The Black Basta ransomware gang may have exploited the Windows privilege escalation flaw CVE-2024-26169 before it was patched.
The post Ransomware Group May Have Exploited Windows Vulnerability as Zero-Day appeared first on SecurityWeek.
SecurityWeek – Read More
Last week, the notorious hacker gang, ShinyHunters, sent shockwaves across the globe by allegedly plundering 1.3 terabytes of data from 560 million Ticketmaster users. This colossal breach, with a price tag of $500,000, could expose the personal information of a massive swath of the live event company’s clientele, igniting a firestorm of concern and outrage.
A massive data breach
Let’s
The Hacker News – Read More
Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the Microsoft Windows Error Reporting Service as zero-day, according to new findings from Symantec.
The security flaw in question is CVE-2024-26169 (CVSS score: 7.8), an elevation of privilege bug in the Windows Error Reporting Service that could be exploited to achieve SYSTEM
The Hacker News – Read More
Data security company Cyberhaven has raised $88 million in a Series C funding round that brings the total to $136 million.
The post Data Security Firm Cyberhaven Raises $88 Million at $488 Million Valuation appeared first on SecurityWeek.
SecurityWeek – Read More
Cybersecurity firm Recorded Future counted 44 health-care-related incidents in the month after Change Healthcare’s payment came to light—the most it’s ever seen in a single month.
Security Latest – Read More
The code hosting platform GitHub has paid out more than $4 million since the launch of its bug bounty program 10 years ago.
The post GitHub Paid Out Over $4 Million via Bug Bounty Program appeared first on SecurityWeek.
SecurityWeek – Read More
What’s the best VPN to use in Australia? Discover the pricing, features, pros and cons of our recommended VPNs for Australia.
Security | TechRepublic – Read More
AI models are nothing without vast data sets to train them and vendors will be increasingly tempted to harvest as much data as they can and answer any questions later.
The post When Vendors Overstep – Identifying the AI You Don’t Need appeared first on SecurityWeek.
SecurityWeek – Read More
Cybersecurity researchers have disclosed details of an ongoing phishing campaign that leverages recruiting- and job-themed lures to deliver a Windows-based backdoor named WARMCOOKIE.
“WARMCOOKIE appears to be an initial backdoor tool used to scout out victim networks and deploy additional payloads,” Elastic Security Labs researcher Daniel Stepanic said in a new analysis. “Each sample is compiled
The Hacker News – Read More
State-sponsored threat actors backed by China gained access to 20,000 Fortinet FortiGate systems worldwide by exploiting a known critical security flaw between 2022 and 2023, indicating that the operation had a broader impact than previously known.
“The state actor behind this campaign was already aware of this vulnerability in FortiGate systems at least two months before Fortinet disclosed the
The Hacker News – Read More