SecurityWeek

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Chinese state-backed experts have found a way to identify people who use Apple's encrypted AirDrop messaging service, according to the Beijing municipal government.

Android’s first security update of 2024 resolves high-severity elevation of privilege and information disclosure vulnerabilities.

The SEC said that a post on X, announcing that the securities regulator had approved the trading of exchange-traded funds holding bitcoin was fake, and that the agency’s account had been “compromised.”

This acquisition is expected to double HPE's networking business and expand its portfolio with AI-native networking offerings.

Patch Tuesday: Redmond patches critical, remote code execution vulnerabilities haunting Windows Kerberos and Windows Hyper-V.

Delinea acquires Israeli startup Authomize to add identity threat detection and response (IDTR) technologies to its product portfolio.

CISA has added a critical-severity Apache Superset flaw (CVE-2023-27524) to its Known Exploited Vulnerabilities catalog.

Patch Tuesday: Adobe patches six security flaws in the Substance 3D Stager product and warned of code execution risks on Windows and macOS.

Industrial giants Siemens and Schneider Electric publish a total of 7 new security advisories addressing 22 vulnerabilities. 

Researchers at Securonix warn that Turkish threat actors are targeting organizations in the Americas and Europe with ransomware campaigns.

Despite the drastically newer and more complex technology, many of the core incident response principles remain the exact same and we should never forget the fundamentals.

Hackers can take complete control of Bosch Rexroth nutrunners, installing ransomware or altering settings to cause financial impact and brand damage.

Mortgage lending firm LoanDepot has disclosed a cyberattack resulting in data encryption and system disruptions.

The LockBit ransomware gang claims to have stolen over 7 terabytes of data from hospital system Capital Health.

The volume of cybersecurity transactions increased in 2023 compared to 2022, but the total amount of funding decreased significantly.

QNAP has released patches for a dozen vulnerabilities in its products, including several high-severity flaws.

Turkish state-sponsored group Sea Turtle has been targeting multiple organizations in the Netherlands for espionage.

Self-hosted GitHub Actions runners could allow attackers to inject malicious code into repositories, leading to supply chain attacks.

NIST has published guidance on adversarial machine learning (AML) attacks and mitigations, warning that there is no silver bullet.