Mitiga Banks $30M Series B to Expand Cloud and SaaS Security Platform
Tue, 21 Jan 2025 21:33:47 +0000
New York/Israel startup selling threat detection, investigation, and response tools raised $30 million in a Series B led by SYN Ventures.
The post Mitiga Banks $30M Series B to Expand Cloud and SaaS Security Platform appeared first on SecurityWeek.
https://www.securityweek.com/mitiga-banks30m-series-b-to-expand-cloud-and-saas-security-platform/
Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers
Tue, 21 Jan 2025 19:30:00 +0530
Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc Botnet.
The ongoing activity “demonstrates enhanced capabilities, exploiting vulnerabilities to compromise devices and establish expansive botnet networks,” Qualys security researcher Shilpesh
https://thehackernews.com/2025/01/murdocbotnet-found-exploiting-avtech-ip.html
Ransomware Groups Abuse Microsoft Services for Initial Access
Tue, 21 Jan 2025 13:47:43 +0000
Sophos warns of two ransomware groups abusing Microsoft 365 services and default configurations to contact internal enterprise users.
The post Ransomware Groups Abuse Microsoft Services for Initial Access appeared first on SecurityWeek.
https://www.securityweek.com/ransomware-groups-abuse-microsoft-services-for-initial-access/
Cyber Insights 2025: Attack Surface Management
Tue, 21 Jan 2025 13:44:53 +0000
SecurityWeek’s Cyber Insights 2025 examines expert opinions to gain their opinions on what to expect in Attack Surface Management in 2025.
The post Cyber Insights 2025: Attack Surface Management appeared first on SecurityWeek.
https://www.securityweek.com/cyber-insights-2025-attack-surface-management/
13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks
Tue, 21 Jan 2025 18:16:00 +0530
A global network of about 13,000 hijacked Mikrotik routers has been employed as a botnet to propagate malware via spam campaigns, the latest addition to a list of botnets powered by MikroTik devices.
The activity “take[s] advantage of misconfigured DNS records to pass email protection techniques,” Infoblox security researcher David Brunsdon said in a technical report published last week. “This
https://thehackernews.com/2025/01/13000-mikrotik-routers-hijacked-by.html
Students, Educators Impacted by PowerSchool Data Breach
Tue, 21 Jan 2025 12:45:55 +0000
PowerSchool says the personal information of students and educators was stolen in a December 2024 data breach.
The post Students, Educators Impacted by PowerSchool Data Breach appeared first on SecurityWeek.
https://www.securityweek.com/students-educators-impacted-by-powerschool-data-breach/
Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties
Tue, 21 Jan 2025 16:22:00 +0530
A former analyst working for the U.S. Central Intelligence Agency (CIA) pleaded guilty to transmitting top secret National Defense Information (NDI) to individuals who did not have the necessary authorization to receive it and attempted to cover up the activity.
Asif William Rahman, 34, of Vienna, was an employee of the CIA since 2016 and had a Top Secret security clearance with access to
https://thehackernews.com/2025/01/ex-cia-analyst-pleads-guilty-to-sharing.html
HackGATE: Setting New Standards for Visibility and Control in Penetration Testing Projects
Tue, 21 Jan 2025 16:00:00 +0530
Imagine receiving a penetration test report that leaves you with more questions than answers. Questions like, “Were all functionalities of the web app tested?” or ” Were there any security issues that could have been identified during testing?” often go unresolved, raising concerns about the thoroughness of the security testing. This frustration is common among many security teams. Pentest
https://thehackernews.com/2025/01/hackgate-setting-new-standards-for.html
PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers
Tue, 21 Jan 2025 11:15:00 +0530
Cybersecurity researchers are calling attention to a series of cyber attacks that have targeted Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China with a known malware called ValleyRAT.
The attacks leverage a multi-stage loader dubbed PNGPlug to deliver the ValleyRAT payload, Intezer said in a technical report published last week.
The infection chain commences with a phishing
https://thehackernews.com/2025/01/pngplug-loader-delivers-valleyrat.html
CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits
Tue, 21 Jan 2025 10:57:00 +0530
The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests.
The AnyDesk requests claim to be for conducting an audit to assess the “level of security,” CERT-UA added, cautioning organizations to be on the lookout for such social engineering attempts that seek to
https://thehackernews.com/2025/01/cert-ua-warns-of-cyber-scams-using-fake.html
Washington Man Admits to Role in Multiple Cybercrime, Fraud Schemes
Mon, 20 Jan 2025 17:01:00 +0000
Marco Raquan Honesty has pleaded guilty to his roles in several fraud schemes, including smishing, identity theft, and bank account takeover.
The post Washington Man Admits to Role in Multiple Cybercrime, Fraud Schemes appeared first on SecurityWeek.
https://www.securityweek.com/washington-man-admits-to-role-in-multiple-cybercrime-fraud-schemes/
Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
Mon, 20 Jan 2025 20:38:00 +0530
New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks.
“Internet hosts that accept tunneling packets without verifying the sender’s identity can be hijacked to perform anonymous attacks and provide access to their networks,” Top10VPN said in a study, as part of a collaboration with KU Leuven professor
https://thehackernews.com/2025/01/unsecured-tunneling-protocols-expose-42.html
DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection
Mon, 20 Jan 2025 20:23:00 +0530
The Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks.
The artifacts in question, named Tanzeem (meaning “organization” in Urdu) and Tanzeem Update, were spotted in October and December 2024 by cybersecurity company Cyfirma. The apps in question have been found to incorporate identical functions, barring minor modifications to the
https://thehackernews.com/2025/01/donot-team-linked-to-new-tanzeem.html
Social Media Security Firm Spikerz Raises $7 Million
Mon, 20 Jan 2025 13:41:41 +0000
Social media security startup Spikerz has raised $7 million in a seed funding round led by Disruptive AI.
The post Social Media Security Firm Spikerz Raises $7 Million appeared first on SecurityWeek.
https://www.securityweek.com/social-media-security-firm-spikerz-raises-7-million/
Details Disclosed for Mercedes-Benz Infotainment Vulnerabilities
Mon, 20 Jan 2025 13:17:11 +0000
Kaspersky has disclosed the details of over a dozen vulnerabilities discovered in a Mercedes-Benz MBUX infotainment system.
The post Details Disclosed for Mercedes-Benz Infotainment Vulnerabilities appeared first on SecurityWeek.
https://www.securityweek.com/details-disclosed-for-mercedes-benz-infotainment-vulnerabilities/
FCC Taking Action in Response to China’s Telecoms Hacking
Mon, 20 Jan 2025 12:26:39 +0000
The FCC adopts declaratory ruling requiring telecommunications providers to secure their networks against nation-states and other threats.
The post FCC Taking Action in Response to China’s Telecoms Hacking appeared first on SecurityWeek.
https://www.securityweek.com/fcc-taking-action-in-response-to-chinas-telecoms-hacking/
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [20 January]
Mon, 20 Jan 2025 17:32:00 +0530
As the digital world becomes more complicated, the lines between national security and cybersecurity are starting to fade. Recent cyber sanctions and intelligence moves show a reality where malware and fake news are used as tools in global politics. Every cyberattack now seems to have deeper political consequences. Governments are facing new, unpredictable threats that can’t be fought with
https://thehackernews.com/2025/01/thn-weekly-recap-top-cybersecurity_20.html
CISA, FBI Update Software Security Recommendations
Mon, 20 Jan 2025 11:38:43 +0000
CISA and the FBI have updated their guidance regarding risky software security bad practices based on feedback received from the public.
The post CISA, FBI Update Software Security Recommendations appeared first on SecurityWeek.
https://www.securityweek.com/cisa-fbi-update-software-security-recommendations/
HPE Investigating Breach Claims After Hacker Offers to Sell Data
Mon, 20 Jan 2025 11:18:40 +0000
HPE is investigating claims by the hacker IntelBroker, who is offering to sell source code and other data allegedly stolen from the tech giant.
The post HPE Investigating Breach Claims After Hacker Offers to Sell Data appeared first on SecurityWeek.
https://www.securityweek.com/hpe-investigating-breach-claims-after-hacker-offers-to-sell-data/
Product Walkthrough: How Satori Secures Sensitive Data From Production to AI
Mon, 20 Jan 2025 16:40:00 +0530
Every week seems to bring news of another data breach, and it’s no surprise why: securing sensitive data has become harder than ever. And it’s not just because companies are dealing with orders of magnitude more data. Data flows and user roles are constantly shifting, and data is stored across multiple technologies and cloud environments. Not to mention, compliance requirements are only getting
https://thehackernews.com/2025/01/product-walkthrough-how-satori.html