Information

Prove Identity, a late-stage startup with roots in the ecommerce mobile payments space, on Tuesday closed a $40 million funding round as it continues a major pivot to the digital identity verification and authentication market. The New York-based company, previously known as Payfone, said the latest investment round led by MassMutual Ventures and Capital One Ventures.  To date, Prove Identity has raised more than $215 million and rebranded itself as an enterprise vendor targeting banks, retailers…

Privacy-focused messaging firm Signal is pouring cold water on widespread rumors of a zero-day exploit in its popular encrypted chat app. “We have seen the vague viral reports alleging a Signal 0-day vulnerability. After responsible investigation *we have no evidence that suggests this vulnerability is real* nor has any additional info been shared via our official reporting channels,” Signal said late Sunday night. Rumors of a Signal zero-day started circulating over the weekend with what…

The US cybersecurity agency CISA is stepping up its efforts to prevent ransomware by making it easier for organizations to learn about vulnerabilities and misconfigurations exploited in these attacks. As part of its Ransomware Vulnerability Warning Pilot (RVWP) program launched in March, the agency has released two new resources to help organizations identify and eliminate security flaws and weaknesses known to be exploited by ransomware groups. “Through the RVWP, CISA determines vulnerabilities that are commonly…

Networking equipment manufacturer Juniper Networks on Thursday announced patches for more than 30 vulnerabilities in Junos OS and Junos OS Evolved, including nine high-severity flaws. The most severe of these issues is an incorrect default permissions bug that allows an unauthenticated attacker with local access to a vulnerable device to create a backdoor with root privileges. Tracked as CVE-2023-44194 (CVSS score of 8.4), the flaw exists because a certain system directory has improper permissions associated…

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…