Social media giant Meta has been fined an additional 5.5 million euros ($5.9 million) for violating EU data protection regulations with its instant messaging platform WhatsApp, Ireland’s regulator announced Thursday.
B2B Payment Security Firm NsKnox Raises $17 Million
B2B payment security provider NsKnox this week announced that it has raised $17 million in a new funding round that brings the total raised by the company to $35.6 million.
Credential Leakage Fueling Rise in API Breaches
There is a problem with API security – it isn’t working very well, and it’s largely down to credential leakage. Most security professionals are confident in their own API credential management; but at the same time, most of the same professionals admit to having experienced a breach effected through compromised API credentials.
Cisco Patches High-Severity SQL Injection Vulnerability in Unified CM
Cisco on Wednesday announced patches for a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).
International Arrests Over ‘Criminal’ Crypto Exchange
The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami on Wednesday, along with five associates in Europe, during an international operation against “darknet” markets.
CSRF Vulnerability in Kudu SCM Allowed Code Execution in Azure Services
A cross-site request forgery (CSRF) vulnerability impacting the source control management (SCM) service Kudu could be exploited to achieve remote code execution (RCE) in multiple Azure services, cloud infrastructure security firm Ermetic has discovered.
Sophos Joins List of Cybersecurity Companies Cutting Staff
Sophos has confirmed reports that it’s laying off employees. The company joins several other major cybersecurity companies that have announced cutting staff over the past year.
Vendors Actively Bypass Security Patch for Year-Old Magento Vulnerability
Vendors and agencies are actively bypassing the security patch that Adobe released in February 2022 to address CVE-2022-24086, a critical mail template vulnerability in Adobe Commerce and Magento stores, ecommerce security firm Sansec warns.
Exploited Control Web Panel Flaw Added to CISA ‘Must-Patch’ List
The US government’s cybersecurity agency CISA is giving federal agencies an early February deadline to patch a critical — and already exploited — security vulnerability in the widely used CentOS Control Web Panel utility.
Critical Git Vulnerabilities Discovered in Source Code Security Audit
A source code security audit has led to the discovery of several vulnerabilities in Git, the widely used distributed version control system.
The results of the security audit, sponsored by OSTIF and conducted by X41 and GitLab, were made public this week.