GitHub has launched a $1.25 million fund to be invested in improving the security of 125 open source projects.
The post GitHub Launches Fund to Improve Open Source Project Security appeared first on SecurityWeek.
Cyera Raises $300 Million at $3 Billion Valuation
Data security firm Cyera has raised $300 million in Series D funding, which brings the total investment in the company to $760 million.
The post Cyera Raises $300 Million at $3 Billion Valuation appeared first on SecurityWeek.
Oracle Patches Exploited Agile PLM Zero-Day
Oracle has patched a high-severity information disclosure zero-day in Agile PLM that has been exploited in the wild.
The post Oracle Patches Exploited Agile PLM Zero-Day appeared first on SecurityWeek.
Ford Says Leaked Data Comes From Supplier and Is Not Sensitive
Ford has completed its investigation into recent data breach claims and determined that its systems and customer data have not been compromised.
The post Ford Says Leaked Data Comes From Supplier and Is Not Sensitive appeared first on SecurityWeek.
Decades-Old Security Vulnerabilities Found in Ubuntu’s Needrestart Package
Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction.
The Qualys Threat Research Unit (TRU), which identified and reported the flaws early last month, said they are trivial to exploit, necessitating that
The Qualys Threat Research Unit (TRU), which identified and reported the flaws early last month, said they are trivial to exploit, necessitating that
China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks
A new China-linked cyber espionage group has been attributed as behind a series of targeted cyber attacks targeting telecommunications entities in South Asia and Africa since at least 2020 with the goal of enabling intelligence collection.
Cybersecurity company CrowdStrike is tracking the adversary under the name Liminal Panda, describing it as possessing deep knowledge about telecommunications
Cybersecurity company CrowdStrike is tracking the adversary under the name Liminal Panda, describing it as possessing deep knowledge about telecommunications
Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities
Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild.
The flaws are listed below –
The flaws are listed below –
CVE-2024-44308 – A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content
CVE-2024-44309 – A cookie management vulnerability in
Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation
Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild.
The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information.
“This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network
The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information.
“This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network
Apple fixes two zero-days used in attacks on Intel-based Macs
Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. […]
CISA tags Progress Kemp LoadMaster flaw as exploited in attacks
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster. […]