SecurityWeek

Unpatched D-Link NAS device vulnerability CVE-2024-3273, potentially affecting many devices, is being exploited in the wild.

Researchers at the Shadowserver Foundation identify thousands of internet-exposed Ivanti VPN appliances likely impacted by a recently disclosed vulnerability leading to remote code execution.

The US Department of Health warns of financially motivated social engineering attacks targeting healthcare organizations.

The American Privacy Rights Act would preempt most state privacy laws — though it wouldn’t impact certain states’ laws already on the books that protect financial, health or employee data.

New Ahoi attacks Heckler and WeSee target AMD SEV-SNP and Intel TDX with malicious interrupts to hack confidential VMs.

Crowdfense has announced a $30 million exploit acquisition program covering Android, iOS, Chrome, and Safari zero-days.

Google fights Chrome V8 engine memory safety bugs with a new sandbox and adds it to the bug bounty program.

US National Security Agency appoints Dave Luber as its new cybersecurity director following the retirement of Rob Joyce.

TrojAI, a provider of enterprise AI security solutions, announced a $5.75 million funding round of additional seed capital and the appointment of Lee Weiner as CEO.

Section 702 of the Foreign Intelligence Surveillance Act expires on April 19.

Incognito modes generally do not prevent the websites you visit from seeing your location, via your IP address, or stop your internet service provider from logging your activities.

Cisco says it will not release patches for a cross-site scripting vulnerability impacting end-of-life small business routers.

With so much money riding on the promise of AI advances, it’s no surprise that AGI is also becoming a corporate buzzword that sometimes attracts a quasi-religious fervor.

Noteworthy stories that might have slipped under the radar: the CISA hack could impact 100,000 people, Microsoft AI Copilot banned by US House, UK nuclear site prosecution. 

NIST announced $3.6 million in grants for 18 education and community organizations to build the future cybersecurity workforce.

Cybersecurity companies raised $2.3 billion in funding in Q1 2024, a 20% decrease compared to the same period of 2023, according to Pinpoint.

Attackers are exploiting a recent Magento vulnerability to deploy a persistent backdoor on ecommerce websites.

Acuity, the tech firm from which hackers claimed to have stolen State Department and other government data, confirms hack, but says stolen info is old.

Japanese lens maker Hoya says production processes and ordering systems were disrupted by a cyberattack.

Ivanti releases a carefully scripted YouTube video and an open letter from chief executive Jeff Abbott vowing to fix the entire security organization.