SecurityWeek

VMware has patched another critical vulnerability reported by Positive Technologies, a Russian cybersecurity firm that was sanctioned recently by the United States.

In an apparent industry first, the global insurance company AXA said Thursday it will stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to ransomware criminals.

Billions of Android devices are exposed to a vulnerability in Qualcomm’s Mobile Station Modem (MSM) chipA vulnerability in Qualcomm’s Mobile Station Modem (MSM) chip– installed in around 30% of the world’s mobile devices – can be exploited from within Android.

The infamous cybercrime organization known as Evil Corp may be running cyberespionage operations on behalf of a Russian intelligence agency, security consulting company Truesec reports.

Google is marking World Password Day with a blog post summarizing the password management features it offers, and the company announced that it will automatically enroll some accounts in two-step verification (2SV).

Managed detection and response (MDR) solutions provider Huntress on Thursday announced raising $40 million in a Series B funding round, which brings the total raised by the company to $60 million.

Cisco on Wednesday released patches to address tens of vulnerabilities across its product portfolio, including critical flaws in SD-WAN software and the HyperFlex HX data platform.

World Password Day was created by Intel in 2013 to raise awareness of the need for strong passwords, but many experts now use the occasion to urge organizations to replace passwords with other, more secure authentication methods.

US tech giant Microsoft pledged Thursday to process and store all European cloud-based client data in the European Union amid unease in the region over the reach of US legislation on personal data collection.

As threat actors attempt to remain undetected to carry out attacks, they often use a variety of tools to obscure their identities and activity. Organizations meanwhile leave their networks and activity open for inspection by anyone who chooses to perform basic reconnaissance. 

Law enforcement agencies across the U.S. have used facial recognition technology to solve homicides and bust human traffickers, but concern about its accuracy and the growing pervasiveness of video surveillance is leading some state lawmakers to hit the pause button.

The United States Department of Defense this week announced an expansion of the scope of its vulnerability disclosure program to include all of its publicly accessible information systems.

Unmasking a threat actor at an individual level could help you to gain more context, determine why the attack occurred, and quantify future risk

Red Hat this week announced that it’s taking the first steps towards open-sourcing the StackRox container security product for Kubernetes.

Israeli cybersecurity testing firm Cymulate announced today that it has raised $45 million through a Series C funding round.

Google makes Chrome for Windows more resilient to vulnerability exploitation with new mitigation technologyStarting in version 90, Chrome for Windows improves resilience against vulnerability exploitation by adopting Hardware-enforced Stack Protection.

A new threat actor that appears to be financially motivated has targeted many organizations in the United States and other countries using several new pieces of malware, FireEye reported on Tuesday.

Cyber asset management and governance solutions provider JupiterOne on Tuesday announced that it raised $30 million in Series B funding, which brings the total raised by the company to more than $49 million.The funding round was led by Sapphire Ventures, with participation from previous investor Bain Capital Ventures.

I’m glad this column is coming out now instead of earlier this year. Cloud security is more topical than ever when considering all the fun things that have happened in 2021 with security startups!

The Android operating system updates released by Google for May 2021 patch a total of 42 vulnerabilities, including four considered critical severity.