SecurityWeek

Intel, AMD, Zoom and Splunk released security advisories on Patch Tuesday to inform customers about vulnerabilities found in their products.

CISA has added a critical Microsoft SharePoint Server flaw (CVE-2023-29357) to its Known Exploited Vulnerabilities catalog.

Cisco Unity Connection flaw could allow remote, unauthenticated attackers to upload arbitrary files and execute commands on the system.

Mandiant’s X account was hacked as a result of a brute force attack as part of a cryptocurrency scheme that earned at least $900k.

Ivanti confirms active zero-day exploits, ships pre-patch mitigations, but says comprehensive fixes won't be available until January 22.

Seattle network detection and response firm secures $100 million in growth funding and adds to its executive team.

The compromised information includes names, contact information, dates of birth, health information, medical treatment details, Social Security numbers, and employee records.

A computer hacker who was part of a criminal gang that stole data from hundreds of millions of people and sold it on the dark web was jailed in the United States on Tuesday.

Anecdotes has raised $25 million in Series B funding, which brings the total investment to $55 million, for its compliance platform.

An improper input validation flaw in Kyocera Device Manager allows attackers to capture credentials, compromise accounts.

SAP has released patches for critical vulnerabilities in Business Application Studio, Web IDE, and Edge Integration Cell.

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Chinese state-backed experts have found a way to identify people who use Apple's encrypted AirDrop messaging service, according to the Beijing municipal government.

Android’s first security update of 2024 resolves high-severity elevation of privilege and information disclosure vulnerabilities.

The SEC said that a post on X, announcing that the securities regulator had approved the trading of exchange-traded funds holding bitcoin was fake, and that the agency’s account had been “compromised.”

This acquisition is expected to double HPE's networking business and expand its portfolio with AI-native networking offerings.

Patch Tuesday: Redmond patches critical, remote code execution vulnerabilities haunting Windows Kerberos and Windows Hyper-V.

Delinea acquires Israeli startup Authomize to add identity threat detection and response (IDTR) technologies to its product portfolio.

CISA has added a critical-severity Apache Superset flaw (CVE-2023-27524) to its Known Exploited Vulnerabilities catalog.

Patch Tuesday: Adobe patches six security flaws in the Substance 3D Stager product and warned of code execution risks on Windows and macOS.