Threat actors known as ‘Stargazer Goblin’ have created a malware Distribution-as-a-Service (DaaS) from over 3,000 fake accounts on GitHub that push information-stealing malware. […]
Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018
The vulnerability, tagged as CVE-2024-41110 with a CVSS severity score of 10/10, was originally found and fixed in 2018.
The post Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018 appeared first on SecurityWeek.
Docker fixes critical 5-year old authentication bypass flaw
Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances. […]
Zest Security Aims to Resolve, Not Just Mitigate Cloud Risks
Zest Security emerged from stealth with $5 million funding and an AI-powered platform that resolves the root source of risk in the cloud.
The post Zest Security Aims to Resolve, Not Just Mitigate Cloud Risks appeared first on SecurityWeek.
Microsoft fixes bug behind Windows 10 Connected Cache delivery issues
Microsoft has fixed a known Windows 10 update issue that broke Microsoft Connected Cache (MCC) node discovery on enterprise networks. […]
KnowBe4 mistakenly hires North Korean hacker, faces infostealer attack
American cybersecurity company KnowBe4 says a person it recently hired as a Principal Software Engineer turned out to be a North Korean state actor who attempted to install information-stealing on its devices. […]
Dazz Scores Hefty $50M Investment for AI-Powered Risk Remediation Tech
The new financing brings the total raised by Dazz to $110 million as investors double down on bets in the cloud security remediation space.
The post Dazz Scores Hefty $50M Investment for AI-Powered Risk Remediation Tech appeared first on SecurityWeek.
Google Chrome now warns about risky password-protected archives
Google Chrome now warns when downloading risky password-protected files and provides improved alerts with more information about potentially malicious downloaded files. […]
Is GhostEmperor Back? Sygnia Finds Clues in Recent Cyber Incident
Sygnia discovered what it believes to be a variant of the GhostEmperor infection chain leading to the Demodex rootkit – which was first seen and described in 2021.
The post Is GhostEmperor Back? Sygnia Finds Clues in Recent Cyber Incident appeared first on SecurityWeek.
CrowdStrike: ‘Content Validator’ bug let faulty update pass checks
CrowdStrike released a Preliminary Post Incident Review (PIR) on the faulty Falcon update explaining that a bug allowed bad data to pass its Content Validator and cause millions of Windows systems to crash on July 19, 2024. […]