SecurityWeek RSS Feed

Credit Union's Legal Battle With Tech Giant Fiserv Rumbles On

Local credit union, Bessemer System Federal Credit Union (BSFCU), sued Fortune 500 tech giant Fiserv over 'amateurish security lapses' in 2019. Fiserv counterclaimed with a motion to dismiss, and Bessemer motioned to dismiss the counterclaim. read more

AMD Chipset Driver Vulnerability Can Allow Hackers to Obtain Sensitive Data

Chipmaker AMD has patched a driver vulnerability that could allow an attacker to obtain sensitive information from the targeted system. read more

Operator of 'DownThem' DDoS Attack Service Convicted

An Illinois man who operated an infamous online service allowing users to launch distributed denial-of-service (DDoS) attacks on selected targets was found guilty of three felonies. read more

Pakistani Man Involved in AT&T Hacking Scheme Sentenced to Prison in U.S.

Muhammad Fahd, a 35-year-old Pakistani national, has been sentenced to 12 years of prison in the United States for his role in a scheme that involved illegally unlocking AT&T phones and hacking into the telecoms giant's systems. read more

Mirai Botnet Starts Exploiting OMIGOD Flaw as Microsoft Issues More Guidance

Microsoft on Thursday published additional guidance on addressing recently disclosed vulnerabilities in the Open Management Infrastructure (OMI) framework, along with new protections to resolve the bugs within affected Azure Virtual Machine (VM) management extensions. read more

German Election Authority Confirms Likely Cyber Attack

Suspected hackers last month briefly disrupted the website of the authority running Germany's September 26 general election, a spokesman for the body told AFP Wednesday. read more

U.S. Agencies Warn of APTs Exploiting Recent ADSelfService Plus Zero-Day

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Coast Guard Cyber Command (CGCYBER) have sounded the alarm over in-the-wild attacks targeting a recently disclosed vulnerability in Zoho's ManageEngine ADSelfService Plus product. read more

Court Rejects Lawsuit Against NSA on "State Secrets" Grounds

A divided federal appeals court has upheld the dismissal of an ACLU lawsuit challenging a portion of the National Security Agency's warrantless surveillance of Americans' international email and phone communications. read more

Cybersecurity M&A Roundup for September 1-15, 2021

Cybersecurity M&A roundup for September 1-15, 2021 read more

Endpoint Security Platform Kolide Banks $17 Million Investment

Endpoint security platform Kolide on Thursday announced that it has raised $17 million in Series B funding, for a total of $27 million raised to date. read more

Google Helps OSTIF Boost Security of Open Source Projects

Google this week announced plans to support the Open Source Technology Improvement Fund (OSTIF) to boost the security of open source projects. read more

Kaspersky Received 105 Government, Law Enforcement Requests in H1 2021

Kaspersky this week published its first transparency report to share information on the government and law enforcement agency requests received in 2020 and in the first half of 2021. read more

UN Urges Moratorium on AI Tech That Threatens Rights

Regulating AI read more

Researchers Create Toolkit for Hardware Security Tests on Apple's Mobile Processors

A group of researchers from North Carolina State University has built a software toolkit to explore vulnerabilities in Apple's mobile processors and used the findings to devise a cache timing attack. read more

How Threat Response is Evolving

As adversaries changed their view of an attack to include vectors across an organization, defenders have had to evolve their approach as well. This is best captured by Mark Harris from Gartner who observed that adversaries have shifted their focus of attacks from infecting files to infecting systems and now to infecting the entire enterprise. Previously, I talked about how this has impacted our approach to threat detection . read more

Several Access Bypass, CSRF Vulnerabilities Patched in Drupal

Drupal developers on Wednesday informed users that updates released for Drupal 8.9, 9.1 and 9.2 patch five vulnerabilities that can be exploited for cross-site request forgery (CSRF) and access bypass. read more

Mass Personal Data Theft From Paris Covid Tests: Hospitals

Hackers stole the personal data of around 1.4 million people who took Covid-19 tests in the Paris region in the middle of 2020, hospital officials in the French capital disclosed on Wednesday. read more

Neosec Emerges From Stealth With $20.7 Million in Funding

Application security startup Neosec this week emerged from stealth mode after closing a $20.7 million Series A funding round. read more

Links Found Between MSHTML Zero-Day Attacks and Ransomware Operations

Microsoft and threat intelligence company RiskIQ reported finding links between the exploitation of a recently patched Windows zero-day vulnerability and known ransomware operators. read more

Regular Users Can Now Remove Password From Their Microsoft Account

Microsoft on Wednesday informed owners of consumer accounts that they can now go completely passwordless and rely on other, more secure authentication methods. read more

Cloud Backup Company Rewind Raises $65 Million

Cloud backup company Rewind has announced raising $65 million in a Series B funding round, which brings the total amount invested in the firm to more than $80 million. read more

Severe Vulnerabilities Could Expose Thousands of Azure Users to Attacks

Four of the fixes that Microsoft released as part of its September 2021 Patch Tuesday updates deal with vulnerabilities in the Open Management Infrastructure (OMI) software agent embedded in Azure services. read more

3 Former US Officials Charged in UAE Hacking Scheme

Three former U.S. intelligence and military officials have admitted providing sophisticated computer hacking technology to the United Arab Emirates and agreed to pay nearly $1.7 million to resolve criminal charges in an agreement that the Justice Department described Tuesday as the first of its kind. read more

SAP Patches Critical Vulnerabilities With September 2021 Security Updates

German software maker SAP this week announced the release of 17 new and two updated security notes on the September 2021 Security Patch Day. Seven of these deal with critical vulnerabilities in SAP products. read more

ICS Patch Tuesday: Siemens, Schneider Electric Address Over 40 Vulnerabilities

Siemens and Schneider Electric on Tuesday published a total of 25 advisories to address more than 40 vulnerabilities affecting their industrial control system (ICS) products. Siemens read more

Distributed by