SecurityWeek

Noteworthy stories that might have slipped under the radar: KnowBe4 product vulnerabilities, SOCRadar responds to hacker's claims, and SEC ends the MOVEit hack probe.

Iranian actors have spent recent months creating fake news sites and impersonating activists, laying the groundwork to stoke division and potentially sway American voters this fall.

CISA is warning organizations about abuse of Cisco Smart Install feature, as Cisco is notifying customers about critical phone vulnerabilities it’s not patching.

Sonos has patched vulnerabilities in its smart speakers, including a serious flaw that could have been exploited to eavesdrop on users.

ADT has confirmed that hackers have stolen information after 30,000 customer records were leaked recently.

CrowdStrike dismissed claims that the Falcon EDR sensor bug could be exploited for privilege escalation or remote code execution.

SaaS app log analysis highlights the rapid smash and grab raid: in, steal, and leave in 30 minutes.

After a cybersecurity incident, what should organizations do to learn from it and improve their security posture for the future?

In modern security parlance, ‘immutable’ has three primary associations: immutable servers, immutable backup, and immutable data.

The US is offering up to $10 million for Iranian individuals accused of hacking water utility industrial control systems last year.

Vulnerabilities found in solar power systems could have been exploited by hackers to cause disruption and possibly blackouts.

AWS has patched vulnerabilities in several products, including flaws that could have been exploited to take over accounts.

Censys has found more than 40,000 internet-exposed ICS devices in the US, and notifying owners is in many cases impossible.

Researchers disclose the details of GhostWrite, a RISC-V CPU vulnerability that can be exploited to gain full access to targeted devices.

Researcher showcases hack against Microsoft Windows Update architecture, turning fixed vulnerabilities into zero-days.

The UK Information Commissioner’s Office announced its intention to fine Advanced Computer Software Group £6.09 million.

Scamnetic emerges from stealth mode with an AI-based scam detection solution and over $1 million in pre-seed funding.

What does “secure by default” mean for the average company as you implement security systems and protocols?

The ransomware scourge is still growing and still successful for attackers, Rapid7’s Ransomware Radar Report 2024 shows.

LoanDepot reported expenses totaling nearly $27 million related to the ransomware attack that came to light in January 2024.