SecurityWeek

Center for Vein Restoration discloses data breach impacting the personal, medical, and financial information of 446,000 individuals.

December 2024 ICS Patch Tuesday brings advisories from CISA, as well as several major industrial automation companies. 

Ivanti has released patches for critical vulnerabilities in Cloud Services Application, Connect Secure, and Policy Secure.

The US government announced charges, sanctions and a reward for Guan Tianfeng, a Chinese national accused of involvement in Sophos firewall hacks.

Patch Tuesday: Redmond patches 71 security flaws and calls immediate attention to an exploited Windows zero-day reported by CrowdStrike.

Adobe has patched over 160 vulnerabilities across over a dozen products, including Reader, Illustrator, Photoshop and Connect.

Wald.ai has raised $4 million in seed funding for a solution designed to ensure data protection when organizations use AI assistants.

CVE-2024-50623, an improperly patched vulnerability affecting Cleo file transfer tools, has been exploited in the wild.

SAP has released patches for 16 vulnerabilities, including a critical-severity SSRF bug in NetWeaver (Adobe Document Services).

Microsoft offers $10,000 in rewards to researchers who can manipulate a realistic simulated LLM-integrated email client.

Tel Aviv company building software to secure non-human identities banks a $45 million funding round led by Menlo Ventures.

Cisco Talos has disclosed the details of apparently unpatched vulnerabilities in MC Technologies industrial routers and the GoCast BGP tool.

Microsoft has rolled out new default security protections that mitigate NTLM relaying attacks across on-premises Exchange, AD CS, and LDAP services.

Radiant Capital says a North Korean threat actor stole $50 million in assets in a sophisticated October attack.

The CVE-2024-54143 vulnerability affects the OpenWrt sysupgrade server and exposes users to risks of installing malicious firmware images.

Medical devices manufacturer Artivion says a ransomware attack caused disruptions to order and shipping processes.

QNAP has released patches for multiple high-severity QTS and QuTS Hero vulnerabilities disclosed at the Pwn2Own Ireland 2024 hacking contest.

The Blue Yonder ransomware attack that caused disruptions to Starbucks and major grocery stores may have also involved information theft.

Deloitte has issued a response after the Brain Cipher ransomware group claimed to have stolen over 1 TB of information belonging to the company.

Belgian and Dutch authorities arrested eight individuals for their alleged involvement in phishing, online scams, and money laundering operations.