SecurityWeek

Vulnerabilities in the Zimbra enterprise webmail solution could allow an attacker to gain unrestricted access to an organization’s sent and received email messages, software security firm SonarSource reveals.

Password management solutions provider 1Password today announced receiving a $100 million investment that increases its valuation to $2 billion. Previously, the company raised $200 million in a Series A funding round.

An unauthenticated OS command injection vulnerability in the Sunhillo SureLine application could allow an attacker to execute arbitrary commands with root privileges, according to security researchers with the NCC Group.

IT management software firm Kaseya on Monday said it did not pay any money to cybercriminals, following speculation that it may have paid a ransom to obtain a decryptor that would allow customers hit by the recent ransomware attack to recover their files.

A recently disclosed vulnerability affecting a popular survey creation tool has been exploited by a threat group that may be linked to China against organizations in the United States.

South Africa's state-owned logistics firm said Tuesday it was working to restore systems following a major cyber-attack last week that hit the country's key port terminals.The attack began on July 22 but continued, forcing Transnet to switch to manual systems, it said.

Developing various data sets for threat hunting engagements will further mature your program and help uncover the unknown

A former CIA software engineer can represent himself at his upcoming retrial on espionage charges, a judge said Monday.

Apple on Monday released a major security update with fixes for a security defect the company says “may have been actively exploited” to plant malware on macOS and iOS devices.

Mozilla has completely removed support for the File Transfer Protocol (FTP) from the latest release of its flagship Firefox web browser.

No More Ransom is celebrating its 5th anniversary and the project says it has helped more than 6 million ransomware victims recover their files and prevented cybercriminals from earning roughly $1 billion.

Allegations that governments used phone malware supplied by an Israeli firm to spy on journalists, activists and heads of state have "exposed a global human rights crisis," Amnesty International said, asking for a moratorium on the sale and use of surveillance technology.

A look into MITRE's 2021 CWE Top 25 Most Dangerous Software Weaknesses

It was the start of a steamy Friday two Augusts ago when Jason Whisler settled in for a working breakfast at the Coffee Ranch restaurant in the Texas Panhandle city of Borger. The most pressing agenda item for city officials that morning: planning for a country music concert and anniversary event.

As attackers become more sophisticated, so do their attacks. This in turn exposes threat vectors that once were thought to be well protected, or at least not interesting enough to attack. Nowhere is this truer than in industrial control systems (ICS) environments.

GitLab last week announced the release of a new open source tool designed to help software developers identify malicious code in their projects’ dependencies.

Enterprises have been warned of a new attack method that can be used by malicious actors to take complete control of a Windows domain.

Threat actors are abusing Argo Workflows to target Kubernetes deployments and deploy crypto-miners, according to a warning from security vendor Intezer.

The U.S. House of Representatives this week passed several cybersecurity bills, including ones related to critical infrastructure, industrial control systems (ICS), and grants for state and local governments.