A security audit by the European Parliament has unearthed attempts to plant high-end surveillance software on the phone of a Greek lawmaker and there are fresh reports linking the hack attempt to a known North Macedonia spyware vendor.The company, called Cytrox, was previously exposed as the makers of Predator, a tool capable of launching sophisticated explo

A Pennsylvania-based convenience store chain will pay $8 million to several states over a 2019 data breach that involved some 34 million payment cards, authorities announced Tuesday.The Pennsylvania attorney general’s office said Wawa Inc. did not take reasonable security measures to prevent hackers from installing malware that is thought to have collected c

Data security startup Sotero has raised $8 million in an extended seed funding round that brings the total invested in the company to $13 million.The round was led by OurCrowd, with participation from existing investors Boston Seed Capital, Gutbrain Ventures, and PBJ Capital.Founded in 2017, the Burlington, MA-based Sotero provides a data-focused security pl

The team behind the open source PrestaShop ecommerce platform has issued a public advisory to warn of zero day SQL injection attacks hitting merchant servers and planting code capable of stealing customer payment information.An urgent advisory from PrestaShop warned that hackers are exploiting a "combination of known and unknown security vulnerabilities" to

Network security appliance vendor SonicWall late Thursday shipped urgent patches for a critical flaw in its Global Management System (GMS) software, warning that the issue exposes businesses to remote hacker attacks.The vulnerability, which carries a critical-severity rating of CVSS 9.4, provides a pathway for a remote attacker to execute arbitrary SQL queri

Security researchers at Intezer are documenting the discovery of a powerful piece of Linux malware that can stay undetected and has the ability to install rootkits.Dubbed Lightning Framework, the threat is described as a Swiss Army Knife-like piece of malware that has a modular design and a plethora of capabilities rarely seen in malware targeting Linux syst

Anvilogic, a Silicon Valley startup working on technology to modernize the Security Operations Center (SOC), has deposited $25 million in a new investment round led by Outpost Ventures.The Palo Alto, Calif. Anvilogic said the $25 million Series B investment also included participation from Xerox Ventures, G Squared, Foundation Capital, Point72 Ventures and C

A Romanian national accused of operating a bulletproof hosting service used by the Gozi banking trojan was extradited from Colombia and has made an appearance in court in the United States.The man, Mihai Ionut Paunescu, 37, a dual Romanian and Latvian national, was arrested in Colombia last year. Previously, he was arrested in Romania in 2012, but was releas

An analysis of the evolution of cybercrime from its beginnings in the 1990s to its billion-dollar presence today has one overriding theme: the development of cybercrime as a business closely mimics the evolution of legitimate business, and will continue to evolve to improve its own ROI.In the early days, hacking was more about personal prestige and kudos tha

It's a very busy Patch Wednesday for computer users running Apple’s flagship macOS and iOS devices.Apple's security response team has pushed out software fixes for at least 39 software vulnerabilities haunting the macOS Catalina, iOS and iPadOS platforms.The patches provide cover for numerous gaping memory safety flaws, some serious enough to expose users to

Google this week announced the rollout of DNS-over-HTTP/3 (DoH3) for Android 11 and newer devices.An encrypted DNS protocol, DoH3 is expected to provide performance and safety improvements compared to alternatives, mainly through the QUIC transport layer network protocol.By default, even for encrypted connections, DNS lookups are not private – the base DNS p

Managed detection and response (MDR) platform provider Huntress has shelled out $22 million to acquire Curricula, a startup in the growing security awareness business.Huntress, based in Ellicott City, Maryland, said the deal adds a fun, story-based security awareness training platform to its stable of cybersecurity offerings.The company, which was widely cre

Push Security, a British startup building technology to help defenders manage cloud software sprawl and shadow IT, has banked $4 million in early-stage venture capital funding.The London-based firm said the $4 million seed round was led by Decibel, a Silicon Valley VC firm betting on cybersecurity and open source startups. Several prominent security executiv

A prominent cybersecurity executive is calling on the U.S. government to resist the urge to match China's reported mandates around early vulnerability disclosure, warning that such a move would "meaningfully and dramatically increase the risk" of zero-day flaws landing in the wrong hands.The caution, from Luta Security chief executive Katie Moussouris, follo

You start to log in to work from the home office you’ve occupied for the last two years only to sit and wait patiently as your virtual private network (VPN) dials up. After a few minutes, it validates your credentials. You have access to log in and you peruse your emails over coffee.   One email stands out because it looks related to a purchase y