SecurityWeek
TXOne Networks Scores $70M Series B Investment
TXOne Networks has announced the closing of a $70 million Series B round led by TGVest Capital.
SecurityWeek
TXOne Networks Scores $51M Series B Extension
ICS and OT security startup TXOne Networks secures $51 million in a Series B extension and adds new investors from Taiwan.
Security Affairs
D-Link fixes two critical flaws in D-View 8 network management suite
D-Link fixed two critical flaws in its D-View 8 network management suite that could lead to authentication bypass and arbitrary code execution. D-Link has addressed two critical vulnerabilities (CVSS score: 9.8) in its D-View 8 network management suite that could be exploited by remote attackers to bypass authentication and execute arbitrary code. The D-View network […]
SecurityWeek
Cyolo Banks $60M Series B for ZTNA Technology
Israeli startup Cyolo raises a massive Series B round to compete in the market for zero trust networking access.
Bleeping Computer
D-Link fixes auth bypass and RCE flaws in D-View 8 software
D-Link has fixed two critical-severity vulnerabilities in its D-View 8 network management suite that could allow remote attackers to bypass authentication and execute arbitrary code.
Bleeping Computer
Over 92,000 exposed D-Link NAS devices have a backdoor account
A threat researcher has disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) device models.
DataBreaches
B&G Foods attacked by Daixin Team; files leaked
B&G Foods describes itself as a “multibillion dollar company with more than 50 brands and one purpose: Delicious food from our family to yours...
SecurityWeek
SOCRadar Raises $25M Series B for Threat Intel Tech
Delaware startup secures a $25 million Series B funding round from PeakSpan Capital and Oxx. SOCRadar has raised to $30.2 million to date.
Latest Hacking News
Control D Launches Control D for Organizations: Democratizing Cybersecurity for Organizations of All Sizes
In an era where online threats no longer discriminate by business size, Control D, powered by Windscribe VPN's robust security expertise, announced today the launch of 'Control D for Organizations'. This modern DNS service democratizes
SecurityWeek
Legit Security Raises $40 Million in Series B Financing
Legit Security raises $40 million in a Series B funding round led by CRV to help organizations protect the software supply chain from attacks
DataBreaches
D-BOX provides update following ransomware incident two weeks ago
MONTREAL, July 28, 2021 (GLOBE NEWSWIRE) — D-BOX Technologies Inc. (“D-BOX” or the “Corporation”) (TSX: DBO), a world leader in haptic...
.webp)
Cyber Security News
Control D Launches Control D for Organizations: Democratizing Cybersecurity for Organizations of All Sizes
In an era where online threats no longer discriminate by business size, Control D, powered by Windscribe VPN's robust security expertise.
Cyber Security News
D-Link Hacked: Hackers Steal Source Code and Customer Personal Information
D-Link Corporation, a global leader in networking solutions, recently faced a data breach allegation. D-Link confirms that its operations are not affected by the incident.
Infosecurity News
Over 90,000 D-Link NAS Devices Are Under Attack
Threat actors are targeting a high severity vulnerability in close to 100,000 legacy D-Link devices
SecurityWeek
Cymulate Closes $70M Series D Funding Round
Late-stage Israeli startup Cymulate has closed a $70 million Series D funding round led by existing investor One Peak.
DataBreaches
CSI Laboratories reports a second big breach this year
Georgia-based Cytometry Specialists d/b/a CSI Laboratories (“CSI”) has reported a second big breach this year. In a press release issued this week,...
SecurityWeek
Theta Lake Raises $50 Million in Series B Funding Round
Theta Lake, a company that specializes in compliance and security solutions for collaboration platforms, has raised $50 million in Series B funding.
.webp)
Cyber Security News
D-Link NAS Command Injection Flaw : 92,000 Devices Affected
A new command injection vulnerability and a backdoor account has been discovered in D-Link Network Attached Storage devices which affects
SecurityWeek
CISA Warns of Exploited Vulnerabilities in EOL D-Link Products
CISA has added two vulnerabilities in discontinued D-Link products to its KEV catalog, including a decade-old flaw.
DataBreaches
D-Link confirms data breach after employee phishing attack
Sergiu Gatlan reports: Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for...
SecurityWeek
Exploitation of Unpatched D-Link NAS Device Vulnerabilities Soars
Second identifier, CVE-2024-3272, assigned to unpatched D-Link NAS device vulnerabilities, just as exploitation attempts soar.
The Cyber Express
Beware of Active Exploitation: Critical Vulnerabilities in D-Link NAS Devices Exposes 92,000 Devices
An active exploitation of critical vulnerabilities in D-Link Network Attached Storage (NAS) devices has raised concerns for D-Link users exposing
DataBreaches
The definitions of “recently” and “discovered” leave a lot to be desired
In March, 2021, Family Health Services MN d/b/a Entira Family Clinics notified the Maryland Attorney General’s Office that they had been impacted by the...
SecurityWeek
D-Link Says Hacker Exaggerated Data Breach Claims
Hacker claims to have breached D-Link and is offering to sell stolen data, but the company says the claims are exaggerated.
SecurityWeek
Zero Trust Firm Xage Security Adds $6 Million 'Top-up' to $30 Million Series B Funding
Zero Trust security firm Xage has raised a $6 million top-up to the $30 million Series B funding it secured in January 2022.
Bleeping Computer
D-Link confirms data breach after employee phishing attack
Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for sale on BreachForums earlier this month.
The Hacker News
Mirai Variant MooBot Botnet Exploiting D-Link Router Vulnerabilities
MooBot, a new variant of the Mirai botnet, has been spotted exploiting unpatched D-Link devices to include them in its army of denial-of-service bots.
Security Affairs
+92,000 Internet-facing D-Link NAS devices can be easily hacked
A researcher disclosed an arbitrary command injection and hardcoded backdoor issue in multiple end-of-life D-Link NAS models.
Ars Technica
Hackers actively exploit critical remote takeover vulnerabilities in D-Link devices
D-Link won't be patching vulnerable NAS devices because they're no longer supported.
The Record
Volvo finally confirms pontential theft of R&D data
Swedish automaker Volvo confirmed today a security breach and the theft of research and development (R&D) data from one of its file storage repositories.
Security Affairs
Moobot botnet is back and targets vulnerable D-Link routers
The Moobot botnet is behind a new wave of attacks that started in early August and that target vulnerable D-Link routers. Palo Alto Network’s Unit 42 researchers reported a new wave of attacks launched by the Moobot botnet that target vulnerable D-Link routers. The Mirai-based Moobot botnet was first documented by Palo Alto Unit 42 researchers in February […]
Bleeping Computer
D-Link WiFi range extender vulnerable to command injection attacks
The popular D-Link DAP-X1860 WiFi 6 range extender is susceptible to a vulnerability allowing DoS (denial of service) attacks and remote command injection.
The Hacker News
D-Link Confirms Data Breach: Employee Falls Victim to Phishing Attack
D-Link confirms data breach. Low-sensitivity data exposed from an old system due to an employee falling for a phishing attack
The Hacker News
New "Goldoon" Botnet Targets D-Link Routers With Decade-Old Flaw
A new botnet called Goldoon is targeting D-Link routers with a critical vulnerability from 2015 (CVE-2015-2051).
DataBreaches
HHS Civil Rights Office Enters Settlement with Dental Practice Over Disclosures of Patients’ Protected Health Information
From HHS, resolution of a complaint they received in 2017: The Office for Civil Rights (OCR) has settled with B. Brandon Au, DDS, Inc., d/b/a New Vision Dental...
SecurityWeek
Endpoint Security Firm ThreatLocker Raises $115 Million in Series D Funding
Zero trust endpoint security company ThreatLocker has announced a $115 million Series D funding round that brings the total to $240 million.
SecurityWeek
Exploitation Attempts Target Unpatched Flaw Affecting Many D-Link NAS Devices
Unpatched D-Link NAS device vulnerability CVE-2024-3273, potentially affecting many devices, is being exploited in the wild.
SecurityWeek
ICS Security Firm Dragos Raises $74 Million in Series D Extension
ICS/OT security firm Dragos has raised $74 million in a Series D extension funding round that brings the total to $440 million.
SecurityWeek
Firmware Security Company Eclypsium Raises $25 Million in Series B Funding
Firmware and hardware security company Eclypsium has raised $25 million in Series B funding, which brings the total invested in the firm to $50 million.
Bleeping Computer
Moobot botnet is coming for your unpatched D-Link router
The Mirai malware botnet variant known as 'MooBot' has re-emerged in a new attack wave that started early last month, targeting vulnerable D-Link routers with a mix of old and new exploits.
Cyber Security News
MITRE Hacked - Attackers Compromised R&D Networks Using Ivanti Zero-days
The MITRE Corporation has disclosed that a sophisticated cyber attack recently compromised one of its internal r&d networks.
DataBreaches
D-Box Technologies hit by ransomware that affected most of its systems
D-BOX announces that the Corporation was subject to a ransomware cyberattack on its information technology systems. The malware used to perform the attack...
DataBreaches
Another business associate attacked: 286,699 patients being notified of attack on medical debt collection firm (UPDATED)
Update of May 22: R&B Corporation of Virginia d/b/a Credit Control Corporation reported the incident to HHS on May 13 as affecting even more people than...
The Hacker News
CISA Flags 8 Actively Exploited Flaws in Samsung and D-Link Devices
CISA flags eight critical vulnerabilities currently exploited in the wild - six affecting Samsung phones and two in D-Link devices.
Bleeping Computer
CISA warns of hackers exploiting Chrome, EoL D-Link bugs
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three security vulnerabilities to its 'Known Exploited Vulnerabilities' catalog, one impacting Google Chrome and two affecting some D-Link routers.
The Hacker News
Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks
Hackers are exploiting vulnerabilities (CVE-2024-3272 and CVE-2024-3273) in D-Link NAS devices. Up to 92,000 devices affected.
The Record
Newly identified botnet targets decade-old flaw in unpatched D-Link devices
Researchers at Fortinet are calling the botnet Goldoon. D-Link released a patch in 2015 for the bug that it exploits, but some device owners didn't install it.
Security Affairs
CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog
CISA adds two D-Link DIR-600 and DIR-605 router vulnerabilities to its Known Exploited Vulnerabilities catalog.
Security Affairs
CISA adds D-Link multiple NAS devices bugs to its Known Exploited Vulnerabilities catalog
US Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link NAS devices bugs to its Known Exploited Vulnerabilities catalog
HACKRead
New Goldoon Botnet Targeting D-Link Devices by Exploiting Weak Credentials
A new botnet called Goldoon targets D-Link routers and NAS devices putting them at risk of DDoS attacks and more. Learn how weak credentials leave you vulnerable and how to secure your network. pen_spark
DataBreaches
PracticeFirst notifies patients and employees after ransomware incident
Yesterday, Professional Business Systems, Inc. d/b/a Practicefirst Medical Management Solutions and PBS Medcode Corp., a medical management company that...
DataBreaches
NYS settles charges against PracticeFirst stemming from 2020 ransomware incident
In July 2021, Professional Business Systems, Inc. d/b/a Practicefirst Medical Management Solutions and PBS Medcode Corp., a medical management company that...
Bleeping Computer
D-Link issues hotfix for hard-coded password router vulnerabilities
D-Link has issued a hotfix to address multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router that can allow attackers to execute arbitrary code on unpatched routers, gain access to sensitive information, or crash the routers after triggering a denial of service state.
Security Affairs
CISA adds Samsung and D-link bugs to its Known Exploited Vulnerabilities catalog
US CISA added actively exploited Samsung and D-Link vulnerabilities to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added six Samsung and two D-Link vulnerabilities to its Known Exploited Vulnerabilities Catalog. Below is the list of flaws added to the catalog: The CVE-2019-17621 flaw is a remote command execution flaw that resides in […]
Bleeping Computer
Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks
Attackers are now actively targeting over 92,000 end-of-life D-Link Network Attached Storage (NAS) devices exposed online and unpatched against a critical remote code execution (RCE) zero-day flaw.
SC Magazine
Over 92,000 D-Link NAS devices face compromise risk
More than 92,000 outdated internet-exposed D-Link Network Attached Storage devices could be breached in attacks exploiting a newly discovered arbitrary command injection and hardcoded backdoor vulnerability, tracked as CVE-2024-3273, which could result in sensitive data access, system configuration modifications, and denial-of-service conditions, reports Security Affairs.
The Record
Vulnerabilities in end-of-life D-Link devices are being exploited, CISA says
The Cybersecurity and Infrastructure Security Agency added two bugs in older D-Link hardware to its Known Exploited Vulnerabilities list. Experts say 92,000 devices could be exposed.
DataBreaches
Arizona Priority Care and AZPC Clinics notify 10,978 patients of malware attack
Arizona Health Advantage, Inc. d/b/a Arizona Priority Care and AZPC Clinics, LLC (“APC”) are healthcare providers and business associates. On...
SecurityWeek
SafeBase Scores $33M Series B Investment
SafeBase has raised north of $50 million since launching in 2020 with plans to simplify vendor risk assessment disclosures.
Bleeping Computer
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.
DataBreaches
Edgepark Medical Supplies notifies patients of Rise Interactive Media & Analytics data breach
RGH Enterprises, Inc. d/b/a Edgepark Medical Supplies (“Edgepark”) is an Ohio medical supplies provider that ships products directly to patients and bills...
Bleeping Computer
CISA orders agencies to patch Chrome, D-Link flaws used in attacks
CISA has added 12 more security flaws to its list of bugs exploited in attacks, including two critical D-Link vulnerabilities and two (now-patched) zero-days in Google Chrome and the Photo Station QNAP software.
DataBreaches
OCR Settles Case Involving Decade-Long Improper Disposal of Protected Health Information
There is an enforcement update to an incident noted on this site in 2018. The incident that involved New England Dermatology P.C., d/b/a New England...
Bleeping Computer
Mirai botnet targets 22 flaws in D-Link, Zyxel, Netgear devices
A variant of the Mirai botnet is targeting almost two dozen vulnerabilities aiming to take control of D-Link, Arris, Zyxel, TP-Link, Tenda, Netgear, and MediaTek devices to use them for distributed denial-of-service (DDoS) attacks.
Bleeping Computer
New Zerobot malware has 21 exploits for BIG-IP, Zyxel, D-Link devices
A new Go-based malware named 'Zerobot' has been spotted in mid-November using exploits for almost two dozen vulnerabilities in a variety of devices that include F5 BIG-IP, Zyxel firewalls, Totolink and D-Link routers, and Hikvision cameras.
DataBreaches
Bloom Health Centers discloses data breach involving mental health data of 1,545 patients
Updated September 13: This incident was reported to HHS as affecting 1,654 patients. On September 11, Psych Associates of Maryland LLC d/b/a Bloom Health...
The Cyber Wire
Ukraine at D+685: Influence operations in a winter war.
Russian disinformation seeks to reach anglophone audiences, and makes some claims that would be too far-fetched to get past a science-fiction editor.
Naked Security
Laptop denial-of-service via music: the 1980s R&B song with a CVE!
We haven’t validated this vuln ourselves… but the source of the story is impeccable. (Impeccably dressed, at least.)
SecurityWeek
Grip Security Lands $41 Million Series B Financing
Israeli startup Grip Security has banked $41 million in new financing from a group of investors led by Third Point Ventures.
DataBreaches
Some patients are first finding out about Blackbaud ransomware incident now
Little Hill Foundation for the Rehabilitation of Alcoholics, Inc. d/b/a Alina Lodge in New Jersey is first notifying patients whose data was involved in the...
The Record
Google Chrome, D-Link bugs among twelve added to CISA’s list of known exploited vulnerabilities
CISA added 12 vulnerabilities to its catalog of exploited bugs, highlighting several issues found in Google Chrome, QNAP, D-Link, Apple, Oracle and more.
SecurityWeek
Mine Lands $30M Series B for Data Privacy Tech
Israeli early-stage startup snags financing from Battery Ventures, PayPal Ventures and Nationwide Ventures.
The Cyber Wire
Ukraine at D+684: A hacktivist auxiliary is actively recruiting.
NATO conducts its annual cyber exercise against a background of hybrid war, heightened cyber espionage, and increased activity on the part of hacktivist auxiliaries.
The Cyber Wire
Ukraine at D+678: A template for hacktivist auxiliaries.
Reprisal and retaliation in the war of missiles, as President Putin says Ukraine is already destroyed, and that the real war is against the West. Cyber operations continue to represent the familiar mix of threat actors: intelligence services, hacktivist auxiliaries, and criminal privateers.
The Cyber Wire
Ukraine at D+664: A narrative of exceptionalism and historical glory.
Ineffectual drone strikes are exchanged across a static front as Russia turns to a narrative of Imperial and Soviet glory.
DataBreaches
All of Desert Wells Family Medicine patients’ electronic health records were corrupted and unrecoverable from ransomware attack
On August 30, HHS added Queen Creek Medical Center d/b/a Desert Wells Family Medicine in Arizona to its public breach tool. The entity had reported that 35,000...
SecurityWeek
IP Fabric Raises $25 Million in Series B Funding
IP Fabric raises $25 million in new financing to build technology in the enterprise network assurance space.
SecurityWeek
Eye Security Raises $39 Million in Series B Funding
Eye Security raises $39 million to bring enterprise-level security and cyber insurance products to mid-market businesses.
SecurityWeek
Supply Chain Startup Chainguard Scores $61 Million Series B
Washington startup Chainguard banks $61 million in new financing as investors make hefty wagers on software supply chain security companies.
The Cyber Wire
Ukraine at D+680: Missile strikes over a static front.
Both sides exchange missile strikes (and conflicting claims of their effectiveness). The GRU is now, by general consensus, responsible for the long-running cyberattack against Kyivstar.
DarkReading
Nisos Announces $15 Million in Series B Funding Round
New funding led by global cyber investor Paladin Capital Group, alongside existing investors Columbia Capital and Skylab Capital.
The Cyber Wire
Ukraine at D+682: OSINT on morale, and a coming hacktivist shakeup.
Storms impede ground operations. Smartphones as intelligence sources (and as a security problem). Notes on hacktivist auxiliaries, both Russian and Ukrainian.
The Cyber Wire
Ukraine at D+677: MIssile strikes continue at a high tempo.
Russia's government rehabilitates Stalin and frames its strikes against Ukrainian cities as punitive retaliation for Ukrainian crimes. Russian hacktivist auxiliaries claim to be disrupting targets in Finland.
SecurityWeek
MixMode Banks $45 Million in Series B Funding
Cyberattack detection platform MixMode has raised $45 million in an investment round led by PSG.
DarkReading
D-Link Confirms Breach, Rebuts Hacker's Claims About Scope
The router specialist says the attacker's claims to have heisted millions and millions of records are significantly overblown. But an incident did happen, stemming from a successful phish.
SC Magazine
D-Link NAS device vulnerabilities exploited – no patch available
An attacker could gain remote access to network-attached storage and execute arbitrary commands.
The Cyber Wire
Ukraine at D+689: Managing mobilization.
A Russian privacy law seems to have as its principal purpose controlling anything that might resemble independent journalism in advance of the upcoming presidential election theater.
The Cyber Wire
Ukraine at D+649: Managing mobilization.
A Russian privacy law seems to have as its principal purpose controlling anything that might resemble independent journalism in advance of the upcoming presidential election theater.
The Cyber Wire
Ukraine at D+668: Backchannel signaling.
A static front produces rumors of negotiation (probably fostered in bad faith) and reports of rats and mice in both sides' positions (and mouse fever among the Russian troops).
The Cyber Wire
Ukraine D+672: Battlefield frightfulness.
Little change at the front as Russia continues local assaults. Ukrainian strikes against Russia's Black Sea Fleet erode lines of communication with occupied Crimea. Hacktivist auxiliaries on both side claim unverified successes.
SecurityWeek
Application Security Firm StackHawk Bags $20.7 Million in Series B Funding
Application security startup StackHawk raises $20.7 million in a new investment round co-led by Sapphire Ventures and Costanoa Ventures.
DarkReading
D-Link Routers Vulnerable to Takeover Via Exploit for Zero-Day
A vulnerability in the HNAP login request protocol that affects a family of devices gives unauthenticated users root access for command execution.
The Hacker News
Researchers Find Links b/w Black Basta Ransomware and FIN7 Hackers
A new analysis of the hacking tools employed by the Black Basta ransomware operation has revealed its links to FIN7 (aka Carbanak) hacker group.
DarkReading
92K D-Link NAS Devices Open to Critical Command-Injection Bug
The company is asking users to retire several network-attached storage (NAS) models to avoid compromise through a publicly available exploit that results in backdooring.
DataBreaches
Volvo had some R&D data stolen in security breach
Kirsten Korosec reports: Volvo Cars is investigating a cybersecurity breach and theft of a limited amount of the company’s research and development data. The...
CyberSecurity Dive
D-Link tells customers to sunset actively exploited storage devices
The networking hardware vendor advised owners of the affected devices to retire and replace them. There is no patch available for the vulnerability.
ZDNet
Volvo announces some R&D files stolen during cyberattack | ZDNet
The company did not confirm whether it was a ransomware attack.
DarkReading
Lazarus Group Is Still Juicing Log4Shell, Using RATs Written in 'D'
The infamous vulnerability may be on the older side at this point, but North Korea's primo APT Lazarus is creating new, unique malware around it at a remarkable clip.
The Cyber Wire
Ukraine at D+683: Disinformation operations.
Russian leaders advance an expansive and ethnocentric narrative of the Russian world to justify Russian expansion.
The Cyber Wire
Ukraine at D+667: "Pulp fiction."
Western intelligence sources trace Prigozhin's assassination to Nikolai Patrushev, Secretary of the Security Council of Russia.
Loading more articles....