Google on Monday announced the first set of Android security updates for 2025, which include patches for 36 vulnerabilities, including five critical-severity bugs in the System component. As usual, the update is divided into two parts, with the first arriving on devices as the 2025-01-01 security patch level and containing fixes for 24 vulnerabilities in […]
Software code analysis firm Veracode on Tuesday announced the acquisition of key assets from Phylum, an early stage startup in the software supply chain space. Financial terms of the transaction were not released. The Burlington, Mass.-based Veracode said the deal included certain Phylum assets, including its malicious package analysis, detection, and mitigation technology. Phylum, based in […]
Building on my previous column, I will dive into part deux, going deeper into the application of Generative AI and how we should think about safety and security as a risk management problem. Where do security, privacy and safety intersect? Well, sometimes they are combined into one general overarching function that tries to address everything, […]
Former NSA director Rob Joyce has joined venture capital firm DataTribe as a venture partner to help identify and grow early-stage startups focused on cybersecurity. DataTribe, which describes itself as a cyber startup foundry, said Joyce will be a venture partner tasked with finding entrepreneurs developing new and emerging technologies for cyber defense. Joyce, who […]
The U.S. Defense Department has added dozens of Chinese companies, including games and technology company Tencent, artificial intelligence firm SenseTime and the world’s biggest battery maker CATL, to a list of companies it says have ties to China’s military, prompting some to protest and say they will seek to have the decision reversed. In recent […]
Hardware makers MediaTek, HPE and Dell on Monday released advisories to inform customers about potentially serious vulnerabilities found and patched in their products. Taiwanese semiconductor company MediaTek announced patches for a dozen vulnerabilities, including a critical-severity flaw in the modem component of tens of chipsets that could lead to remote code execution (RCE). Tracked as […]
Washington State Attorney General Bob Ferguson on Monday filed a lawsuit against wireless carrier T-Mobile over a 2021 data breach. Disclosed in August 2021, the attack resulted in the personal information of 76.6 million people being stolen. The next year, T-Mobile agreed to pay $350 million to settle a class action lawsuit over the incident, […]
The US cybersecurity agency CISA on Monday said that no other federal agency beyond the Department of the Treasury was impacted by the recent ‘major cybersecurity incident’ involving a BeyondTrust cloud-based service. Disclosed on December 31, the attack resulted in Chinese state-sponsored hackers accessing Treasury workstations and unclassified documents using a compromised API key for […]
Roughly 2,000 ransomware attacks were launched over the past decade against critical infrastructure organizations in the United States and other countries, according to data collected as part of a project maintained at Temple University in Philadelphia. SecurityWeek first wrote about the project in 2020, when it covered more than 680 ransomware attacks targeting critical infrastructure. […]
China has slammed a decision by the U.S. Treasury to sanction a Beijing-based cybersecurity company for its alleged role in multiple hacking incidents targeting critical U.S. infrastructure, while the Chinese cyber security agency complained Monday of attacks on Chinese networks. Asked about the sanctions against Beijing-based Integrity Technology Group, Chinese Foreign Ministry spokesperson Guo Jiakun […]