The Federal Bureau of Investigation (FBI) has raised an alarm for cybercriminals using proxies and configurations to hide and automate credential stuffing attacks against companies in the United States.Creedential stuffing attacks, also called account cracking, involve trying to access online accounts using username and password combinations from e

TXOne Networks, a joint venture between cybersecurity firm Trend Micro and industrial networking solutions provider Moxa, has banked $70 million in new venture capital funding.The company, which maintains dual headquarters in Texas and Taiwan, said the Series B round was led by TGVest Capital and brings the total raised to $94 million.TXOne Networks was crea

Trend Micro’s Zero Day Initiative, a major player in the vulnerability disclosure ecosystem, is ramping up the pressure on software vendors that consistently ship faulty security patches.In a major revision of its disclosure policies, the vulnerability broker said it will set strict 30-day deadlines for critical-level bug reports that result from faulty or i

Whether it’s the fitness tracker on your wrist, the “smart” home appliances in your house or the latest kids’ fad going viral in online videos, they all produce a trove of personal data for big tech companies.How that data is being used and protected has led to growing public concern and officials’ outrage. And now federal regulators are looking at drafting

Enterprise software vendor Twilio (NYSE: TWLO) has been hacked by a relentless threat actor who successfully tricked employees into giving up login credentials that were then used to steal third-party customer data.The San Francisco company fessed up to the breach in an online notice that describes a sophisticated threat actor with clever social engineering

Texas startup Ghost Security has joined the list of early-stage companies in the API and application security space attracting venture capital funding.The Austin-based company emerged from stealth this week with $15 million in investments from 468 Capital, DNX Ventures, and Munich Re Ventures."We believe the explosive growth of microservices and APIs in the

RegScale, a Virginia startup building technology to manage continuous compliance automation tasks, has attracted $20 million in early-stage venture capital funding.The Series A round was led by SYN Ventures with participation from SineWave Ventures, VIPC’s Virginia Venture Partners and SecureOctane.RegScale, which maintains headquarters in Tyson’s Corner, Vi

The cryptocurrency division of Robinhood has been slapped with a $30 million penalty by New York's Department of Financial Services for significant violations of cybersecurity and money laundering regulations.The $30 million penalty, announced late Tuesday via a consent order, adds to a litany of problems at Robinhood that range from security breaches, to on

Virtualization technology giant VMware on Tuesday shipped an urgent, high-priority patch to address an authentication bypass vulnerability in its Workspace ONE Access, Identity Manager and vRealize Automation products.The vulnerability carries VMware’s highest severity rating (CVSSv3 base score of 9.8) and should be remediated without delay, the company said

Malware hunters at Microsoft have caught an Austrian hack-for-hire company exploiting zero-day flaws in Windows and Adobe software products in "limited and targeted attacks" against European and Central American computer users.The company, called DSIRF, has been linked to a malware suite called ‘Subzero’ that has been deployed over the last two years via zer

A study commissioned by IBM Security says the global average cost of a data breach reached an all-time high of $4.35 million and warned that the absence of zero trust principles at studied organizations are pushing those costs even higher.The study, which was conducted in partnership with the Ponemon Institute, notes that global average breach costs have cli

A security audit by the European Parliament has unearthed attempts to plant high-end surveillance software on the phone of a Greek lawmaker and there are fresh reports linking the hack attempt to a known North Macedonia spyware vendor.The company, called Cytrox, was previously exposed as the makers of Predator, a tool capable of launching sophisticated explo

The team behind the open source PrestaShop ecommerce platform has issued a public advisory to warn of zero day SQL injection attacks hitting merchant servers and planting code capable of stealing customer payment information.An urgent advisory from PrestaShop warned that hackers are exploiting a "combination of known and unknown security vulnerabilities" to

Network security appliance vendor SonicWall late Thursday shipped urgent patches for a critical flaw in its Global Management System (GMS) software, warning that the issue exposes businesses to remote hacker attacks.The vulnerability, which carries a critical-severity rating of CVSS 9.4, provides a pathway for a remote attacker to execute arbitrary SQL queri

Anvilogic, a Silicon Valley startup working on technology to modernize the Security Operations Center (SOC), has deposited $25 million in a new investment round led by Outpost Ventures.The Palo Alto, Calif. Anvilogic said the $25 million Series B investment also included participation from Xerox Ventures, G Squared, Foundation Capital, Point72 Ventures and C