A new feature in the latest iOS release reportedly reboots locked devices that have not been unlocked for longer periods of time.
The post New iOS Security Feature Reboots Devices to Protect User Data: Reports appeared first on SecurityWeek.
Prosecutors say the data of at least 800,000 Italians was compromised in breaches dating from 2022 by a private investigative agency.
The post Italian Politicians Express Alarm at Latest Data Breach Allegedly Affecting 800,000 Citizens appeared first on SecurityWeek.
Atlassian has released patches for high-severity vulnerabilities in Bitbucket, Confluence, and Jira Service Management.
The post Atlassian Patches Vulnerabilities in Bitbucket, Confluence, Jira appeared first on SecurityWeek.
CISA warns that a critical-severity hardcoded credentials vulnerability in SolarWinds Web Help Desk is exploited in attacks.
The post Organizations Warned of Exploited SolarWinds Web Help Desk Vulnerability appeared first on SecurityWeek.
Oracle has released 334 new security patches to address roughly 220 unique CVEs as part of its October 2024 Critical Patch Update.
The post Oracle Patches Over 200 Vulnerabilities With October 2024 CPU appeared first on SecurityWeek.
Intel and AMD respond to new attack methods named TDXDown and CounterSEVeillance that can be used against TDX and SEV technology.
The post New CounterSEVeillance and TDXDown Attacks Target AMD and Intel TEEs appeared first on SecurityWeek.
Tens of cybersecurity companies have announced cutting staff over the past year as part of reorganization strategies, in many cases triggered by the global economic slowdown.
One of the most recent announcements was made by Sophos, which in mid-January confirmed reports that it’s laying off 10% of its global workforce. Roughly 450 people have reportedly lost their job as the company shifts focus to cybersecurity services, including managed detection and response.
At around the same time, identity verification company Jumio also confirmed laying off roughly 100 people.
In May 2022, cloud security company Lacework announced terminating 300 jobs, representing roughly 20% of its workforce.
Another company that laid off a significant portion of its workforce last year is OneTrust, which provides privacy, security, and data governance technology. Nearly 1,000 employees were let go, roughly a quarter of the firm’s workforce.
IronNet, the cybersecurity firm founded by former NSA director Keith Alexander, fired 17% of staff in June and another 35% in September due to significant problems.
In the fall, Cybereason announced plans to reduce its staff by 17%, just months after cutting 10% of its workforce. In total, the company fired approximately 300 employees.
Cloud security firm Aqua Security has laid off 10% of its workforce, and Malwarebytes terminated 14% of its staff (around 125 people). Gen Digital, created through the merger of antivirus companies Avast and NortonLifeLock, let go of a quarter of employees, in some cases due to their activities overlapping with the other company’s workers.
In October, developer security company Snyk — recently valued at $7.4 billion — announced that it had started restructuring and reducing its global workforce, impacting 198 employees, or 14% of its total workforce.
The same month, security and application delivery solutions provider F5 announced cutting approximately 100 roles, representing 1% of its global workforce.
Enterprise security solutions provider Forescout Technologies has reportedly laid off 100 of 170 employees at its R&D center in Israel, after firing 100 other employees in October.
The companies that sacked employees cited market conditions, strategic reorganization and shifting priorities when motivating their decision.
Data from Layoffs.fyi shows that tens of cybersecurity firms terminated staff over the past year. The list includes Tripwire, Deep Instinct, Pipl, Transmit Security, Tufin, Checkmarx, Varonis, Perimeter 81, and Armis.
On the other hand, many of those who have been terminated may not have any difficulties securing a job at a different company.
According to a study conducted by the nonprofit (ISC)², the global cybersecurity workforce is at an all-time high, with an estimated 4.7 million professionals. However, the study found that an additional 3.4 million cybersecurity workers are needed, with 70% of the 11,000 cybersecurity professionals who took part in a survey conducted by the nonprofit saying that their organization does not have enough cybersecurity employees.
Related: How a VC Chooses Which Cybersecurity Startups to Fund in Challenging Times
Related: Predictions 2023: Big Tech’s Coming Security Shopping Spree
Related: Cybersecurity Workforce Study Needs to be Taken with a Pinch of Salt
The post Tens of Cybersecurity Companies Announced Layoffs in Past Year appeared first on SecurityWeek.
Forward Networks, a company that specializes in security and reliability solutions for large enterprise networks, has raised $50 million in a Series D funding round.
The funding round, which brings the total invested in the company to more than $110 million, was led by MSD Partners, with participation from Section 32, Omega Venture Partners, Goldman Sachs Asset Management, Threshold Ventures, A. Capital and Andreessen Horowitz.
Forward Networks’ product creates a digital twin of the customer’s network, helping them gain insights that can be used to make better decisions and improve their network’s security, compliance and health. The platform supports AWS, Google Cloud Platform, and Microsoft Azure.
For network security, the company’s platform provides attack surface management, vulnerability management and security posture management capabilities.
Forward Networks claims to have quadrupled its customer base since 2019 and achieved an ARR growth of 139% from 2021 to 2022.
Related: Network Security Company Corsa Security Raises $10 Million
Related: Whistic Raises $35 Million in Series B Funding for Vendor Security Network
Related: Network Security Firm Portnox Raises $22 Million in Series A Funding
Related: Zero Trust Network Access Provider Banyan Security Raises $30 Million
The post Forward Networks Raises $50 Million in Series D Funding appeared first on SecurityWeek.
Video games developer Riot Games on Tuesday confirmed that source code was stolen from its development systems during a ransomware attack last week.
The incident was initially disclosed on January 20, when the company announced that systems in its development environment had been compromised and that the attack impacted its ability to release content.
“Earlier this week, systems in our development environment were compromised via a social engineering attack. We don’t have all the answers right now, but we wanted to communicate early and let you know there is no indication that player data or personal information was obtained,” the company announced last week.
On January 24, Riot Games revealed that ransomware was used in the attack and that source code for several games was stolen.
“Over the weekend, our analysis confirmed source code for League, TFT, and a legacy anticheat platform were exfiltrated by the attackers,” the games developer said.
The company reiterated that, while the development environment was disrupted, no player data or personal information was compromised in the attack.
The stolen source code, which also includes some experimental features, will likely lead to new cheats emerging, the company said.
“Our security teams and globally recognized external consultants continue to evaluate the attack and audit our systems. We’ve also notified law enforcement and are in active cooperation with them as they investigate the attack and the group behind it,” Riot Games added.
The game developer also revealed that it received a ransom demand, but noted that it has no intention to pay the attackers. The company has promised to publish a detailed report of the incident.
According to Motherboard, the attackers wrote in the ransom note that they were able to steal the anti-cheat source code and game code for League of Legends and for the usermode anti-cheat Packman. The attackers are demanding $10 million in return for not sharing the code publicly.
Related: Ransomware Revenue Plunged in 2022 as More Victims Refuse to Pay Up: Report
Related: Ransomware Attack on DNV Ship Management Software Impacts 1,000 Vessels
Related: The Guardian Confirms Personal Information Compromised in Ransomware Attack
The post Riot Games Says Source Code Stolen in Ransomware Attack appeared first on SecurityWeek.
Microsoft says it is making a “multiyear, multibillion dollar investment” in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools that can write readable text and generate new images.
The tech giant on Monday described its new agreement as the third stage of a growing partnership with San Francisco-based OpenAI that began with a $1 billion investment in 2019. It didn’t disclose the dollar amount for its latest investment.
The partnership positions Microsoft to sharpen its competition with Google in commercializing new AI breakthroughs that could transform numerous professions, as well as the internet search business.
OpenAI’s free writing tool ChatGPT launched on Nov. 30 and has brought public attention to the possibilities of new advances in AI.
It’s part of a new generation of machine-learning systems that can converse, generate readable text on demand and produce novel images and video based on what they’ve learned from a vast database of digital books, online writings and other media.
Microsoft’s partnership enables it to capitalize on OpenAI’s technology. Microsoft’s supercomputers are helping to power the startup’s energy-hungry AI systems, while the Redmond, Washington-based tech giant will be able to further integrate OpenAI technology into Microsoft products.
“In this next phase of our partnership,” customers who use Microsoft’s Azure cloud computing platform will have access to new AI tools to build and run their applications, said a statement from Microsoft CEO Satya Nadella.
“There’s lots of ways that the models that OpenAI is building would be really appealing for Microsoft’s set of offerings,” said Rowan Curran, an analyst at market research firm Forrester. That could include helping to generate text and images for new slide presentations, or creating smarter word processors, Curran said.
The technology could also help Microsoft’s own search engine, Bing, compete with Google in answering search queries with more complete answers instead of just links.
OpenAI started out as a nonprofit artificial intelligence research company when it launched in December 2015. With Tesla CEO Elon Musk as its co-chair and among its early investors, the organization’s stated aims were to “advance digital intelligence in the way that is most likely to benefit humanity as a whole, unconstrained by a need to generate financial return.”
That changed in 2018 when it incorporated a for-profit business Open AI LP, and shifted nearly all its staff into the business, not long after releasing its first generation of the GPT model for generating human-like paragraphs of readable text. Musk also left its board in 2018.
OpenAI said in its statement announcing the deal Monday that it will still be governed by its nonprofit arm and that it remains a “capped-profit” company, though it didn’t specify what limits it sets on its profits.
“This structure allows us to raise the capital we need to fulfill our mission without sacrificing our core beliefs about broadly sharing benefits and the need to prioritize safety,” it said.
OpenAI’s other products include the image-generator DALL-E, first released in 2021, the computer programming assistant Codex and the speech recognition tool Whisper.
The investment announcement came a day before Microsoft was scheduled to report its earnings from the October-December financial quarter and after disclosing last week its plans to lay off 10,000 employees, close to 5% of its global workforce.
The post Microsoft Invests Billions in ChatGPT-Maker OpenAI appeared first on SecurityWeek.
Several vulnerabilities described as having critical and high impact, including ones allowing unauthenticated remote code execution, have been found and patched in OpenText’s enterprise content management (ECM) product.
The vulnerabilities were discovered by a researcher at cybersecurity consultancy Sec Consult in OpenText’s Extended ECM, which is designed for managing the distribution and use of information across an organization. Specifically, the flaws impact the product’s Content Server component.
The security firm this week published three different advisories describing its findings.
OpenText was informed about the vulnerabilities in October 2022 and patched them earlier this month with the release of version 22.4, according to Sec Consult.
One of the critical vulnerabilities, tracked as CVE-2022-45923, can allow an unauthenticated attacker to execute arbitrary code using specially crafted requests.
The second critical flaw, CVE-2022-45927, impacts the Java Frontend of the OpenText Content Server component and can allow an attacker to bypass authentication. Exploitation could ultimately lead to remote code execution.
Sec Consult has also identified five types of vulnerabilities in the Content Server component that can be exploited by authenticated attackers.
These issues, rated ‘high impact’, can be exploited to delete arbitrary files on the server, escalate privileges, obtain potentially valuable information, launch server-side request forgery (SSRF) attacks, and execute arbitrary code.
Proof-of-concept (PoC) code is available for the high-impact issues, but the advisories describing the critical flaws do not include PoC code in an effort to prevent malicious exploitation.
Related: Vendor Refuses to Remove Backdoor Account That Can Facilitate Attacks on Industrial Firms
Related: InfiRay Thermal Camera Flaws Can Allow Hackers to Tamper With Industrial Processes
Related: OpenText Acquires Email Security Firm Zix for $860 Million
The post Critical Vulnerabilities Patched in OpenText Enterprise Content Management System appeared first on SecurityWeek.
