SecurityWeek

The Internet Archive has been hacked and hit by a significant DDoS attack, with 31 million users reportedly being impacted by a data breach.

Risk management startup Cyrisma has raised $7 million in a Series A funding round led by Blueprint Equity.

SecurityWeek talked to David Weston, VP enterprise and OS security at Microsoft, to discuss Windows kernel access and safe deployment practices.

Continuous automated red teaming platform provider WatchTowr has raised $19 million in a Series A funding round. 

CISA has added a FortinetFortiOS vulnerability tracked as CVE-2024-23113 to its Known Exploited Vulnerabilities (KEV) catalog.

Mozilla has released a Firefox 131 update to resolve CVE-2024-9680, a code execution vulnerability exploited in the wild as a zero-day.

Marriott agreed to pay $52 million and make changes to bolster its data security to resolve claims related to major data breaches that affected more than 300 million customers.

Palo Alto warns that attackers can access usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

A cyberattack continues to affect the largest regulated water and wastewater utility company in the US, renewing a focus on the importance of protecting critical infrastructure sites.

Google launches Global Signal Exchange (GSE), an initiative aimed at fostering the sharing of online fraud and scam intelligence.

CISA and the FBI have issued a warning on Iranian phishing attacks targeting national political organizations and campaigns.

New York anti-bot firm says new investment will drive adoption of AI techniques and expand into digital account protection and media security.

How simplifying complexity, enhancing visibility, and empowering analysis can address key challenges in modern cybersecurity operations and investigations.

Casio says a recent cyberattack has caused some system disruptions and it’s investigating whether a data breach has occurred. 

CreditRiskMonitor says hackers may have accessed personal information of employees and independent contractors. 

The EU has set up a system for imposing sanctions against people accused of cyberattacks, information manipulation or acts of sabotage on behalf of Russia.

The iPhone Mirroring feature in macOS Sequoia and iOS 18 may expose employees’ private applications to corporate IT environments.

Cyberespionage APT GoldenJackal has been targeting air-gapped systems at government organizations and embassies.

Ivanti says a few more CSA zero-day vulnerabilities have been found to be exploited in attacks where they are chained with CVE-2024-8963.

ICS security advisories were published on Tuesday by Siemens, Schneider Electric, Phoenix Contact and CERT@VDE.