Industry Reactions to EU-US Data Privacy Framework: Feedback Friday
The European Union and the United States this week reached an agreement on the Data Privacy Framework focusing on the secure transfer of information from…
Category: SecurityWeek
Critical Cisco SD-WAN Vulnerability Leads to Information Leaks
A remotely-exploitable critical vulnerability in the Cisco SD-WAN vManage software could allow unauthenticated attackers to retrieve information from vulnerable instances. Tracked as CVE-2023-20214 (CVSS score…
Hackers Target Reddit Alternative Lemmy via Zero-Day Vulnerability
Several instances of the Reddit alternative Lemmy were hacked in recent days by attackers who had apparently exploited a zero-day vulnerability. Lemmy is an open…
Secure Code Warrior Raises $50 Million to Help Developers Write Secure Code
Developer-focused learning platform provider Secure Code Warrior on Thursday announced that it has raised $50 million in Series C funding, which brings the total raised…
US Publishes Implementation Plan for National Cybersecurity Strategy
The Biden-Harris administration on Thursday published a roadmap to implement the National Cybersecurity Strategy (NCS). Meant to ensure transparency and coordination, the National Cybersecurity Strategy…
Google Researchers Discover In-the-Wild Exploitation of Zimbra Zero-Day
Google security researchers have discovered a Zimbra zero-day vulnerability that has been exploited in the wild. Users are being advised to manually patch their installations. …
API Flaw in QuickBlox Framework Exposed PII of Millions of Users
Research into the widely used QuickBlox SDK and API led to the discovery of critical vulnerabilities built into chat and video applications used by industries…
Honeywell DCS Platform Vulnerabilities Can Facilitate Attacks on Industrial Organizations
Cybersecurity company Armis has identified several vulnerabilities in Honeywell distributed control system (DCS) products that could be exploited in attacks aimed at industrial organizations. Armis…
Cisco Shopping Spree Adds Oort ID Threat Detection Tech
Cisco’s cybersecurity shopping spree hit another gear Thursday with the planned acquisition of Oort, an early-stage startup selling software in the Identity Threat Detection and…
BlackLotus UEFI Bootkit Source Code Leaked on GitHub
The source code for the BlackLotus UEFI bootkit has been shared publicly on GitHub, albeit with several modifications compared to the original malware. Designed specifically…
Popular WordPress Security Plugin Caught Logging Plaintext Passwords
The All-In-One Security (AIOS) WordPress plugin was found to be logging plaintext passwords from login attempts. Installed on more than one million WordPress sites, the…
3 Tax Prep Firms Shared ‘Extraordinarily Sensitive’ Data About Taxpayers With Meta, Lawmakers Say
Three large tax preparation firms sent “extraordinarily sensitive” information on tens of millions of taxpayers to Facebook parent company Meta over the course of at…