Researchers have found a way to clone Google’s Titan Security Keys through a side-channel attack, but conducting an attack requires physical access to a device for several hours, as well as technical skills, custom software, and relatively expensive equipment.Security key devices are considered highly efficient when it comes to protecting accounts against ta
NVIDIA this week announced the release of software updates for its GPU display drivers and vGPU software, with fixes for a total of 16 vulnerabilities.A total of six security flaws were patched in the NVIDIA GPU display driver, all of them affecting the kernel mode layer. Three of the bugs impact Windows only, one affects only Linux systems, and two impact b
Researchers have discovered vulnerabilities that expose Rockwell Automation’s FactoryTalk Linx and RSLinx Classic products to denial-of-service (DoS) attacks.According to an advisory published by Rockwell late last month, researchers from cybersecurity firm Tenable discovered a total of four DoS vulnerabilities, three affecting FactoryTalk Linx and one impac
Lacework, a five-year-old cybersecurity company that automates security across enterprise cloud deployments, has reached unicorn status with the closing of a $525 million round of Series D financing.The Silicon Valley company, which automates security across public and private cloud deployments, is now valued north of $1 billion.Driven by post-pandemic digit
Security researchers at AT&T’s Alien Labs have identified multiple malware attacks leveraging the Ezuri memory loader to execute payloads without writing them to disk. Executed directly in memory, without leaving traces on disk, fileless malware is commonly used in attacks targeting Windows systems, but isn’t often seen in malware attacks targeting
Several potentially serious vulnerabilities discovered in Fortinet’s FortiWeb web application firewall (WAF) could expose corporate networks to attacks, according to the researcher who found them.Fortinet this week informed customers about the availability of patches for a total of four vulnerabilities affecting its FortiWeb product. According to advisories
An update released this week by Google for Chrome 87 patches 16 vulnerabilities, including 14 rated high severity. The company has awarded more than $100,000 for these vulnerabilities.These security flaws can be exploited remotely by unauthenticated attackers to execute arbitrary code and compromise the targeted systems. To trigger the weaknesses, an adversa
A newly identified malware attack campaign has been exfiltrating emails from targeted organizations using a JavaScript backdoor injected into a webmail system widely used in Taiwan. According to an advisory from Trend Micro, the attacks are linked to Earth Wendigo, a threat actor that does not appear to be affiliated with known hacking groups.Star
Security researchers have spotted a brand new ransomware family taking aim at corporate networks, warning that professional cybercriminals have already hit multiple organizations with the file-encryption scheme.The new ransomware family, called Babuk, has claimed at least four corporate victims facing data recovery extortion attempts.According to researcher
The U.S. government on Wednesday announced the launch of another bug bounty program conducted in collaboration with hacker-powered cybersecurity platform HackerOne.Hack the Army 3.0, whose goal is to help the U.S. Army secure its digital assets and protect its systems against cyberattacks, takes place between January 6 and February 17, and it’s open to both
Vulnerabilities discovered by Cisco Talos researchers in SoftMaker Office can be exploited for arbitrary code execution by creating malicious documents and tricking victims into opening them.A German software developer, SoftMaker Software GmbH offers individuals and enterprises a popular office software suite that includes word processing, spreadsheet, prese
The U.S. government has released a plan with a list of top-priority items to mitigate threats and provide security to the crucial maritime sector.The National Maritime Cybersecurity Plan, which was made public (PDF) on Tuesday, highlights several priority actions to close maritime cybersecurity gaps and vulnerabilities over the next five years.The maritime s
Reseachers are raising the alarm for a newly identified operation leveraging a new Remote Access Tool (RAT) written in Golang to steal crypto-currency from unsuspecting users.Discovered last month, the campaign is believed to have been active since January 2020, consisting of a fully-fledged marketing campaign, custom applications related to crypto-currency,
Data security solutions provider Netwrix has merged with Stealthbits, a cybersecurity company focused on protecting sensitive data and credentials. Founded in 2006, the Irvine, California-based Netwrix claims to provide over 10,000 organizations around the world with the necessary tools to reclaim control over sensitive, business-critical data, helping
Cloud-delivered network security startup iboss on Tuesday announced the closing of a new $145 million financing deal to speed up growth in a lucrative market.iboss, founded by twin brothers Paul and Peter Martini five years ago, previously banked $35 million in venture capital funding from Goldman Sachs.The new round of financing was led by NightDragon and F