GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions. […]
Realm.Security Emerges From Stealth With $5 Million in Seed Funding
Realm.Security has emerged from stealth with $5 million in funding and a solution that helps organizations manage security data.
The post Realm.Security Emerges From Stealth With $5 Million in Seed Funding appeared first on SecurityWeek.
Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes Worldwide
Nearly 1.3 million Android-based TV boxes running outdated versions of the operating system and belonging to users spanning 197 countries have been infected by a new malware dubbed Vo1d (aka Void).
“It is a backdoor that puts its components in the system storage area and, when commanded by attackers, is capable of secretly downloading and installing third-party software,” Russian antivirus
“It is a backdoor that puts its components in the system storage area and, when commanded by attackers, is capable of secretly downloading and installing third-party software,” Russian antivirus
Evasion Tactics Used By Cybercriminals To Fly Under The Radar
Relentless in their methods, attackers will continue employing evasion tactics to circumvent traditional security measures.
The post Evasion Tactics Used By Cybercriminals To Fly Under The Radar appeared first on SecurityWeek.
Palo Alto Networks Patches Dozens of Vulnerabilities
Palo Alto Networks has fixed medium- and high-severity vulnerabilities in PAN-OS, Cortex XDR, ActiveMQ Content Pack, and Prisma Access Browser.
The post Palo Alto Networks Patches Dozens of Vulnerabilities appeared first on SecurityWeek.
Non-Human IAM Provider Aembit Raises $25 Million
Aembit has raised $25 million in Series A funding to protect non-human identities and minimize attack surface.
The post Non-Human IAM Provider Aembit Raises $25 Million appeared first on SecurityWeek.
Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking
Internet-exposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns.
“Selenium Grid is a server that facilitates running test cases in parallel across different browsers and versions,” Cado Security researchers Tara Gould and Nate Bill said in an analysis published today.
“However, Selenium Grid’s default configuration lacks
“Selenium Grid is a server that facilitates running test cases in parallel across different browsers and versions,” Cado Security researchers Tara Gould and Nate Bill said in an analysis published today.
“However, Selenium Grid’s default configuration lacks
Mastercard to Acquire Threat Intelligence Firm Recorded Future for $2.6 Billion
Financial services giant Mastercard is acquiring Recorded Future from private equity firm Insight Partners for $2.6 billion.
The post Mastercard to Acquire Threat Intelligence Firm Recorded Future for $2.6 Billion appeared first on SecurityWeek.
FBI and CISA Release Joint PSA, Just So You Know: False Claims of Hacked Voter Information Likely Intended to Sow Distrust of U.S. Elections
Cisco Patches High-Severity Vulnerabilities in Network Operating System
Cisco has announced security updates that patch eight vulnerabilities in IOS XR software, including six high-severity bugs.
The post Cisco Patches High-Severity Vulnerabilities in Network Operating System appeared first on SecurityWeek.