SecurityWeek

CISA and the FBI issue a secure-by-design alert on eliminating SQL injection vulnerabilities from software.

CVE-2023-48788, a critical SQL injection vulnerability in Fortinet’s FortiClient EMS product, is being exploited in the wild.

Australia and New Zealand support the UK in condemning Chinese hackers for targeting UK institutions and parliamentarians.

The US Treasury Department sanctions a pair of Chinese hackers linked to “malicious cyber operations targeting US critical infrastructure sectors.”

Leen Security, a new startup building technology to help reduce chaos in the data security space, has banked a $2.8 million pre-seed funding.

The OODA Loop can be used both by defenders and incident responders for a variety of use cases such as threat assessment, threat monitoring, and threat hunting.

More than 100 organizations in the US and EU have been targeted in recent StrelaStealer infostealer campaigns.

Multiple Python developers get infected after downloading malware-packed clone of the popular tool Colorama.

Firefox browser updates address two zero-day vulnerabilities exploited at the Pwn2Own hacking contest.

Michael Sulmeyer has been nominated by the White House as the first assistant secretary of defense for cyber policy at the Pentagon.

Software risk management firm Finite State has raised a $20 million growth round led by Energy Impact Partners (EIP).

German authorities took down the Nemesis Market, a major online marketplace for drugs, cybercrime services and stolen credit card data.

Russia’s APT29 hacking group is expanding targets to political parties in Germany using a new backdoor variant tracked as Wineloader.

The resolution, sponsored by the United States and co-sponsored by 123 countries, including China, was adopted by consensus with a bang of the gavel and without a vote, meaning it has the support of all 193 U.N. member nations.

The Rhysida ransomware group has taken credit for the cyberattack on MarineMax and is offering to sell stolen data for 15 bitcoin.

There are several attributes that tie the cybersecurity community together–namely our collective passion for solving complex problems in order to reduce harm – but one has stood out prominently over the years: impostor syndrome.

Noteworthy stories that might have slipped under the radar: Google’s post-quantum cryptography threat model, keyboard typing sounds can expose data, DHS publishes AI roadmap.

Over 39,000 websites have been infected with the Sign1 malware that redirects visitors to scam domains.

CISA, the FBI, and MS-ISAC have released new guidance on how federal agencies can defend against DDoS attacks.

BlueFlag Security emerges from stealth mode with $11.5 million in a seed funding round led by Maverick Ventures and Ten Eleven Ventures.