SecurityWeek

Second identifier, CVE-2024-3272, assigned to unpatched D-Link NAS device vulnerabilities, just as exploitation attempts soar. 

Speaker Mike Johnson is expected to bring forward a Plan B that would reform and extend Section 702 of the Foreign Intelligence Surveillance Act for a shortened period of two years.

Palo Alto Networks warns of limited exploitation of a critical command injection vulnerability leading to code execution on firewalls.

Checkmarx warns of a new attack relying on GitHub search manipulation to deliver malicious code.

A critical vulnerability in multiple programming languages allows attackers to inject commands in Windows applications.

LastPass this week revealed that one of its employees was targeted in a phishing attack involving deepfake technology.

The US government says Midnight Blizzard’s compromise of Microsoft corporate email accounts "presents a grave and unacceptable risk to federal agencies."

Zscaler announces plans to acquire Airgap Networks, a venture-backed startup selling network segmentation and secure access technologies.

Tel Aviv startup banks seed funding for technology to help organizations connect, secure, and provide access to multiple data sources.

The US government issues a red-alert for what appears to be a massive supply chain breach at Sisense, a company that sells big-data analytics tools.

Simbian aims to build a fully autonomous security platform that lets humans make the strategic decisions while AI implements those decisions.

SecurityWeek speaks to Tom Scholl, VP and distinguished engineer at AWS, on how the organization tackles IP Spoofing and DDoS attacks.

Startup Knostic emerges from stealth mode with $3.3 million in funding and a gen-AI access control product for enterprises.

With automated, detailed, contextualized threat intelligence, organizations can better anticipate malicious activity and utilize intelligence to speed detection around proven attacks.

USCYBERCOM’s Cyber National Mission Force participated in 22 foreign hunt forward operations in 2023.

The financial sector has suffered over 20,000 cyberattacks in two decades, causing more than $12 billion in losses.

A bill that would reauthorize Section 702 of the Foreign Intelligence Surveillance Act was blocked by a conservative revolt.

Google releases a Chrome 123 update to resolve three high-severity memory safety vulnerabilities.

Palo Alto Networks patches several high-severity vulnerabilities, including ones that allow DoS attacks against its firewalls.

Google adds AI to cloud security features and announces other security capabilities for cloud customers.