Texas startup Ghost Security has joined the list of early-stage companies in the API and application security space attracting venture capital funding.The Austin-based company emerged from stealth this week with $15 million in investments from 468 Capital, DNX Ventures, and Munich Re Ventures."We believe the explosive growth of microservices and APIs in the

Security and application delivery solutions provider F5 has released its quarterly security notification for August 2022, which informs customers about 21 vulnerabilities affecting BIG-IP and other products.The company has released separate advisories for a dozen high-severity vulnerabilities, as well as eight medium-severity and one low-severity flaws.The h

The US Federal Emergency Management Agency (FEMA) has issued an advisory urging organizations to ensure that their emergency alert systems are patched, but a researcher says there are no patches for some of the vulnerabilities affecting these systems.The emergency alert system (EAS) in the United States enables authorities to broadcast emergency alerts and w

The US Cybersecurity and Infrastructure Security Agency (CISA) informed organizations on Thursday that a recently patched vulnerability affecting the Zimbra enterprise email solution has been exploited in attacks.The security hole, tracked as CVE-2022-27924 and described as a Memcache injection issue, allows an unauthenticated attacker to steal cleartext cre

Updates released by Cisco for some of its small business routers patch serious vulnerabilities that could allow threat actors to take control of affected devices.Three vulnerabilities have been identified by external researchers in Cisco’s RV160, RV260, RV340, and RV345 series VPN routers. An unauthenticated attacker could exploit the flaws remotely for arbi

Many small and medium-sized businesses (SMBs) could be exposed to attacks due to a critical vulnerability that has been found to impact hundreds of thousands of DrayTek Vigor routers.The security hole, discovered by researchers at threat detection and response company Trellix, affects nearly 30 DrayTek Vigor router models that are used by many SMBs. The issu

RegScale, a Virginia startup building technology to manage continuous compliance automation tasks, has attracted $20 million in early-stage venture capital funding.The Series A round was led by SYN Ventures with participation from SineWave Ventures, VIPC’s Virginia Venture Partners and SecureOctane.RegScale, which maintains headquarters in Tyson’s Corner, Vi

The cryptocurrency division of Robinhood has been slapped with a $30 million penalty by New York's Department of Financial Services for significant violations of cybersecurity and money laundering regulations.The $30 million penalty, announced late Tuesday via a consent order, adds to a litany of problems at Robinhood that range from security breaches, to on

Google has patched 27 vulnerabilities with the release of Chrome 104 on Tuesday, and the researchers who reported some of these security holes earned thousands of dollars in bug bounties.The internet giant has paid out a total of approximately $90,000 for the flaws patched in the latest version of Chrome, but it has yet to determine the rewards for two of th

Virtualization technology giant VMware on Tuesday shipped an urgent, high-priority patch to address an authentication bypass vulnerability in its Workspace ONE Access, Identity Manager and vRealize Automation products.The vulnerability carries VMware’s highest severity rating (CVSSv3 base score of 9.8) and should be remediated without delay, the company said

Google on Monday published a security bulletin describing the latest round of patches for the Android operating system. Three dozen vulnerabilities have been fixed, including a critical issue that can be exploited for remote code execution over Bluetooth.The critical vulnerability is tracked as CVE-2022-20345 and it affects the System component. It has been

Israeli cloud-native application security testing firm Oxeye discovered that the way URL parsing is implemented in some Go-based applications creates vulnerabilities that could allow threat actors to conduct unauthorized actions.Go, or Golang, is an open source programming language designed for building reliable and efficient software at scale. Supported by

The US Cybersecurity and Infrastructure Security Agency (CISA) has instructed government organizations — and advised private sector companies — to address a recently disclosed Confluence vulnerability that has been exploited in attacks.The critical vulnerability, tracked as CVE-2022-26138, is related to the existence of an account named ‘disabledsystemuser’

Cybersleuths at Microsoft have found a link between the recent 'Raspberry Robin' USB-based worm attacks and EvilCorp, a notorious Russian ransomware operation sanctioned by the U.S. government.According to fresh data from Redmond’s threat intelligence team, a ransomware-as-a-service gang it tracks as DEV-0206 has been caught rigging online ads to trick targe

Cybersecurity professionals from Google's threat hunting unit and the University of Toronto's Citizen Lab are upping the pressure on mercenary hacking firms selling high-end surveillance spyware with fresh calls for the U.S. government to urgently clamp down on these businesses.In prepared remarks during a House Intelligence Committee hearing this week, Goog