SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we curate and present a collection of noteworthy developments, […]

Bitcoin ATM operator Byte Federal is notifying 58,000 people that their personal information might have been compromised in a data breach. Discovered on November 18, the hack occurred after threat actors exploited a vulnerability in the GitLab collaboration platform to access one of its servers. To contain the incident, Byte Federal shut down its platform, […]

The US on Thursday announced it has taken down Rydox, an illicit marketplace for stolen personal information and fraud tools, and unsealed charges against its alleged administrators. Three Kosovo nationals suspected of being the administrators of the cybercrime marketplace were arrested as part of the operation, the US announced. Ardit Kutleshi, 26, and Jetmir Kutleshi, […]

Microsoft on Thursday informed customers that two potentially critical vulnerabilities have been patched in Update Catalog and Windows Defender. The tech giant has released advisories for each flaw and assigned CVE identifiers, but it’s only for transparency purposes as the issues have been fully mitigated and users do not need to take any action.  The […]

At least 30,000 media devices were sold in Germany with pre-installed malware that ensnared them into a botnet, Germany’s Federal Office for Information Security (BSI) said on Thursday. The infected photo frames and streaming devices were running older Android versions and were infected with the BadBox malware prior to arriving on shelves, the German cybersecurity […]

A notorious Iranian state-sponsored hacking group has been using custom-built malware to target IoT and operational technology (OT) devices in the United States and Israel, according to cybersecurity firm Claroty. The malware, named IOCONTROL, has been tied by Claroty researchers to CyberAv3ngers, which claims to be a hacktivist group, but which the US government and […]

The US Justice Department on Thursday announced indictments against 14 North Korean nationals for their involvement in a multi-year scheme to pose as remote IT workers to violate sanctions and commit wire fraud, money laundering, and identity theft.  The indictment, unsealed in federal court in St. Louis, details an elaborate operation where North Korean operatives […]

Phishing is one of the most prevalent tactics, techniques, and procedures (TTPs) in today’s cyber threat landscape. It often serves as a gateway to data breaches that can have devastating consequences for organizations and individuals alike. For instance, the Colonial Pipeline cyberattack in 2021 began with a Phishing-related compromise that led to a ransomware attack, […]

Detection-focused threat intelligence firm Silent Push has deposited $10 million in a funding round that brings the total raised by the company to $22 million. Founded in 2020, the Reston, Virginia-based startup has built a platform that provides organizations with behavioral fingerprints of attacker tools, techniques, and procedures (TTPs), helping them preemptively counteract cyberattacks. The […]

Sublime Security, a Washington, D.C. startup selling a programmable email security platform for Microsoft 365 and Google Workspace, has attracted $60 million in new funding as investors continue to place big bets on the email security business. Sublime said the new capital was provided by IVP, Citi Ventures, Index Ventures, Decibel Partners, and Slow Ventures […]