FIRST Releases CVSS 4.0 Vuln Scoring Standard
The Forum of Incident Response and Security Teams (FIRST) on Monday pushed out a refresh of its CVSS vulnerability scoring standard as part of an…
Category: SecurityWeek
Countries at a UK Summit Pledge to Tackle AI’s Potentially ‘Catastrophic’ Risks
Delegates from 28 nations, including the U.S. and China, agreed Wednesday to work together to contain the potentially “catastrophic” risks posed by galloping advances in…
Mozi Botnet Likely Killed by Its Creators
The recent shutdown of the Mozi botnet is believed to be the work of its operators, who may have been forced to kill their creation…
Dozens of Kernel Drivers Allow Attackers to Alter Firmware, Escalate Privileges
VMware Carbon Black’s Threat Analysis Unit (TAU) has identified dozens of previously unknown vulnerable kernel drivers that could be exploited by attackers to alter firmware…
Supply Chain Startup Chainguard Scores $61 Million Series B
Chainguard, a high-flying security startup founded by a team of former Google software engineers, has banked $61 million in new financing as investors continue to…
Iranian Cyber Spies Use ‘LionTail’ Malware in Latest Attacks
An Iranian espionage group has been caught using a new malware framework in a recent spate of cyberattacks, according to a warning from researchers at…
Mass Exploitation of ‘Citrix Bleed’ Vulnerability Underway
Thousands of Citrix NetScaler ADC and Gateway instances remain unpatched against a critical vulnerability that is being widely exploited, security researchers warn. The flaw, which…
Chrome 119 Patches 15 Vulnerabilities
Google on Tuesday announced the release of Chrome 119 to the stable channel with patches for 15 vulnerabilities, including 13 reported by external researchers. Three…
MITRE Releases ATT&CK v14 With Improvements to Detections, ICS, Mobile
MITRE on Tuesday announced the release of version 14 of ATT&CK, the widely used knowledge base of adversary tactics and techniques. ATT&CK v14 brings improvements…
DPI: Still Effective for the Modern SOC?
There has been an ongoing debate in the security industry over the last decade or so about whether or not deep packet inspection (DPI) is…
Malicious NuGet Packages Abuse MSBuild Integrations for Code Execution
As part of an ongoing and coordinated campaign, threat actors have been continuously publishing malicious NuGet packages with hidden code execution capabilities, threat detection firm…
SIEM and Log Management Provider Graylog Raises $39 Million
Security information and event management (SIEM) and log management provider Graylog on Tuesday announced that it has raised $39 million in funding, which brings the…