black Basta ransomware gang may have exploited the Windows privilege escalation flaw CVE-2024-26169 before it was patched.

The post Ransomware Group May Have Exploited Windows Vulnerability as Zero-Day appeared first on SecurityWeek.

Data security company Cyberhaven has raised $88 million in a Series C funding round that brings the total to $136 million.

The post Data Security Firm Cyberhaven Raises $88 Million at $488 Million Valuation appeared first on SecurityWeek.

The code hosting platform GitHub has paid out more than $4 million since the launch of its bug bounty program 10 years ago.

The post GitHub Paid Out Over $4 Million via Bug Bounty Program appeared first on SecurityWeek.

Several ICS vendors released advisories on Tuesday to inform customers about vulnerabilities found in their industrial and OT products. 

The post ICS Patch Tuesday: Advisories Published by Siemens, Schneider Electric, Aveva, CISA appeared first on SecurityWeek.

Apple has released a visionOS update that patches CVE-2024-27812, which may be the first flaw specific to the VR headset.

The post Apple Patches Vision Pro Vulnerability Used in Possibly ‘First Ever Spatial Computing Hack’ appeared first on SecurityWeek.

BlackBerry says the Cylance data offered for sale for $750,000 is old and its own systems have not been compromised. 

The post BlackBerry Cylance Data Offered for Sale on Dark Web appeared first on SecurityWeek.

OT zero trust user access platform provider Xona has raised $18 million, which brings its total investment to $32 million.

The post Xona Raises $18 Million for OT Remote Access Platform appeared first on SecurityWeek.

The New York Times has issued a statement after someone leaked source code allegedly belonging to the news giant. 

The post New York Times Responds to Source Code Leak appeared first on SecurityWeek.

Cisco Talos researchers have found over a dozen vulnerabilities in AutomationDirect PLCs, including flaws that could be valuable to attackers.

The post Cisco Finds 15 Vulnerabilities in AutomationDirect PLCs appeared first on SecurityWeek.

Auction house Christie's says the data breach caused by the recent ransomware attack impacts the information of 45,000 individuals.

The post Christie’s Says Ransomware Attack Impacts 45,000 People appeared first on SecurityWeek.

Mozilla has announced a 0Day Investigative Network (0Din) bug bounty program for LLMs and other deep learning tech.

The post Mozilla Launches 0Din Gen-AI Bug Bounty Program appeared first on SecurityWeek.

To comply with new UK government regulations, Apple has specified that iPhones will get at least 5 years of security updates.

The post Apple Says iPhones Will Get Security Updates for at Least 5 Years appeared first on SecurityWeek.

The US government is trying to recover more than $5.3 million stolen by cybercriminals through a BEC scheme from a workers union.

The post US Authorities Attempting to Recover $5.3 Million Stolen in BEC Scam  appeared first on SecurityWeek.

It took code security firm Kiuwan nearly two years to patch several serious vulnerabilities found in its SAST products.

The post Vulnerabilities Patched in Kiuwan Code Security Products After Long Disclosure Process appeared first on SecurityWeek.

The FBI has obtained more than 7,000 LockBit ransomware decryption keys and is urging victims to get in touch with its IC3.

The post FBI Says It Has 7,000 LockBit Ransomware Decryption Keys appeared first on SecurityWeek.

Cybersecurity researchers are demonstrating how malware could steal data collected by the new Windows Recall feature.

The post Researchers Show How Malware Could Steal Windows Recall Data appeared first on SecurityWeek.

There are 1.2 million cybersecurity workers in the US, but 225,000 more are needed to close the talent gap, according to new data.

The post 225,000 More Cybersecurity Workers Needed in US: CyberSeek appeared first on SecurityWeek.

Cisco has released a security advisory after researchers discovered that the German government’s Webex meetings were exposed.

The post Cisco Patches Webex Bugs Following Exposure of German Government Meetings appeared first on SecurityWeek.

CISA has added an old Oracle WebLogic flaw tracked as CVE-2017-3506 to its known exploited vulnerabilities catalog.

The post CISA Warns of Attacks Exploiting Old Oracle WebLogic Vulnerability appeared first on SecurityWeek.

Roundup of the more than two dozen cybersecurity-related merger and acquisition (M&A) deals announced in May 2024.

The post Cybersecurity M&A Roundup: 28 Deals Announced in May 2024 appeared first on SecurityWeek.

Cox recently patched a series of vulnerabilities that could have allowed hackers to remotely take control of millions of modems.

The post Vulnerabilities Exposed Millions of Cox Modems to Remote Hacking appeared first on SecurityWeek.

AI tool development platform Hugging Face has detected a Spaces hack that resulted in the exposure of secrets.

The post Secrets Exposed in Hugging Face Hack appeared first on SecurityWeek.

The email addresses and other information of hundreds of British, French and EU politicians have been found on the dark web.

The post Information of Hundreds of European Politicians Found on Dark Web appeared first on SecurityWeek.

The BBC has disclosed a data breach impacting over 25,000 current and former employees, but the incident did not involve ransomware.

The post BBC Data Breach Impacts 25,000 Employees appeared first on SecurityWeek.