September 11, 2024 at 12:04AM Wiz launched Wiz Code, a cloud app security product that identifies and resolves cloud risks in code before they become critical issues. It integrates with developer environments, highlighting security issues and providing fix suggestions. Wiz Code aims to enhance collaboration between security and development teams by aligning issues with their … Read more
September 9, 2024 at 09:27AM An academic researcher has developed a new attack technique, named RAMBO, that uses radio signals from memory buses to exfiltrate data from air-gapped systems. The technique allows for the capture of encoded files, encryption keys, images, keystrokes, and biometric information at a rate of 1,000 bits per second from up … Read more
September 9, 2024 at 05:09AM Join us on September 16, 2024, at 11:00 AM BST (12:00 PM CEST) for an exclusive webinar with Chris Dale, SANS Principal Instructor. Gain in-depth knowledge of NIS2, DORA, and Tiber-EU regulations, strategic insights into their impact on IT security, best practices for cyber resilience, and exclusive survey findings for … Read more
September 9, 2024 at 02:57AM Progress Software has issued an emergency fix for a critical vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant products, allowing remote command execution. Based on the meeting notes, it appears that Progress Software has issued an emergency fix for a critical severity vulnerability affecting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor … Read more
September 6, 2024 at 09:18AM The SecurityWeek cybersecurity news roundup offers a valuable compilation of noteworthy cybersecurity stories that may not warrant full articles. This week’s stories include MITRE’s comparison of international PQC standards, US Army Special Forces hack, Transport for London cyberattack, CBIZ data breach, UK’s takedown of a banking anti-fraud website, OpenSSL and … Read more
September 5, 2024 at 02:48PM Ransomware gang RansomHub claims to have stolen 93 GB of data from nonprofit Planned Parenthood, threatening to publish it unless a ransom is paid. The cybercriminal group has targeted over 200 victims, including organizations in various sectors. Planned Parenthood confirmed a cyberattack and is working to address the incident while … Read more
September 5, 2024 at 02:03PM A critical vulnerability was found in LiteSpeed Cache, a popular caching plugin for over 6 million WordPress sites. This flaw could impact user browsing speed. Based on the meeting notes, it appears that a critical severity vulnerability has been found in LiteSpeed Cache, a caching plugin used in over 6 … Read more
September 4, 2024 at 06:06PM Microchip Technology Inc. has reported that employee data was stolen in a cyberattack in August. The attack was attributed to the Play ransomware gang. Based on the meeting notes, it appears that Microchip Technology Incorporated has confirmed that employee information was stolen from systems compromised in a cyberattack in August. … Read more
September 4, 2024 at 04:43PM Security researchers have discovered a concerning method for attackers to distribute malicious payloads through the PyPI package repository. By re-registering a removed package with the same name, adversaries can pass off rogue packages as legitimate ones. This “Revival Hijack” method poses a clear threat, with 120,000 abandoned packages susceptible to … Read more
September 4, 2024 at 11:53AM Cisco’s online merchandise store is currently offline and undergoing maintenance due to a compromise with malicious JavaScript code that steals sensitive customer details during the checkout process. The attack appears to be a CosmicSting vulnerability, affecting the store’s ability to process transactions and potentially compromising customer data. Cisco has not … Read more