News

A 53-year-old man from Tracy, California, has been charged for allegedly hacking into the systems of a water treatment facility in an attempt to delete critical software. The suspect, Rambler Gallo, has been charged with “transmitting a program, information, code, and command to cause damage to a protected computer”, but this is a case of unauthorized access rather than actual hacking.  Gallo worked for a company contracted by the town of Discovery Bay in California…

Read More

The US government’s cybersecurity agency CISA on Thursday warned that hackers linked to the Truebot malware operation are exploiting a known vulnerability in the Netwrix Auditor application to break into organizations in the US and Canada. In a joint advisory issued alongside the FBI and information sharing partners in Canada, CISA urged network admins to immediately apply patches for remote code execution flaws in IT auditing software sold by Netwrix. The issue, tagged as CVE-2022-31199,…

Read More

Infisical, a San Francisco startup working on open-source technology to help organizations manage secrets sprawl, has banked $2.8 million in seed funding as investors continue to bet on early stage companies in the supply chain security space. Infisical’s seed round was led by Gradient Ventures, the Google-owned venture capital outfit.  The company said it also took on equity investments from Y Combinator, TwentyTwo VC, and a prominent list of prominent tech executives. The Silicon Valley…

Read More

In conjunction with the 2023 Confidential Computing Summit last week, VMware announced a partnership with tech giants to accelerate the development of confidential computing applications. Confidential computing relies on a trusted execution environment that ensures the integrity and confidentiality of applications and data, even in the cloud and on third-party infrastructure. With the emergence of multi-cloud deployments and machine learning, confidential computing is expected to help protect intellectual property and sensitive data, but its adoption…

Read More

The latest variant of the crypto wars is happening now, with the UK and EU governments attempting to force backdoors into end-to-end encryption (E2EE). The war is law enforcement and government desire to prevent criminals ‘going dark’ through E2EE. The battlefield for liberal democracies is the EU (the Child Sexual Abuse Regulation) and the UK (the Online Safety Bill – OSB). The collateral damage could be every law abiding citizen – and the audience is…

Read More

An Army combat veteran with extensive cybersecurity and counterterrorism experience is taking over as one of the nation’s top election security officials, the director of the U.S. Cybersecurity Infrastructure Security Agency announced Friday. In the position, Cait Conley will coordinate with federal, state and local officials responsible for ensuring elections are secure ahead of the 2024 presidential election. CISA Director Jen Easterly said Conley’s national security experience made her “ideally suited to help those state…

Read More

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and…

Read More

More than 200,000 WordPress websites are exposed to ongoing attacks targeting a critical vulnerability in the Ultimate Member plugin. Designed to make it easy for users to register and log in on sites, the plugin allows site owners to add user profiles, define roles, create custom form fields and member directories, and more. Tracked as CVE-2023-3460 (CVSS score of 9.8), the recently identified security defect in Ultimate Member allows attackers to add a new user…

Read More

Threat intelligence infrastructure startup Cyware on Thursday announced it had secured $30 million in new financing alongside plans to take advantage of the demand for AI-powered security tools. The New York-based Cyware said the $30 million Series C round was led by Ten Eleven Ventures, an investment firm dedicated to making bets on cybersecurity companies. Prior investors Advent International, Zscaler, Emerald Development Managers, Prelude (the venture practice at Mercato Partners) and Great Road Holdings also…

Read More

Venn Software, a New York startup building an MDM-like solution for laptops, has attracted $29 million in early stage funding as investors continue to bet on cybersecurity companies protecting the remote workforce. Venn said the Series A financing was led by NewSpring and provides capital for the company to make MDM for laptops a reality and provide a less costly new alternative to virtual desktop infrastructure (VDI). Venn is pitching a Secure Enclave product that…

Read More