BalkanID, a Texas startup building technology in the Identity Governance and Administration (IGA) space, has added $2.3 million to its seed financing round, bringing the total raised to $8.1 million.
New Air Gap-Jumping Attack Uses Ultrasonic Tones and Smartphone Gyroscope
A researcher from the Ben-Gurion University of the Negev in Israel has shown how a threat actor could stealthily exfiltrate data from air-gapped computers using ultrasonic tones and smartphone gyroscopes.
Plex Confirms Database Breach, Data Theft
Popular streaming media platform Plex is scrambling to reset user passwords after a database hack that included the theft of emails, usernames, and encrypted passwords.
Privilege Escalation Flaw Haunts VMware Tools
Virtualization technology software giant VMware on Tuesday released patches to fix an important-severity security flaw in the VMware Tools suite of utilities.
The vulnerability, tracked as CVE-2022-31676, could be exploited by attackers to escalate privileges on a compromised system.
Ethernet LEDs Can Be Used to Exfiltrate Data From Air-Gapped Systems
A researcher from the Ben-Gurion University of the Negev in Israel has published a paper describing a method that can be used to silently exfiltrate data from air-gapped systems using the LEDs of various types of networked devices.
GitLab Patches Critical Remote Code Execution Vulnerability
DevOps platform GitLab has issued patches for a critical remote code execution vulnerability impacting its GitLab Community Edition (CE) and Enterprise Edition (EE) releases.
Tracked as CVE-2022-2884 (CVSS 9.9/10 severity), the security flaw can be exploited via the GitHub import API, but requires authentication to be triggered.
‘DirtyCred’ Vulnerability Haunting Linux Kernel for 8 Years
Academic researchers from Northwestern University have shared details on ‘DirtyCred’, a previously unknown privilege escalation vulnerability affecting the Linux kernel.
Security Firm Discloses CrowdStrike Issue After ‘Ridiculous Disclosure Process’
A security firm has disclosed the details of an issue affecting a CrowdStrike product after what it described as a ‘ridiculous vulnerability disclosure process’. CrowdStrike has provided some clarifications following the disclosure.
Novant Health Says Malformed Tracking Pixel Exposed Health Data to Meta
Healthcare services provider Novant Health has sent notifications to more than 1.3 million individuals that their protected health information (PHI) might have been inadvertently exposed to Facebook parent company Meta.
FBI Warns of Proxies and Configurations Used in Credential Stuffing Attacks
The Federal Bureau of Investigation (FBI) has raised an alarm for cybercriminals using proxies and configurations to hide and automate credential stuffing attacks against companies in the United States.
