Cisco on Wednesday announced patches for a vulnerability in the NX-OS software’s bootloader that could allow attackers to bypass image signature verification. Tracked as CVE-2024-20397, the high-impact security defect exists due to insecure bootloader settings that enable an attacker to execute specific commands to bypass the verification process and load unverified software. While authentication is […]
Chemonics International is notifying over 260,000 individuals that their personal information was compromised in a year-old data breach. Chemonics is an international development company based in Washington, D.C. The organization has projects in dozens of countries around the world, in areas such as economic growth, agriculture and food security, conflict and crisis, democracy and governance, […]
System Two Security this week emerged from stealth mode with a threat detection engineering solution and $7 million in seed funding. Founded by Robert Fly (CEO) and Prasanth Ganesan (CTO), System Two Security provides a solution that leverages gen-AI to make it easier for security teams to create detection rules for their enterprise. The company […]
A top White House official on Wednesday said at least eight U.S. telecom firms and dozens of nations have been impacted by a Chinese hacking campaign. Deputy national security adviser Anne Neuberger offered new details about the breadth of the sprawling Chinese hacking campaign that gave officials in Beijing access to private texts and phone […]
UK telecoms giant BT has launched an investigation after a notorious ransomware group claimed the theft of a significant amount of files, including sensitive information. The Black Basta ransomware group added BT — specifically its btci.com and btconferencing.com domains — to its Tor-based leak website, claiming to have obtained roughly 500 Gb of data, including […]
Backup, recovery, and data protection firm Veeam has released patches for two vulnerabilities in Veeam Service Provider Console, including a critical-severity flaw leading to remote code execution (RCE). A cloud-enabled platform, the Service Provider Console enables users to manage and monitor data protection operations and services across physical, virtual, and cloud-based environments running Veeam solutions. […]
In an extraordinary case of digital espionage, Russian hackers spent nearly two years secretly controlling the computer systems of Pakistani cyberspies, gaining access to sensitive government networks across South Asia, according to research released Wednesday by Lumen’s Black Lotus Labs. The Russian hacking operation, known as Turla or Secret Blizzard, commandeered 33 command servers operated […]
Authorities in Germany on Tuesday announced the takedown of Crimenetwork, which they describe as the largest German-speaking online marketplace for the underground economy. Crimenetwork has been around since 2012, being used to trade various types of illegal goods and services, including stolen information, drugs and counterfeit documents. Authorities said the platform had over 100,000 buyers […]
Tuskira, a cybersecurity startup with ambitious plans to use artificial intelligence to unify and enhance threat defense systems, has launched from stealth with $28.5 million a funding round led by Intel Capital. The San Francisco company said the Series A round also included investments from SYN Ventures, Sorenson Capital, Rain Capital, and Wipro Ventures. Tuskira, […]
The US cybersecurity agency CISA on Tuesday warned that a path traversal vulnerability in multiple Zyxel firewall appliances has been exploited in the wild. The issue, tracked as CVE-2024-11667 (CVSS score of 7.5), is a high-severity flaw affecting the web management interface of Zyxel ATP, USG FLEX, and USG20(W)-VPN series devices. Successful exploitation of the […]