SecurityWeek

Migrating to a quantitative cyber risk model of analysis allows for more accurate data, which leads to more informed decision-making.

Cisco has released patches for vulnerability in the GET VPN feature of IOS and IOS XE software that has been exploited in attacks.

Russian zero-day acquisition firm Operation Zero is now offering $20 million for full Android and iOS exploit chains.

Sysdig enhanced its existing CNAPP offering with a cloud attack graph, risk prioritization, attack path analysis, a searchable inventory, and complete agentless scanning.

Google has rushed to patch a new Chrome zero-day vulnerability, tracked as CVE-2023-5217 and exploited by a spyware vendor. 

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently hop around the corporate networks of U.S. and Japanese companies.

CISA unveils a new Hardware Bill of Materials (HBOM) framework for buyers and sellers to communicate about components in physical products.

Israeli security startup Gem Security has raised a total of $34 million to tackle cloud threat detection and incident response.

Attackers can find tons of information on Tesla cars and their drivers by searching for misconfigured TeslaMate instances online.

Firefox 118 patches six high-severity vulnerabilities, including a memory leak potentially leading to sandbox escape.

Threat actors have been using stolen GitHub personal access tokens to push malicious code posing as Dependabot contributions.

Google has released the source code of BinDiff, a binary file comparison tool popular within the security research community, on GitHub.

macOS 14 Sonoma has been officially released by Apple and the latest version of the operating system patches over 60 vulnerabilities.

GPUs from AMD, Apple, Arm, Intel, Nvidia and Qualcomm are vulnerable to a new type of side-channel attack named GPU.zip.

Microsoft announced that the latest Windows 11 update (23H2) will bring more support for passkeys and several new security features.  

UAE-linked APT group Stealth Falcon has used the new Deadglyph backdoor in an attack targeting a governmental entity in the Middle East.

Sony has launched an investigation after a ransomware group claimed to have compromised all systems and offered to sell stolen data.

CISO churn is a hidden cybersecurity threat. Major security initiatives or implementations can take longer than the residency of a single CISO, and constant churn can leave cracks or gaps in security.

The Xenomorph Android banking trojan can now mimic financial institutions in the US and Canada and is also targeting crypto wallets.

Mixin Network suspends deposits and withdrawals after hackers steal $200 million in digital assets from its centralized database.