US Charges, Sanctions Chinese Man Accused of Sophos Firewall Hacking
The US government on Tuesday announced charges and sanctions against a Chinese national accused of being involved in the hacker attacks targeting Sophos firewalls. The attacks, which Sophos tracked over a period of five years, involved the exploitation of zero-day vulnerabilities in the security firm’s firewalls in an effort to plant backdoors and steal sensitive […]
Read More
Microsoft Ships Urgent Patch for Exploited Windows CLFS Zero-Day
Software giant Microsoft on Tuesday rolled out patches for more than 70 documented security defects and called urgent attention to an already-exploited zero-day in the Windows Common Log File System (CLFS). The CLFS vulnerability, tagged as CVE-2024-49138 and marked as actively exploited in the wild, was reported by anti-malware vendor CrowdStrike. It carries a CVSS […]
Read More
Adobe Patches Over 160 Vulnerabilities Across 16 Products
Adobe’s December 2024 Patch Tuesday updates address a total of more than 160 vulnerabilities across 16 products. Roughly 90 of the vulnerabilities were patched in Adobe Experience Manager. A majority are important-severity (medium based on CVSS score) and they allow arbitrary code execution. Some of the flaws can be exploited to bypass security features. CVE-2024-43711 […]
Read More
Wald.ai Raises $4M in Seed Funding to Protect Data in Conversations With AI Assistants
Palo Alto, California-based startup Wald.ai on Tuesday announced the launch of what it describes as a contextual AI and data loss protection platform. Wald has developed a platform that enables enterprises to use AI assistants such as Gemini and ChatGPT for business purposes, but not have to worry about exposing sensitive information. Organizations can use […]
Read More
Cleo File Transfer Tool Vulnerability Exploited in Wild Against Enterprises
Cybersecurity firm Huntress warned on Monday that an improperly patched vulnerability affecting several file transfer products from enterprise software maker Cleo has been exploited in the wild for at least the past week. Cleo is an Illinois-based company that provides supply chain and B2B integration solutions to more than 4,200 organizations. The firm informed customers […]
Read More
SAP Patches Critical Vulnerability in NetWeaver
Enterprise software maker SAP on Tuesday announced the release of nine new and four updated security notes as part of its December 2024 Security Patch Day. Marked as ‘hot news’, the highest severity in SAP’s notebook, the first new security note addresses three vulnerabilities in NetWeaver AS for JAVA (Adobe Document Services), including a critical […]
Read More
Microsoft Bets $10,000 on Prompt Injection Protections of LLM Email Client
Microsoft is offering $10,000 in prizes as part of a new hacking challenge focused on breaking the protections of a realistic simulated LLM-integrated email client. The client, LLMail, includes an assistant that uses an instruction-tuned large language model (LLM) to answer questions based on emails and perform specific actions on behalf of the user. As […]
Read More
Webinar Today: Inside a Hacker’s Playbook – How Cybercriminals Use Deepfakes
Ever wonder how cybercriminals infiltrate payment systems and steal funds? Join SecurityWeek and Rachel Tobac, ethical hacker and CEO of Social Proof Security, and Mahmood Khan, CISO, CNA Insurance, on December 10th at 1:00 PM ET for a live, eye-opening session that pulls back the curtain on how bad actors exploit social engineering tactics, like deepfake […]
Read More
Astrix Security Banks $45M Series B to Secure Non-Human Identities
Astrix Security, an early stage startup building technology to secure non-human identities and app-to-app connections, has bagged $45 million in a Series B funding round led by Menlo Ventures. The Tel Aviv company said the new financing included investments from Workday Ventures, Bessemer Venture Partners (BVP), CRV, and F2 Venture Capital, and brings the total […]
Read More
Cisco Says Flaws in Industrial Routers, BGP Tool Remain Unpatched 8 Months After Disclosure
Cisco’s threat intelligence and research unit Talos has disclosed the details of several apparently unpatched vulnerabilities in an MC Technologies industrial router and the GoCast BGP tool. Talos published advisories for the vulnerabilities last month, and on Monday released a blog post announcing that they have yet to be patched, despite being responsibly disclosed to […]
Read More