Hardware makers MediaTek, HPE and Dell on Monday released advisories to inform customers about potentially serious vulnerabilities found and patched in their products. Taiwanese semiconductor company MediaTek announced patches for a dozen vulnerabilities, including a critical-severity flaw in the modem component of tens of chipsets that could lead to remote code execution (RCE). Tracked as […]

Washington State Attorney General Bob Ferguson on Monday filed a lawsuit against wireless carrier T-Mobile over a 2021 data breach. Disclosed in August 2021, the attack resulted in the personal information of 76.6 million people being stolen. The next year, T-Mobile agreed to pay $350 million to settle a class action lawsuit over the incident, […]

The US cybersecurity agency CISA on Monday said that no other federal agency beyond the Department of the Treasury was impacted by the recent ‘major cybersecurity incident’ involving a BeyondTrust cloud-based service. Disclosed on December 31, the attack resulted in Chinese state-sponsored hackers accessing Treasury workstations and unclassified documents using a compromised API key for […]

Roughly 2,000 ransomware attacks were launched over the past decade against critical infrastructure organizations in the United States and other countries, according to data collected as part of a project maintained at Temple University in Philadelphia. SecurityWeek first wrote about the project in 2020, when it covered more than 680 ransomware attacks targeting critical infrastructure. […]

China has slammed a decision by the U.S. Treasury to sanction a Beijing-based cybersecurity company for its alleged role in multiple hacking incidents targeting critical U.S. infrastructure, while the Chinese cyber security agency complained Monday of attacks on Chinese networks. Asked about the sanctions against Beijing-based Integrity Technology Group, Chinese Foreign Ministry spokesperson Guo Jiakun […]

The year 2024 witnessed heightened cybersecurity activity, with security professionals and adversaries locked in a continuous game of cat and mouse. The dynamic nature of cyber threats and the ever-expanding digital attack surface have compelled organizations to refine and bolster their security architectures. Despite hopes for a respite from the relentless tide of phishing, ransomware, […]

Nearly $500 million in cryptocurrency was stolen from more than 332,000 victims in 2024 by means of wallet drainer malware, anti-scam firm Scam Sniffer says. Wallet drainers trick victims into signing malicious transactions, which results in their assets being stolen. Last year, wallet drainer malware caused losses of approximately $494 million, marking a 67% year-over-year […]

A security defect in the Nuclei vulnerability scanner could have allowed threat actors to execute arbitrary code using custom code templates. Relying on simple YAML-based templates, Nuclei is a highly popular vulnerability scanner that can be used with a broad range of assets and which has more than 21,000 stars on GitHub and over 2.1 […]

Thirty-seven cybersecurity-related merger and acquisition (M&A) deals were announced in December 2024.  An analysis conducted by SecurityWeek shows that 178 cybersecurity M&A deals were announced in the first half of 2024, representing the least busy half year since SecurityWeek started tracking M&A deals in 2021. Here is a list of the most important cybersecurity M&A […]

Tenable has disabled two Nessus scanner agent versions after discovering that they would go offline when triggering a differential plugin update. Lightweight programs that are installed locally, the Tenable Nessus agents enable organizations to collect information from assets by scanning for vulnerabilities, compliance issues, and other data. On December 31, Tenable announced that it discovered […]