Swimlane has raised $45 million in a growth funding round to fuel its global channel expansion and product innovation.
The post Swimlane Raises $45 Million for Security Automation Platform appeared first on SecurityWeek.
Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud
Security researchers uncover critical flaws and widespread misconfigurations in Salesforce’s industry-specific CRM solutions.
The post Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud appeared first on SecurityWeek.
Five plead guilty to laundering $36 million stolen in investment scams
Five men from China, the United States, and Turkey pleaded guilty to their involvement in an international crime ring and laundering nearly $37 million stolen from U.S. victims in cryptocurrency investment scams carried out from Cambodia. […]
Critical Vulnerability Patched in SAP NetWeaver
SAP has fixed a critical NetWeaver vulnerability allowing attackers to bypass authorization checks and escalate their privileges.
The post Critical Vulnerability Patched in SAP NetWeaver appeared first on SecurityWeek.
The Hidden Threat in Your Stack: Why Non-Human Identity Management is the Next Cybersecurity Frontier
Modern enterprise networks are highly complex environments that rely on hundreds of apps and infrastructure services. These systems need to interact securely and efficiently without constant human oversight, which is where non-human identities (NHIs) come in. NHIs — including application secrets, API keys, service accounts, and OAuth tokens — have exploded in recent years, thanks to an
Sensitive Information Stolen in Sensata Ransomware Attack
Sensor manufacturer Sensata said a ransomware group had access to its network for more than a week and stole personal information.
The post Sensitive Information Stolen in Sensata Ransomware Attack appeared first on SecurityWeek.
Researcher Found Flaw to Discover Phone Numbers Linked to Any Google Account
Google has stepped in to address a security flaw that could have made it possible to brute-force an account’s recovery phone number, potentially exposing them to privacy and security risks.
The issue, according to Singaporean security researcher “brutecat,” leverages an issue in the company’s account recovery feature.
That said, exploiting the vulnerability hinges on several moving parts,
The issue, according to Singaporean security researcher “brutecat,” leverages an issue in the company’s account recovery feature.
That said, exploiting the vulnerability hinges on several moving parts,
Exploited Vulnerability Impacts Over 80,000 Roundcube Servers
Exploitation of a critical-severity RCE vulnerability in Roundcube started only days after a patch was released.
The post Exploited Vulnerability Impacts Over 80,000 Roundcube Servers appeared first on SecurityWeek.
Vulnerabilities Exposed Phone Number of Any Google User
Google has awarded $5,000 to a researcher who found security holes that enabled brute-forcing the phone number of any user.
The post Vulnerabilities Exposed Phone Number of Any Google User appeared first on SecurityWeek.
Rare Werewolf APT Uses Legitimate Software in Attacks on Hundreds of Russian Enterprises
The threat actor known as Rare Werewolf (formerly Rare Wolf) has been linked to a series of cyber attacks targeting Russia and the Commonwealth of Independent States (CIS) countries.
“A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries,” Kaspersky said. “The malicious functionality of the campaign
“A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developing their own malicious binaries,” Kaspersky said. “The malicious functionality of the campaign