 Chinese UEFI Rootkit Found on Gigabyte and Asus Motherboards: The CosmicStrand rootkit is located in the firmware images of motherboards using the H81 chipset. Read More Data Stolen in Breach at Security Company Entrust: Entrust suffered a data breach last month and the security company has confirmed that the attackers have stolen some files. Read More Data Security Firm Sotero Raises $8 Million in Seed Funding: Data-focused security platform provider Sotero has raised $8 million in an extended seed funding round led by OurCrowd. Read More New Ducktail Infostealer Targets Facebook Business Accounts via LinkedIn: Marketing and HR professionals have been targeted with Ducktail malware through LinkedIn spear phishing campaigns to hijack Facebook business accounts. Read More PrestaShop Confirms Zero Day Attacks Hitting eCommerce Servers: A major security vulnerability in the open source PrestaShop software is being exploited in the wild and approximately 300,000 merchant shops are at risk. Read More Senators Introduce Bipartisan Quantum Computing Cybersecurity Bill: US Senators Rob Portman (R-OH) and Maggie Hassan (D-NH) have introduced a bipartisan bill to strengthen defenses against quantum-computing-enabled data breaches. Read More Uber Settles With Federal Investigators Over 2016 Data Breach Coverup: Uber has entered a non-prosecution agreement to resolve a criminal investigation into a 2016 data breach that the company tried to cover up. Read More 1,000 Organizations Exposed to Remote Attacks by FileWave MDM Vulnerabilities: Researchers discovered critical vulnerabilities in the FileWave MDM product that could have been exploited to hack over 1,000 organizations. Read More Updated TSA Pipeline Cybersecurity Requirements Offer More Flexibility: Following complaints from the industry, the TSA has updated its pipeline cybersecurity requirements to provide more flexibility in achieving goals. Read More Atlassian Expects Confluence App Exploitation After Hardcoded Password Leak: Atlassian warns of the potential exploitation of a recent Questions for Confluence vulnerability after a third-party posts a hardcoded password on Twitter. Read More T-Mobile Settles to Pay $350M to Customers in Data Breach: T-Mobile has agreed to pay $350 million to customers affected by a class action lawsuit filed after the company disclosed in August 2021. Read More SonicWall Warns of Critical GMS SQL Injection Vulnerability: SonicWall ships urgent patches for a critical flaw in its Global Management System (GMS) software, warning that the defect exposes businesses to remote hacker attacks. Read More Chrome Flaw Exploited by Israeli Spyware Firm Also Impacts Edge, Safari: The Chrome vulnerability CVE-2022-2294 that has been exploited by an Israeli spyware company also impacts Microsoft’s Edge and Apple’s Safari web browsers. Read More Intezer Documents Powerful 'Lightning Framework' Linux Malware: Researchers at Intezer are documenting the intricacies of Lightning Framework, an undetected Swiss Army Knife-like Linux malware capable of installing rootkits. Read More New Default Account Lockout Policy in Windows 11 Blocks Brute Force Attacks: In the latest Windows 11 insider preview builds, Microsoft has enabled by default an account lockout policy to mitigate RDP and other brute force attacks. Read More | 
Comments
Post a Comment
Please leave a comment about our recent post.