SecurityWeek

FIN11 is a new designation for a financially motivated threat actor that may previously have been obscured within the activity set and group usually referred to as TA505. Although there are similarities and overlaps in the TTPs of both groups, researchers have discovered enough differences to separate the groups.

91% of Survey Respondents Say Their Boards Have Increased Cybersecurity Investment in Response to COVID-19 PandemicA global survey of almost 1000 CISO/Senior IT decision makers shows positive signs of Boards' willingness to invest in cybersecurity -- with perhaps one major rider.

Bluetooth vulnerabilities that a Google security researcher has identified in the Linux kernel could be exploited to run arbitrary code or access sensitive information.

One of the vulnerabilities that Microsoft addressed as part of the October 2020 Patch Tuesday is a critical bug in Windows’ TCP/IP driver that could lead to the remote execution of code.

Intel on Wednesday announced the new security technologies that will be present in the company’s upcoming 3rd generation Xeon Scalable processor, code-named “Ice Lake.”Intel told SecurityWeek that it’s aiming to make initial production shipments of the first 10nm-based Xeon Scalable product at the end of the year.

Cyber warriors on NATO's eastern edge are warning that the growing number of people working from home globally due to the pandemic is increasing vulnerability to cyber attacks.

Cisco Talos this week released the details of several remotely exploitable denial-of-service (DoS) vulnerabilities found by one of its researchers in an industrial automation product made by Rockwell Automation.

Governments around the world are using the pandemic as a justification to expand surveillance and crack down on dissent online, resulting in a 10th consecutive annual decline in internet freedom, a human rights watchdog report said Wednesday.

PDF software developer Foxit has released patches to address several high-risk vulnerabilities affecting both Windows and macOS applications.The Chinese software company’s tools allow users to create and edit PDF files, as well as secure them when necessary. Foxit also offers products under a freemium licensing model.

Microsoft has fixed nearly 90 vulnerabilities with its October 2020 Patch Tuesday updates and while none of them has been exploited in attacks, several of the flaws were publicly disclosed before the patches were released.

Finance ministers from the G7 industrialized countries expressed "concern" on Tuesday over the rise in "malicious cyber-attacks" in the midst of the Covid-19 pandemic, including some involving cryptocurrencies.

DevSecOps and risk management solutions provider apiiro on Tuesday emerged from stealth mode with $35 million in funding.

Norway's government on Tuesday said that it believes Russia was behind an August cyber attack targeting the email system of the country's parliament.

Adobe has patched a critical arbitrary code execution vulnerability in Flash Player. This is the only flaw fixed by the software giant this Patch Tuesday.The vulnerability, tracked as CVE-2020-9746, has been described as a NULL pointer dereference issue.

Online infrastructure security solutions provider Cyberpion on Tuesday emerged from stealth mode after raising $8.25 million in seed funding.

Acronis has released patches for its True Image, Cyber Backup, and Cyber Protect products to address vulnerabilities that could lead to elevation of privileges.The flaws could allow unprivileged Windows users to run code with SYSTEM privileges, a vulnerability note from the CERT Coordination Center (CERT/CC) reveals.

Virtual appliances, even if they are provided by major software or cybersecurity vendors, can pose a serious risk to organizations, according to a report published on Tuesday by cloud visibility firm Orca Security.

International law firm Seyfarth Shaw LLP has shut down many of its systems after being hit with a ransomware attack.

An attack involving the Ryuk ransomware required 29 hours from an email being sent to the target to full environment compromise and the encryption of systems, according to the DFIR Report, a project that provides threat intelligence from real attacks observed by its honeypots.

deepwatch, a Washington, DC-based managed security services provider (MSSP), announced on Monday that it has closed a $53 million Series B investment round led by Goldman Sachs.The latest funding round brings the total amount raised by the company to $76 million.