SecurityWeek

Researchers from three universities in Germany have identified a new TLS attack method that can allow a man-in-the-middle (MitM) attacker to extract user data or execute arbitrary code.The new attack, dubbed ALPACA, has been described as an “application layer protocol content confusion attack.”

Google this week released patches for 14 vulnerabilities in the Chrome browser, including a security flaw that has been exploited in the wild.Ten of the issues were reported by external security researchers: one rated critical severity, seven high severity, and two medium severity. All are patched in Chrome 91.0.4472.101 for Windows, Mac and Linux.

The world’s largest meat processing company says it paid the equivalent of $11 million to hackers who broken into its computer system late last month.

The latest wave of ransomware attacks hitting the United States and globally portends a difficult battle against hackers, even as government and the private sector ramp up defenses.

A newly observed malicious campaign is targeting Kubeflow workloads to deploy TensorFlow pods that are used to mine for crypto-currency, according to a warning from security researchers at Microsoft.

Amazon this week activated its proprietary mesh network known as Sidewalk, linking tens of millions of Amazon smart devices, each sharing a tiny sliver of their bandwidth to provide a wide network of connectivity even when and where WiFi service is poor or unavailable.

Cisco’s Smart Install protocol is still being abused in attacks — five years after the networking giant issued its first warning — and there are still roughly 18,000 internet-exposed devices that could be targeted by hackers.

Intel this week announced the availability of patches for 73 vulnerabilities identified across multiple products, including several high-severity flaws that can be exploited to escalate privileges.According to Intel, more than half of the bugs were discovered internally and 40% were reported through its bug bounty program.

Cyber risk management solutions provider Brinqa this week announced that it received $110 million in growth capital from private equity firm Insight Partners.

A pipeline company CEO on Tuesday defended his decisions to abruptly halt fuel distribution for much of the East Coast and pay millions to a criminal gang in Russia as he faced down one of the most disruptive ransomware attacks in U.S. history.

Industrial automation giants Siemens and Schneider Electric on Tuesday released several security advisories to inform customers about tens of vulnerabilities affecting their products. The companies have provided patches and recommendations for reducing the risk of exploitation.

One drug trafficker texted another that he had a "job" and a proven way to get it done: two kilograms of cocaine from Bogota using the French embassy's protected diplomatic pouch.

Automated endpoint management startup Aiden Technologies on Tuesday announced that it closed a $2.9 million seed funding round led by Right Side Capital Management.Congress Avenue Ventures, the Gaingels, and SAJE Investments also participated in the round, along with various advisors and strategic individual investors.

German software maker SAP this week released 17 new security notes documenting security vulnerabilities being fixed as part of the company's June 2021 SAP Security Patch Day.

New York City’s law department was been hit with a cyberattack that forced officials to take the 1,000-lawyer agency offline, but Mayor Bill de Blasio said he believes no data was compromised in the hack.

Microsoft’s Patch Tuesday will take on extra urgency this month with the news that at least six previously undocumented vulnerabilities are being actively exploited in the wild.

Adobe’s product security response machine revved into high gear this week with the release of multiple patches for gaping security holes in widely deployed software products.

Organizations have been warned about denial of service (DoS) vulnerabilities found in RabbitMQ, EMQ X and VerneMQ, three widely used open source message brokers.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced that it has partnered with the crowdsourced cybersecurity community for the launch of its vulnerability disclosure policy (VDP) platform.