SharePoint ‘ToolShell’ vulnerabilities being exploited in the wild

Cybercriminals who hacked Rhode Island’s system for health and benefits programs have released files to a site on the dark web, The post Rhode Islanders’ Data Was Leaked From a Cyberattack on State Health Benefits Website appeared first on SecurityWeek.

Google has announced a new program in its Chrome browser to ensure that HTTPS certificates are secure against the future risk posed by quantum computers. “To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional X.509 certificates containing post-quantum cryptography to the Chrome Root Store,” the Chrome Secure…

Embedded Linux-based Internet of Things (IoT) devices have become the target of a new botnet dubbed PumaBot. Written in Go, the botnet is designed to conduct brute-force attacks against SSH instances to expand in size and scale and deliver additional malware to the infected hosts. “Rather than scanning the internet, the malware retrieves a list…

Social media security startup Spikerz has raised $7 million in a seed funding round led by Disruptive AI. The post Social Media Security Firm Spikerz Raises $7 Million appeared first on SecurityWeek.

Alexander Martin reports: A suspected ransomware attack on Miljödata, a Swedish software provider used for managing sick leave and similar HR reports, is believed to have impacted around 200 of the country’s municipal governments. The attack was detected on Saturday, according to the company’s chief executive Erik Hallén. The attackers are attempting to extort Miljödata,……

Suzanne Smalley reports: France’s data protection regulator has fined the software company Nexpublica France €1.7 million ($2 million) for poor cybersecurity practices in the wake of a data breach. In November 2022, users of a Nexpublica portal reported they could access documents about third parties. France’s data regulator, known as CNIL, investigated the incident and……