SecurityWeek

Cuttlefish malware platform roaming around enterprise SOHO routers capable of covertly harvesting public cloud authentication data from internet traffic.

Venafi introduced a 90-Day TLS Readiness solution to help enterprises prepare for Google’s proposed 90-day limit for the lifecycle of a digital certificate.

AI-Native Trust, Risk, and Security Management (TRiSM) startup DeepKeep raises $10 million in seed funding.

SecurityWeek interviews Geoff Belknap, CISO at LinkedIn, and Guy Rosen, CISO at Facebook parent company Meta.

The new Wpeeper Android trojan ceased operations after a week and has zero detections in VirusTotal.

UnitedHealth Group’s CEO Andrew Witty shares details on the damaging cyberattack in testimony before a US Congress committee set for May 1, 2024.

In February 2023, French police arrested well-known Finnish hacker Aleksanteri Kivimäki, who was living under a false identity near Paris. He was deported to Finland. His trial ended last month.

JFrog raises an alarm after finding three large-scale malware campaigns targeting Docker Hub with imageless repositories.

Three vulnerabilities in the Judge0 open source service could allow attackers to escape the sandbox and obtain root privileges on the host.

Mainsail Partners leads a $15 million financing round for end-to-end cybersecurity compliance platform company Apptega.

Despite competitive pressures from industry behemoths like Microsoft and Google, investors are still betting big on startups in the specialized enterprise browser space.

While China-linked Muddling Meerkat’s operations look like DNS DDoS attacks, it seems unlikely that denial of service is their goal, at least in the near term.

The Federal Communications Commission leveraged nearly $200 million in fines against wireless carriers AT&T, Sprint, T-Mobile and Verizon for illegally sharing customers’ location data.

SafeBase has raised north of $50 million since launching in 2020 with plans to simplify vendor risk assessment disclosures.

A vulnerability (CVE-2024-27322) in the R programming language implementation can be exploited to execute arbitrary and be used as part of a supply chain attack.

Microsoft provides an easy and logical first step into GenAI for many organizations, but beware of the pitfalls.

CEOs of major tech companies are joining a new artificial intelligence safety board to advise the federal government on how to protect the nation’s critical services from “AI-related disruptions.”

New CISA guidelines categorize AI risks into three significant types and pushes a four-part mitigation strategy.

History of TikTok and how it many view it as a national security threat.

In 2023, Google said it blocked 2.28 million bad applications from being published on Google Play and banned 333,000 developer accounts.