Password management software firm LastPass has suffered a data breach that led to the theft of source code and proprietary technical information.
BalkanID Adds $2.3M to Seed Funding Round
BalkanID, a Texas startup building technology in the Identity Governance and Administration (IGA) space, has added $2.3 million to its seed financing round, bringing the total raised to $8.1 million.
Microsoft Details New Post-Compromise Malware Used by Russian Cyberspies
Microsoft this week published technical details on ‘MagicWeb’, a new post-exploitation tool used by Russia-linked cyberespionage group APT29.
Plex Confirms Database Breach, Data Theft
Popular streaming media platform Plex is scrambling to reset user passwords after a database hack that included the theft of emails, usernames, and encrypted passwords.
Privilege Escalation Flaw Haunts VMware Tools
Virtualization technology software giant VMware on Tuesday released patches to fix an important-severity security flaw in the VMware Tools suite of utilities.
The vulnerability, tracked as CVE-2022-31676, could be exploited by attackers to escalate privileges on a compromised system.
GitLab Patches Critical Remote Code Execution Vulnerability
DevOps platform GitLab has issued patches for a critical remote code execution vulnerability impacting its GitLab Community Edition (CE) and Enterprise Edition (EE) releases.
Tracked as CVE-2022-2884 (CVSS 9.9/10 severity), the security flaw can be exploited via the GitHub import API, but requires authentication to be triggered.
Novant Health Says Malformed Tracking Pixel Exposed Health Data to Meta
Healthcare services provider Novant Health has sent notifications to more than 1.3 million individuals that their protected health information (PHI) might have been inadvertently exposed to Facebook parent company Meta.
Fake DDoS Protection Prompts on Hacked WordPress Sites Deliver RATs
Website security firm Sucuri is warning of an increase in fake distributed denial-of-service (DDoS) protection notifications that lead to the delivery of malware.
DDoS protection notifications are web pages that the browser serves to users when checks are performed to verify that the visitor is indeed a human and not a bot or part of a DDoS attack.
FBI Warns of Proxies and Configurations Used in Credential Stuffing Attacks
The Federal Bureau of Investigation (FBI) has raised an alarm for cybercriminals using proxies and configurations to hide and automate credential stuffing attacks against companies in the United States.
TXOne Networks Scores $70M Series B Investment
TXOne Networks, a joint venture between cybersecurity firm Trend Micro and industrial networking solutions provider Moxa, has banked $70 million in new venture capital funding.
The company, which maintains dual headquarters in Texas and Taiwan, said the Series B round was led by TGVest Capital and brings the total raised to $94 million.
