Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command injection. […]
Halliburton Confirms Data Stolen in Cyberattack
The US oil giant updated an SEC filing to confirm malicious hackers “accessed and exfiltrated information” from its corporate systems.
The post Halliburton Confirms Data Stolen in Cyberattack appeared first on SecurityWeek.
New Windows PowerToy launches, repositions apps to saved layouts
Microsoft has released a new Workspaces PowerToy that helps launch sets of applications using custom desktop layouts and configurations with a mouse click. […]
FBI warns crypto firms of aggressive social engineering attacks
The FBI warns of North Korean hackers aggressively targeting cryptocurrency companies and their employees in sophisticated social engineering attacks, aiming to deploy malware that steals their crypto assets. […]
Clearview AI fined €30.5 million for unlawful data collection
The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) on Clearview AI for unlawful data collection using facial recognition, including photos of Dutch citizens. […]
D-Link says it is not fixing four RCE flaws in DIR-846W routers
D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported. […]
VMware Patches High-Severity Code Execution Flaw in Fusion
VMware rolls out patch for a high-severity code execution vulnerability in the Fusion hypervisor.
The post VMware Patches High-Severity Code Execution Flaw in Fusion appeared first on SecurityWeek.
CISO Conversations: Jaya Baloo From Rapid7 and Jonathan Trull From Qualys
CSOs Jaya Baloo and Jonathan Trull discuss the route, role, and requirements in becoming and being a successful CISO.
The post CISO Conversations: Jaya Baloo From Rapid7 and Jonathan Trull From Qualys appeared first on SecurityWeek.
Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus
A hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and Belarus.
“Head Mare uses more up-to-date methods for obtaining initial access,” Kaspersky said in a Monday analysis of the group’s tactics and tools.
“For instance, the attackers took advantage of the relatively recent CVE-2023-38831 vulnerability in WinRAR, which
“Head Mare uses more up-to-date methods for obtaining initial access,” Kaspersky said in a Monday analysis of the group’s tactics and tools.
“For instance, the attackers took advantage of the relatively recent CVE-2023-38831 vulnerability in WinRAR, which
New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems
Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities with the now-defunct BlackCat (aka ALPHV) operation.
“It appears that Cicada3301 ransomware primarily targets small to medium-sized businesses (SMBs), likely through opportunistic attacks that exploit vulnerabilities as the initial access vector,” cybersecurity
“It appears that Cicada3301 ransomware primarily targets small to medium-sized businesses (SMBs), likely through opportunistic attacks that exploit vulnerabilities as the initial access vector,” cybersecurity