SecurityWeek

Self check-in kiosks at Ibis Budget hotels were affected by a vulnerability that exposed keypad codes that could be used to enter rooms. 

Twenty-seven cybersecurity-related merger and acquisition (M&A) deals were announced in March 2024.

Heartbleed made most certificates vulnerable. The future problem is that quantum decryption will make all certificates and everything else using RSA encryption vulnerable to everyone.

Prudential Financial says the names, addresses, and ID numbers of over 36,000 were stolen in a February data breach.

The OWASP Foundation says a wiki misconfiguration exposed resumes filed over a decade ago by aspiring members.

MarineMax confirms suffering a data breach as a result of a recent ransomware attack, with the attackers claiming to have obtained 180,000 files. 

Google agreed to purge billions of records containing personal information collected from more than 136 million people using its Chrome web browser as part of settlement in a lawsuit accusing it of illegal surveillance.

Veracode announces a deal to acquire Longbow Security, a Texas seed-stage startup working on automated root cause analysis technology.

A vulnerability in util-linux, a core utilities package in Linux systems, allows attackers to leak user passwords and modify the clipboard.

NCC Group researchers warn that the Android banking malware ‘Vultur’ has been updated with device interaction and file tampering capabilities.

Software developers relying on AI chatbots for building applications may end up using hallucinated software packages.

Urgent security alerts issued as malicious code was found embedded in the XZ Utils data compression library used in many Linux distributions.

AT&T used the Easter holiday weekend to quietly share details on data that surfaced on the dark web roughly two weeks ago.

Generative-AI security startup SydeLabs emerges from stealth mode with $2.5 million in seed funding led by RTP Global.

Noteworthy stories that might have slipped under the radar: US government conducting airline privacy review, SEC’s overreaching SolarWinds hack probe, MFA bombing of Apple users.

US Defense Department releases defense industrial base cybersecurity strategy with a focus on four key goals.

It is the CISO’s responsibility to build and maintain a high functioning team in a difficult environment – cybersecurity is a complex, continuous, and adversarial environment like none other outside of military conflict.

The US Department of Energy announces $15 million funding for university-based electric power cybersecurity centers.

Harvard Pilgrim Health Care says the personal information of over 2.8 million individuals was stolen in a year-old ransomware attack.

JetBrains patches 26 security issues in TeamCity and takes steps to avoid malicious exploitation of vulnerabilities.