🐛 COMMON VULNERABILITIES AND EXPOSURES 10[−]
11 MarProof-of-Concept Exploit Released for Progress Software OpenEdge VulnerabilityTechnical specifics and a proof-of-concept (PoC) exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to bypass authentication protections. Track…THEHACKERNEWS.COM
11 MarCritical Fortinet Flaw May Impact 150,000 Exposed DevicesApproximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows code execution without authentication.BLEEPINGCOMPUTER.COM
11 MarCisco Addressed Severe Flaws in Its Secure ClientCisco Secure Client is affected by two high-severity vulnerabilities, CVE-2024-20337 and CVE-2024-20338, which could lead to code execution and unauthorized remote access VPN sessions.SECURITYAFFAIRS.COM
11 MarPoC Exploit Released for OpenEdge Authentication Gateway & AdminServer VulnerabilityA Proof of Concept (PoC) exploit has been released for a vulnerability in the OpenEdge Authentication Gateway and AdminServer. This vulnerability, CVE-2024-1403, affects multiple versions of the OpenEdge platform and could potentially allow unauthorized access to sensitive system…GBHACKERS.COM
11 MarMultiple QNAP Vulnerabilities Let Attackers Inject Malicious CodesQNAP has disclosed a series of vulnerabilities within its operating systems and applications that could potentially allow attackers to compromise system security and execute malicious commands. These vulnerabilities, identified as CVE-2024-21899, CVE-2024-21900, and CVE-2024-2190…GBHACKERS.COM
11 MarMagnet Goblin hackers used Ivanti bugs to drop custom Linux malwareA financially motivated hacker group, tracked as Magnet Goblin, has been using cracked public-facing servers through 1-day exploitations to drop custom Linux malware , according to CheckPoint. One of the group’s primary exploits included the Ivanti Connect Secure RCE bug , trac…CSOONLINE.COM
11 MarPossibly Exploited Fortinet Flaw Impacts Many Systems, but No Signs of Mass Attacks150,000 systems possibly impacted by the recent Fortinet vulnerability CVE-2024-21762, but there is still no evidence of widespread exploitation. The post Possibly Exploited Fortinet Flaw Impacts Many Systems, but No Signs of Mass Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
11 MarWordPress Builder Plugin Flaw Exposes 3,300+ Websites To XSS AttackA recent surge in attacks from a new malware campaign exploits a known vulnerability in the WordPress plugin Popup Builder, infecting over 3,300 websites with XSS attacks. A recent Balada Injector campaign discovered in January exploited a cross-site scripting (XSS) vulnerability…GBHACKERS.COM
11 MarRecent TeamCity Vulnerability Exploited in Ransomware AttacksServers impacted by recently patched TeamCity vulnerability CVE-2024-27198 targeted in ransomware attacks and abused for DDoS. The post Recent TeamCity Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
11 MarBianLian group exploits TeamCity again, deploys PowerShell backdoorThe BianLian extortion group was recently seen exploiting vulnerabilities in the TeamCity continuous integration server for initial access into networks. In the latest attacks the group also deployed a previously unknown backdoor written in PowerShell that seems to be a reimpleme…CSOONLINE.COM
⚠️ VULNERABILITY DISCLOSURE 22[−]
11 MarMagnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RATA financially motivated threat actor called Magnet Goblin is swiftly adopting one-day security vulnerabilities into its arsenal in order to opportunistically breach edge devices and public-facing services and deploy malware on compromised hosts. “Threat actor group Magn…THEHACKERNEWS.COM
11 MarVulnerability in 16.5K+ VMware ESXi Instances Let Attackers Execute CodeVMware’s ESXi, Workstation, and Fusion products could allow attackers to execute malicious code on affected systems. Impacted VMware Products These vulnerabilities impact the following VMware products: VMware has acknowledged the presence of several vulnerabilities in its p…GBHACKERS.COM
11 MarMicrosoft Says Russian Hackers Stole Source Code After Spying on Its ExecutivesMicrosoft is facing an ongoing attack from a Russia state-sponsored threat actor that stole data from senior-level executives and is attempting to gain unauthorized access to the company's systems.THEVERGE.COM
11 MarGenerative AI poised to make substantial impact on DevSecOpsGenerative AI is expected to help write secure code, improve code analysis, create tests, write documentation, and assist with many other DevSecOps functions. But the technology is still in its infancy, and early results are mixed. The optimistic view is that by training the AI o…CSOONLINE.COM
11 MarDefense Unicorns Raises $35 Million to Enhance National Security Through Open-Source SoftwareThe company has developed open source projects like Zarf, LeapfrogAI, Pepr, and Lula to overcome technical hurdles and offers core capabilities such as Your App Your Environment, Software Factory, and AI for National Security.HELPNETSECURITY.COM
11 MarMatanbuchus Malware Weaponizing XLS files to Hijack Windows MachineThe Matanbuchus malware has been reported to initiate a new campaign, exploiting XLS files to compromise Windows machines. This sophisticated threat, known for its loader-as-a-service model, has been active for several years and poses a risk to users worldwide. Matanbuchus, a nam…GBHACKERS.COM
11 MarQNAP Warns of Critical Auth Bypass Flaw in its NAS DevicesThree vulnerabilities have been disclosed, including an authentication bypass, command injection, and SQL injection, with one allowing remote execution without authentication.BLEEPINGCOMPUTER.COM
11 MarNew Open Source Tool Hunts for APT Activity in the CloudThe CloudGrappler open source tool can detect the presence of known threat actors in cloud environments. The post New Open Source Tool Hunts for APT Activity in the Cloud appeared first on SecurityWeek .SECURITYWEEK.COM
11 MarBianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware AttacksThe threat actors behind the BianLian ransomware have been observed exploiting security flaws in JetBrains TeamCity software to conduct their extortion-only attacks. According to a new report from GuidePoint Security, which responded to a recent intrusion, the incident …THEHACKERNEWS.COM
11 MarMagnet Goblin Targets Publicly Facing Servers Using 1-Day VulnerabilitiesMagnet Goblin is a financially motivated threat actor that rapidly exploits 1-day vulnerabilities in public-facing services to initiate attacks. This actor has targeted Ivanti, Magento, Qlink Sense, and possibly Apache ActiveMQ.RESEARCH.CHECKPOINT.COM
11 MarCISA Forced to Take Two Systems Offline Last Month After Ivanti CompromiseThe breach was limited to two systems, the Infrastructure Protection (IP) Gateway and the Chemical Security Assessment Tool (CSAT), which house critical information about U.S. infrastructure interdependency and private sector chemical security plans.THERECORD.MEDIA
11 MarBills Targeting Data Brokers and TikTok Approved in House CommitteeThe House Energy and Commerce Committee approved two significant data privacy bills, including one targeting TikTok's Chinese ownership and another blocking data brokers from selling Americans' data to foreign adversaries.THERECORD.MEDIA
11 MarCritical Vulnerability Allows Access to QNAP NAS DevicesCritical-severity vulnerability could allow network attackers to access QNAP NAS devices without authentication. The post Critical Vulnerability Allows Access to QNAP NAS Devices appeared first on SecurityWeek .SECURITYWEEK.COM
11 MarUltimate Member Plugin Flaw Exposes 100,000 WordPress Sites to AttacksA high-severity XSS vulnerability in the Ultimate Member plugin allows attackers to inject scripts into WordPress sites. The post Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks appeared first on SecurityWeek .SECURITYWEEK.COM
11 MarUK: Cyberattack Cripples Leicester City Council Systems Until ‘At Least Midweek'While the nature of the cyberattack has not been disclosed, it is noted that this incident is part of a series of attacks on local authorities this year, with the latest affecting the council's ability to provide essential services.LEICESTERMERCURY.CO.UK
11 MarBianLian Group Exploits JetBrains TeamCity Bugs in Ransomware AttacksThe BianLian ransomware group exploited vulnerabilities in JetBrains TeamCity software to gain initial access to target environments. The group attempted to execute a custom GO backdoor but switched to LotL and utilized a PowerShell backdoor instead.SECURITYAFFAIRS.COM
11 MarWhy you need a platform approach to securityThere’s no shortage of cybersecurity tools for today’s Security Operations Centers (SOCs). As it turns out, however, that’s part of the problem in addressing the overwhelming task of monitoring, detecting, and responding to potential threats. This is the hangover from layered sec…CSOONLINE.COM
11 MarOver 15,000 hacked Roku accounts sold for 50¢ each to buy hardwareRoku has disclosed a data breach impacting over 15,000 customers after hacked accounts were used to make fraudulent purchases of hardware and streaming subscriptions. [...]BLEEPINGCOMPUTER.COM
11 MarDropbox Used in Latest Exploit for Phishing AttacksDarktrace Warns of Malware Hidden in PDF Stored in Dropbox Phishing attacks continue to adapt to exploit popular apps. While many phishing campaigns have focused on mobile banking and payment sites, attackers are also targeting widely used but lower-profile, cloud-based utilities…DATABREACHTODAY.CO.UK
11 MarFour things we learned when US spy chiefs testified to CongressCyberattacks, regional conflict, weapons of mass destruction, terrorism, commercial spyware, AI, misinformation, disinformation, deepfakes, and TikTok. These are just some of the top perceived threats that the United States faces, according to the U.S. government’s intellig…TECHCRUNCH.COM
11 MarChina Planted Mystery Devices On Cranes Used In US Ports, Could Seize Control Remotely: Congressional Lettersubmitted by c0mmando to netsec 1 points | 0 comments https://www.zerohedge.com/geopolitical/china-planted-mystery-devices-cranes-used-us-ports-could-seize-control-remotely The lawmakers say that numerous modems with no known function were uncovered from ship-to-shore (STS) crane…ZEROHEDGE.COM
📢 SECURITY ADVISORIES 12[−]
11 MarThreat actors breached two crucial systems of the US CISAsubmitted by kid to cybersecurity 3 points | 0 comments https://securityaffairs.com/160246/hacking/us-cisa-systems-hacked.htmlSECURITYAFFAIRS.COM
11 MarIran-Linked ‘Lord Nemesis’ Group Appears Intent on Intimidating Israeli Organizations, Report SaysAn Iranian state-backed hacking group, known as Lord Nemesis, targeted an Israeli academic administration software company called Rashim Software. The attackers used their access to infiltrate several of the company's clients.THERECORD.MEDIA
11 MarIncognito Darknet Market Mass-Extorts Buyers, SellersBorrowing from the playbook of ransomware purveyors, the darknet narcotics bazaar Incognito Market has begun extorting all of its vendors and buyers, threatening to publish cryptocurrency transaction and chat records of users who refuse to pay a fee ranging from $100 to $20,000. …KREBSONSECURITY.COM
11 MarIn Effort to Bolster Government Cybersecurity, Biden Administration Takes Step to Ensure Secure Development PracticesCISA.GOV
11 MarCritical Considerations for AI Developments in HealthcareSunil Dadlani, CIO and CISO of Atlantic Health System on AI Promise, Risks AI holds enormous potential for transforming and reimagining all aspects of healthcare, but mitigating the risks requires a collaborative, comprehensive approach prioritizing data security, regulatory comp…DATABREACHTODAY.CO.UK
11 MarCISA Lacks Staff with Skills Needed to Safeguard OTGAO Report Criticizes CISA's Info Sharing Programs for Critical Infrastructure The U.S. Government Accountability Office found that CISA lacks the skilled staff to effectively share information with critical infrastructure operators about threats. Also, the GAO found that the Pip…DATABREACHTODAY.CO.UK
11 MarUS Federal Budget Proposes $27.5B for CybersecurityBudget Proposes Incremental Increases, Not Leaps, But Small Budget Cut for CISA The Biden administration doesn't propose huge leaps in cybersecurity funding in an annual spending blueprint unveiled Monday afternoon. U.S. federal civilian cybersecurity spending would amount to $13…DATABREACHTODAY.CO.UK
🔥 INCIDENT REPORTING 14[−]
11 MarNew DoNex Ransomware Observed in the Wild Targeting EnterprisesEnterprises across the United States and Europe are on high alert as a new ransomware strain, dubbed “DoNex,” has been actively compromising companies and claiming victims. This emergent threat has cybersecurity experts working overtime to understand the attack’…GBHACKERS.COM
11 MarUK: Jersey Regulator’s Data Breach Leaks Names and AddressesThe leak did not connect individuals to registered entities or roles, and the organization is working with the Jersey Office of the Information Commissioner to investigate further.BBC.COM
11 MarRansomware Actors Using Dozen of Legitimate Data-Exfiltration Tools to Hack SystemsIn recent months, the cybersecurity landscape has witnessed a significant evolution in ransomware attacks, with perpetrators deploying an increasingly diverse array of data-exfiltration tools. Symantec’s latest findings reveal that attackers have utilized at least a dozen d…GBHACKERS.COM
11 MarUpdate: Change Healthcare Systems Expected to Come back Online in Mid-MarchUnitedHealth Group is providing additional financial relief to healthcare providers affected by the cyberattack, including advancing funds and expanding temporary financing programs.CYBERSECURITYDIVE.COM
11 MarPrata säkerhet med oss Ransomware - viktigaste orsakerna och åtgärderna - SWEDISH LANGUAGE - 1:23 hoursubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/34b0e3ca-1b5a-4ff2-9043-690849fa6a47.jpeg Prata säkerhet med oss Ransomware Ransomware - vanligaste sätten att drabbas Vi går igenom de vanligaste orsakerna till att organisationer drabbas …INFOSEC.PUB
11 MarUK Government’s Ransomware Failings Leave Country ‘Exposed and Unprepared’The UK government has been criticized for a lack of preparedness and strategic response to the growing threat of ransomware attacks, with a parliamentary committee accusing it of an "ostrich strategy" of burying its head in the sand.THERECORD.MEDIA
11 MarPaysign Investigating Reports of Stolen Database Being Sold by HackersHackers attempted to sell a database allegedly belonging to the company, which is said to contain millions of records. Despite this, Paysign assured that there has been no disruption to their services, and customers can continue using their accounts.THERECORD.MEDIA
11 MarFBI's 2023 Internet Crime Report Highlights Alarming Trends on RansomwareThe specter of cybercrime continues to grow, with losses soaring to $12.5 billion in 2023, according to the recently released Internet Crime Report by the FBI's Internet Crime Complaint Center (IC3).KNOWBE4.COM
11 MarHow New and Old Security Threats Keep PersistingNew research by Cymulate highlights the correlation between threat exposures, vulnerabilities, misconfigurations, and security controls. It emphasizes the importance of proactive security measures to prevent cyberattacks.HELPNETSECURITY.COM
11 MarBelgian Village Whose Brewery was Hit by Cyberattack Faces Another on its Coffee RoasteryThe Belgian village of Breendonk has experienced cyberattacks targeting both Duvel Moortgat Brewery and local coffee roasters Koffie Beyers, with the incidents occurring at the same time and in close geographic proximity.THERECORD.MEDIA
11 MarResearchers expose Microsoft SCCM misconfigs usable in cyberattacksSecurity researchers have created a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft's Configuration Manager, which could allow an attacker to execute payloads or become a domain controller. [...]BLEEPINGCOMPUTER.COM
11 MarEquilend warns employees their data was stolen by ransomware gangNew York-based securities lending platform EquiLend Holdings confirmed in data breach notification letters sent to employees that their data was stolen in a January ransomware attack. [...]BLEEPINGCOMPUTER.COM
11 MarOkta says data leaked on hacking forum not from its systemsOkta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum. [...]BLEEPINGCOMPUTER.COM
🕵️ THREAT INTELLIGENCE 23[−]
11 MarWhat happens when you accidentally leak your AWS API keys? [Guest Diary], (Sun, Mar 10th)[This is a Guest Diary by Noah Pack, an ISC intern as part of the SANS.edu BACS program]
ISC.SANS.EDU
11 MarISC Stormcast For Monday, March 11th, 2024 https://isc.sans.edu/podcastdetail/8888, (Mon, Mar 11th)(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.ISC.SANS.EDU
11 MarTransitioning to memory-safe languages: Challenges and considerations - Help Net Securitysubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://www.helpnetsecurity.com/2024/03/11/omkhar-arasaratnam-openssf-memory-safe-programming-languages/ Memory-safe languages let programmers focus on quality code, avoiding risks of low-level memory manage…HELPNETSECURITY.COM
11 MarLithuania Warns China Has Ramped up Espionage CampaignsThe opening of Taiwan's Representative Office in Lithuania has prompted China to increase its focus on gathering information about the country's internal affairs and political landscape.THERECORD.MEDIA
11 MarUsing LLMs to Unredact TextInitial results in using LLMs to unredact text based on the size of the individual-word redaction rectangles. This feels like something that a specialized ML system could be trained on.SCHNEIER.COM
11 MarMagnet Goblin Delivers Linux Malware Using One-Day VulnerabilitiesThe financially motivated threat actor Magnet Goblin is targeting one-day vulnerabilities to deploy Nerbian malware on Linux systems. The post Magnet Goblin Delivers Linux Malware Using One-Day Vulnerabilities appeared first on SecurityWeek .SECURITYWEEK.COM
11 MarOffensiveCon23 - 18 talkssubmitted by ashar to security_cpe 1 points | 0 comments https://infosec.pub/pictrs/image/1287ba09-0bf2-4044-9ec5-359d3f657adf.png OffensiveCon23 Schedule Speakers list OffensiveCon23 PlaylistINFOSEC.PUB
11 MarMicrosoft admits Russian state hack still not contained. ‘This has tremendous national security implications’submitted by kid to cybersecurity 2 points | 2 comments https://fortune.com/2024/03/09/microsoft-admits-russian-state-hack-still-not-contained/ Interesting view on this situation.FORTUNE.COM
11 MarMagnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities - Check Point Researchsubmitted by kid to cybersecurity 1 points | 1 comments https://research.checkpoint.com/2024/magnet-goblin-targets-publicly-facing-servers-using-1-day-vulnerabilities/RESEARCH.CHECKPOINT.COM
11 MarThe European Union's Unified Approach to Cybersecurity: The Cyber Solidarity ActThe construction of a more cyber resilient European Union (EU) took a remarkable step forward this past week as negotiators from the European Parliament and the European Council reached a provisional agreement on the proposed Cyber Solidarity Act.KNOWBE4.COM
11 MarThree Essential Truths Every CISO Should Know To Guide Their Career LinkedInAccording to my research, it became clear that if CISO's focused on these three items, it would take care of 99% of the vulnerabilities.KNOWBE4.COM
11 MarDave Aitel - Information Security Is an Ecology of Horrors and You Are the Solution - OffensiveCon23submitted by ashar to security_cpe 3 points | 0 comments https://infosec.pub/pictrs/image/1374cc1d-6687-4c01-a513-ea845ac04f18.png Dave Aitel - Information Security Is an Ecology of Horrors and You Are the Solution Dave Aitel is a former NSA computer scientist, one of the early i…INFOSEC.PUB
11 MarCyberGate RAT Mimic as Dorks to Attack Cybersecurity ProfessionalsThreat actors target a niche group of internet users, security researchers, penetration testers, and even cybercriminals. The weapon of choice is malicious software known as CyberGate Remote Access Trojan (RAT), which has been lurking in the cyber realm for several years. The lat…GBHACKERS.COM
11 MarSecurityWeek Cyber Insights 2024 SeriesCyber Insights 2024 talks to hundreds of industry experts from dozens of companies covering seven primary topics. The post SecurityWeek Cyber Insights 2024 Series appeared first on SecurityWeek .SECURITYWEEK.COM
11 MarSoftware Reliability Firm Steadybit Raises $6 MillionSteadybit was founded in 2019 and has now raised a total of $13.8 million in funding. The post Software Reliability Firm Steadybit Raises $6 Million appeared first on SecurityWeek .SECURITYWEEK.COM
11 MarItalian Data Regulator Launch Probe Into OpenAI's SoraCompany Has 20 Days to Disclose Detail on Data Used for Training the AI System The Italian data protection regulator opened a privacy inquiry to Sora, OpenAI's newly announced text to video artificial intelligence model. The inquiry follows another ongoing probe into ChatGPT. Ope…DATABREACHTODAY.CO.UK
11 MarBroadcom Merges Symantec and Carbon Black Into New Business UnitFresh off its $69 billion acquisition of VMware, Broadcom creates an Enterprise Security Group unit that merges Symantec and Carbon Black. The post Broadcom Merges Symantec and Carbon Black Into New Business Unit appeared first on SecurityWeek .SECURITYWEEK.COM
11 MarBroadcom Axes Carbon Black Sale, to Merge Unit with SymantecCEO Hock Tan: Joining Carbon Black, Symantec Generates More Value for Shareholders Months after declaring "Carbon Black is Back," the endpoint security unit was gobbled up by Broadcom and folded into its Symantec security team. "We would generate more value to our shareholders by…DATABREACHTODAY.CO.UK
11 MarCISO's Guides to Engaging The Board, Artificial Intelligence, and Cyber Insurance - BSW #341In the leadership and communications section, Cybersecurity in the C-Suite: A CISO’s Guide to Engaging the Board, The CISO's Guide to AI: Embracing Innovation While Mitigating Risk, Cyber Insurance Strategy Requires CISO-CFO Collaboration, and more! Visit https://www.securityweek…YOUTUBE.COM
11 MarUnlocking the Economic Benefit of NGFWsInvesting in Palo Alto Networks ML-Powered Next-Generation Firewalls (NGFW) provides a 229% ROI and a NPV of $9.82 million. The post Unlocking the Economic Benefit of NGFWs appeared first on Palo Alto Networks Blog .PALOALTONETWORKS.COM
11 MarProtecting Executives: Why The Home Is The New Battle Ground - Chris Pierson - BSW #341When you think of executive protection, you think of work related activities such as security details, travel planning, and other physical security protections. But in the world of Artificial Intelligence and DeepFakes, the risk landscape for executives goes far beyond work and i…YOUTUBE.COM
11 MarMeta is building a giant AI model to power its video ecosystemsubmitted by Lanky_Pomegranate530 to cybersecurity 1 points | 0 comments https://cybernews.com/news/meta-ai-model-reels-video-tiktok/CYBERNEWS.COM
11 MarGUEST ESSAY: A DIY guide to recognizing – and derailing – Generative AI voice scamsAmericans lost a record $10 billion to scams last year — and scams are getting more sophisticated. Related: Google battles AI fakers Recently used to impersonate Joe Biden and Taylor Swift, AI voice cloning scams are gaining momentum — and … (more…)LASTWATCHDOG.COM
🌐 CYBER THREAT LANDSCAPE 4[−]
11 MarNew Golang-based Planet Stealer Emerges in Underground ForumsPlanet Stealer is a Go-based information-stealing trojan that targets sensitive information from victim hosts. The trojan's capabilities include browser information theft, cryptocurrency wallet theft, and sandbox evasion.INQUEST.NET
11 MarEmbracing the Cloud: Revolutionizing Privileged Access Management with One Identity PAM EssentialsAs cyber threats loom around every corner and privileged accounts become prime targets, the significance of implementing a robust Privileged Access Management (PAM) solution can't be overstated. With organizations increasingly migrating to cloud environments, the PAM So…THEHACKERNEWS.COM
11 MarNew Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing TacticsUsers in Brazil are the target of a new banking trojan known as CHAVECLOAK that's propagated via phishing emails bearing PDF attachments. "This intricate attack involves the PDF downloading a ZIP file and subsequently utilizing DLL side-loading techniques to execute the…THEHACKERNEWS.COM
11 MarImportance of Resilience in Mitigating Supply Chain AttacksThe Change Healthcare attack is already providing valuable lessons to healthcare firms - primarily the importance of resilience, especially when it comes the industry's supply chain and third parties, said Nitin Natarajan, deputy director of the Cybersecurity and Infrastructure S…DATABREACHTODAY.CO.UK
📡 INFOSEC NEWS 15[−]
11 MarZama’s Homomorphic Encryption Tech Lands it $73M on a Valuation of Nearly $400MZama, a Paris-based startup, has raised $73 million in a Series A funding round to develop and commercialize homomorphic encryption technology for blockchain transactions and AI data exchange.TECHCRUNCH.COM
11 MarImmediate AI Risks and Tomorrow's DangersAI has given malicious attackers superpowers, making fishing, smishing, vishing, and other attacks more accessible and impactful. Immediate threats include sensitive data leakage from AI-powered systems.HELPNETSECURITY.COM
11 MarDropbox Used to Steal Credentials and Bypass MFA in Phishing CampaignThe use of legitimate Dropbox infrastructure in the phishing campaign allowed the attackers to effectively evade detection by email security tools and bypass MFA protocols.INFOSECURITY-MAGAZINE.COM
11 MarData Leakage Prevention in the Age of Cloud Computing: A New ApproachAs the shift of IT infrastructure to cloud-based solutions celebrates its 10-year anniversary, it becomes clear that traditional on-premises approaches to data security are becoming obsolete. Rather than protecting the endpoint, DLP solutions need to refocus their efforts to wher…THEHACKERNEWS.COM
11 MarFake Leather wallet app on Apple App Store is a crypto drainerThe developers of the Leather cryptocurrency wallet are warning of a fake app on the Apple App Store, with users reporting it is a wallet drainer that stole their digital assets. [...]BLEEPINGCOMPUTER.COM
11 MarDozens of Data Brokers Disclose Selling Reproductive Healthcare Info, Precise Geolocation and Data Belonging to MinorsNew information from the state of California reveals that many data brokers collect and sell sensitive information, including data related to reproductive health, geolocation, and minors.THERECORD.MEDIA
11 MarFunding Round Secures $20M for Reach SecurityThe Series A funding was led by new investors Ballistic Ventures and Artisanal Ventures, as well as existing backers Webb Investment Network, Ridge Ventures, and TechOperators.SCMAGAZINE.COM
11 MarFake Leather Wallet App on Apple App Store is a Crypto DrainerThe developers of the Leather cryptocurrency wallet have issued a warning about a counterfeit app on the Apple App Store. This fake app has led to users reporting that it drains their wallets and steals their digital assets.BLEEPINGCOMPUTER.COM
11 MarHow to protect yourself from the pig butchering scam | Kaspersky official blogWhat is pig butchering: how this scam operates, and how to protect yourself from fake investments in cryptocurrencies.KASPERSKY.COM
11 MarMicrosoft says Windows 10 21H2 support is ending in JuneMicrosoft announced today that it would end support for Windows 10 21H2 in June when the Enterprise and Education editions reach the end of service. [...]BLEEPINGCOMPUTER.COM
11 MarTuta Mail adds new quantum-resistant encryption to protect emailTuta Mail has announced TutaCrypt, a new post-quantum encryption protocol to secure communications from powerful and anticipated decryption attacks. [...]BLEEPINGCOMPUTER.COM
11 MarWhy Wiz Is Pursuing Its 2nd Massive Funding Round in 2 YearsCloud Security Vendor Wiz Eyes Unprecedented $800M Funding Round at $10B+ Valuation The New York-based cloud security phenom is speaking with several investors include Thrive, Lightspeed Venture Partners, G Squared, Sequoia and Cyberstarts in hopes of raising roughly $800 million…DATABREACHTODAY.CO.UK