Video messaging giant Zoom has released patches for multiple security vulnerabilities that expose both Windows and macOS users to malicious hacker attacks.The vulnerabilities, in the enterprise-facing Zoom Rooms product, could be exploited in privilege escalation attacks on both Windows and macOS platforms.The company’s first batch of patches for 2023 includ

Software maker Adobe has rolled out its first batch of security patches for 2023 with fixes for at least 29 security vulnerabilities in a range of enterprise-facing products.The most prominent update, for the widely deployed Adobe Acrobat and Reader software, fixes critical-severity flaws that expose Windows and macOS users to code execution attacks.Accordin

Security researchers at Microsoft are flagging ransomware attacks on Apple’s flagship macOS operating system, warning that financially motivated cybercriminals are abusing legitimate macOS functionalities to exploit vulnerabilities, evade defenses, or coerce users to infect their devices.In a blog post documenting its research into four known macOS ransomwar

AWS has announced that server-side encryption (SSE-S3) is now enabled by default for all Simple Storage Service (S3) buckets.Initially introduced in 2011, SSE-S3 handles both encryption and decryption, along with key management. An opt-in feature until now, SSE-S3 relies on Advanced Encryption Standard (AES) encryption with 256-bit keys managed by AWS.“S3 bu

Secure access service edge (SASE) provider Netskope on Thursday announced that it has raised $401 million in an oversubscribed financing round. To date, the company has raised close to $1.5 billion.The new investment round was led by Morgan Stanley Tactical Value, with participation from CPP Investments, Goldman Sachs Asset Management, and Ontario Teachers'

When it comes to data protection laws, the United States has long lagged behind Europe, whose  General Data Protection Regulation (GDPR) came into effect in 2018 as the gold standard in data protection.  Also, in 2018, California passed the California Privacy Protection Act, further expanding it to the California Privacy Rights Act (CPRA) in 2020.

The SecurityWeek editorial team huddled over the holidays to look back at the stories that shaped 2022 and, more importantly, to stare into a shiny crystal ball to find the cybersecurity narratives that will dominate this year’s headlines.For the most part, not much will change. Organizations large and small will continue to acknowledge major data breaches,

A database containing over 235 million unique records of Twitter users is now available for free on the web, cybercrime intelligence firm Hudson Rock warns.Containing information such as name, username, email address, follower count, and creation date, the database has been circulating on underground forums and was eventually leaked for free.“The database co

Enterprise communication and collaboration platform Slack has informed customers that hackers have stolen some of its private source code repositories, but claims impact is limited.Slack disclosed the incident on December 31. It’s not uncommon for companies to disclose data breaches right before or during major holidays in hopes that they will not get too mu

Data security software vendor Netwrix has acquired Remediant, an early-stage startup working on technology in the PAM (privileged access management) category.Financial terms of the acquisition were not disclosed. Remediant, based in San Francisco and backed by Dell Technologies Capital and ForgePoint Capital, raised $15 million in Series A venture capit

An individual is offering to sell the data of more than 400 million Twitter users, just as Ireland’s data protection watchdog has announced an investigation into the recent data leaks impacting the social media giant.On December 23, someone posted a message on a popular hacking forum announcing the sale of a database containing the names, usernames, email ad

Microsoft has silently fixed an important-severity security flaw in its Azure Container Service (ACS) after an external researcher warned that a buggy feature allowed cross-tenant network bypass attacks.The vulnerability, documented by researchers at Mnemonic, effectively removed the entire network and identity perimeter around  internet-isolated Azure

Privacy laws are nothing new when it comes to modern-day business. However, since the global digitization of data and the sharing economy took off, companies have struggled to keep up with an ever-changing legal landscape while still fulfilling their obligations to protect user data. The challenge is that there is no one-size-fits-all solution regarding dat

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that could be exposed by brute-forcing or guessing master passwords.The company, which is owned by GoTo (formerly LogMeIn), said the hackers broke into its network in August and used information from that hack

The Center for Strategic and International Studies compiled a list of significant cyber incidents dating back to 2003. Compiling attacks on government agencies, defense and high-tech companies or economic crimes with losses of more than a million dollars, this list reveals broader trends in cybersecurity for the past two decades. And, of course, there are t