US Bitcoin ATM operator Byte Federal has disclosed a data breach that exposed the data of 58,000 customers after its systems were breached using a GitLab vulnerability. […]
Silent Push Raises $10 Million for Preemptive Threat Intelligence Platform
Threat intel startup Silent Push has raised $10 million in a funding round co-led by Ten Eleven Ventures and Stepstone Group LP.
The post Silent Push Raises $10 Million for Preemptive Threat Intelligence Platform appeared first on SecurityWeek.
Sublime Snags $60M Series B for Email Security Tech
Sublime said the new capital was provided by IVP, Citi Ventures, Index Ventures, Decibel Partners, and Slow Ventures and brings the total raised to $93.8 million.
The post Sublime Snags $60M Series B for Email Security Tech appeared first on SecurityWeek.
Fortinet Acquires Perception Point Reportedly for $100 Million
Fortinet has acquired Israeli collaboration and email security company Perception Point to expand its offering.
The post Fortinet Acquires Perception Point Reportedly for $100 Million appeared first on SecurityWeek.
The Ghost of Christmas Past – AI’s Past, Present and Future
The potential for how AI may change the way we work is endless, but we are still a way off from this and careful planning and consideration is what is needed.
The post The Ghost of Christmas Past – AI’s Past, Present and Future appeared first on SecurityWeek.
Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online
Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks.
“Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API
“Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API
Mobile Surveillance Tool EagleMsgSpy Used by Chinese Law Enforcement
Lookout details EagleMsgSpy, a surveillance tool used by Chinese law enforcement to collect data from Android devices.
The post Mobile Surveillance Tool EagleMsgSpy Used by Chinese Law Enforcement appeared first on SecurityWeek.
Gamaredon Deploys Android Spyware “BoneSpy” and “PlainGnome” in Former Soviet States
The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome, marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns.
“BoneSpy and PlainGnome target former Soviet states and focus on Russian-speaking victims,” Lookout said in an analysis. “Both
“BoneSpy and PlainGnome target former Soviet states and focus on Russian-speaking victims,” Lookout said in an analysis. “Both
Microsoft MFA Bypassed via AuthQuake Attack
Oasis Security has disclosed AuthQuake, a method for bypassing Microsoft MFA within an hour without user interaction.
The post Microsoft MFA Bypassed via AuthQuake Attack appeared first on SecurityWeek.
Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS
Details have emerged about a now-patched security vulnerability in Apple’s iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized access to sensitive information.
The flaw, tracked as CVE-2024-44131 (CVSS score: 5.3), resides in the FileProvider component, per Apple, and has been addressed with improved
The flaw, tracked as CVE-2024-44131 (CVSS score: 5.3), resides in the FileProvider component, per Apple, and has been addressed with improved