News

A Nigerian national who had been living in the United Arab Emirates has been sentenced to more than eight years in a US prison for his role in an $8 million cybercrime scheme. The man, 31-year-old Olalekan Jacob Ponle, aka Mark Kain and Mr Woodbery, was involved in a business email compromise (BEC) scheme for at least nine months in 2019, while he was living in the UAE. He was arrested in the UAE in…

Read More

The owner of the infamous cybercrime website BreachForums has pleaded guilty in a US court to conspiracy to commit device fraud, access device fraud, and possession of child pornography. The man, Conor Brian Fitzpatrick, 21, of Peekskill, New York, was arrested on March 15, 2023, being charged with conspiracy to commit access device fraud. Fitzpatrick, who was known online as ‘Pompompurin’, has admitted to investigators that he was the owner and administrator of the BreachForums…

Read More

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More

SaaS management platform Zluri on Thursday announced that it has raised $20 million in a Series B funding round, which brings the total raised by the firm to $32 million. Led by Lightspeed, the new investment round saw participation from existing investors Endiya Partners, Kalaari Capital, and MassMutual Ventures. Founded in 2020, the US-based startup helps organizations manage their SaaS applications, mitigate associated risks, and optimize costs, from a single dashboard. Zluri’s SaaS operations (SaaSOps)…

Read More

The European Union and the United States this week reached an agreement on the Data Privacy Framework focusing on the secure transfer of information from Europe to the US.   The framework is the culmination of a yearslong battle between Brussels and Washington over the security of European citizen data stored by tech giants such as Google and Meta in the United States, where data privacy rules are not as strict as in the EU. While…

Read More

Networking appliances maker Juniper Networks on Wednesday announced software updates that patch multiple high-severity vulnerabilities in Junos OS, Junos OS Evolved, and Junos Space. The company published 17 advisories detailing roughly a dozen Junos OS-specific security defects, and nearly three times as many issues in third-party components used in its products. Of the new advisories, three describe high-severity vulnerabilities in Junos OS and Junos OS Evolved that could lead to denial-of-service (DoS). The flaws impact…

Read More

Fortinet on Tuesday announced security updates that address a critical-severity vulnerability in FortiOS and FortiProxy that could be exploited for remote code execution (RCE). Tracked as CVE-2023-33308 (CVSS score of 9.8), the bug is described as a stack-based overflow issue impacting the deep inspection function in proxy mode. “A stack-based overflow vulnerability in FortiOS & FortiProxy may allow a remote attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall…

Read More

As part of a recently identified cyber operation, a Russia-linked threat actor known as RomCom has been targeting entities supporting Ukraine, including guests at the 2023 NATO Summit taking place July 11-12, the cybersecurity unit at BlackBerry reports. Taking place in Vilnius, Lithuania, the NATO Summit has on the agenda talks focusing on the war in Ukraine, as well as new memberships in the organization, including Sweden and Ukraine itself. Taking advantage of the event,…

Read More

Faced with a barrage of ransomware attacks hitting zero-days in its MOVEit product line, Progress Software late Thursday announced plans to release regular service sacks promising a “predictable, simple and transparent process for product and security fixes.” Less than a month after the notorious Cl0p ransomware gang started naming organizations hit by MOVEit zero-day exploits, Progress Software rolled out its first service pack with patches for at least three critical security defects that expose customer…

Read More

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More