Author: admin

New York Attorney General Letitia James on Monday filed a lawsuit against insurance firm National General and its parent company Allstate over two data breaches. National General, which offers home, vehicle, and other insurance coverage, suffered two data breaches in 2020 and 2021, resulting in the driver’s license numbers of more than 165,000 New Yorkers being compromised. According to the New York Office of the Attorney General (OAG), National General failed to notify the impacted individuals after the first data breach, and did not take the necessary precautions to protect its systems, which led to the second incident. Even after…

Enterprise software maker SAP on Tuesday announced the release of 21 new and three updated security notes on its March 2025 security patch day. The company included five high-priority security notes in its advisory, namely three new notes that address vulnerabilities in Commerce, NetWeaver, and Commerce Cloud, and two updated notes that resolve flaws in Approuter and PDCE. The most severe of these issues are CVE-2025-27434 and CVE-2025-26661 (CVSS score of 8.8), described as a cross-site scripting (XSS) bug in Commerce and a missing authorization check in NetWeaver. The XSS issue resides in the open source library Swagger UI, and…

Taiwan-based networking solutions provider Edimax says it’s aware of reports that a vulnerability affecting some of its cameras has been exploited in the wild, but it cannot release patches due to the product being discontinued more than a decade ago. The cybersecurity agency CISA warned organizations on March 4 about CVE-2025-1316, a critical command execution vulnerability affecting Edimax IC-7100 IP cameras. The agency suggested that the vulnerability may have been exploited as a zero-day, but did not clearly state it in its advisory. However, Akamai, whose researchers have been credited for reporting the flaw, confirmed to SecurityWeek that the vulnerability…

The ACCC has granted interim authorisation to the Australian Sustainable Finance Institute (ASFI) and its member banks.This authorisation allows them to engage in discussions aimed at formulating proposals to reform regulatory capital requirements in Australia’s finance sector. This pivotal move is intended to address existing constraints on sustainable finance and investment across the country.Under the terms of the authorisation, ASFI, along with its member banks, must adhere strictly to a competition protocol concerning the handling of competitively sensitive information. This protocol is designed to ensure that all discussions remain compliant with competitive standards while fostering a collaborative approach to significant…

A new Israeli startup called Sola Security has emerged from stealth with $30 million in seed-stage funding and ambitious plans to build an AI-powered no-code security platform. The company said the financing was provided by S Capital and investor Mike Moritz, S32, Glilot Capital Partners, and several angel investors. Founded in 2024 by cybersecurity veterans Guy Flechter and Ron Peled, Sola Security and its investors are betting on a growing market for no-code development platforms that allows security teams to build custom security applications quickly and without significant technical expertise. Solo Security said its platform will offer both ready-made solutions…

A South American cyberespionage group has delivered malware to over 1,600 victims in Colombia in a recent campaign, Check Point reports. Tracked as Blind Eagle and APT-C-36, and active since 2018, the advanced persistent threat (APT) actor is known for targeting government, financial, and critical infrastructure organizations in Colombia and Ecuador. The threat actor mainly relies on phishing emails containing malicious attachments or URLs to deliver remote access trojans (RATs) such as NjRAT, AsyncRAT, and Remcos, and recently expanded its arsenal with additional commodity malware, including a variant of PureCrypter. In December 2024, the threat actor was seen targeting CVE-2024-43451,…

LiquidTrust recently announced a significant milestone with the completion of a $4m seed funding round. This funding effort was led by notable investors including the Anthemis Female Innovators Lab Fund, Resolute Ventures, and Motivate Ventures. This financial backing follows their participation in WMNfintech by BMO and 1871, positioning them as a notable player in the FinTech space.The company has introduced Micro Escrow Pay, a patent-pending instant escrow payment solution tailored specifically for small and midsize businesses (SMBs). This innovative service is designed to embed trust directly into payment flows, thereby mitigating risks of fraud, nonpayment, and counterparty uncertainty. LiquidTrust offers…

United States stock markets plummeted on Monday amid fears that President Donald Trump’s tariff policies might drive the world’s largest economy into recession. After years of impressive growth, America’s economic exceptionalism has been called into question. Concern over an economic downturn has driven a stock market rout that wiped $1.7 trillion from the S&P 500 – the world’s most-watched equity index. It fell by 2.7 percent, dragging it 9 percent below the all-time high it reached on February 19. The tech-heavy Nasdaq-100 posted its worst day since 2022, wiping out more than $1 trillion in value. Investors sold shares in…

The US cybersecurity agency CISA on Monday warned of three critical-severity vulnerabilities in Ivanti Endpoint Manager (EPM) being exploited in the wild. The issues, tracked as CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161 (CVSS score of 9.8), are described as absolute path traversal flaws affecting EMP versions 2024 and 2022 SU6 with the November 2024 security update installed. Ivanti released patches for the security defects in mid-January, crediting Horizon3.ai for reporting them. Roughly a month later, the cybersecurity firm released proof-of-concept (PoC) exploit code targeting the bugs. The vulnerabilities, Horizon3.ai explained, reside in functions that attempt to read the files in specific directories…

Cybereason, a leader in the cybersecurity industry, has successfully raised $120m in a new funding round. This investment was spearheaded by SoftBank Corp., SoftBank Vision Fund 2, and Liberty Strategic Capital, highlighting strong market confidence in the company’s capabilities.The funds will bolster Cybereason’s renowned endpoint detection and response (EDR) solutions and its consulting services. This strategic financial injection aims to propel the company’s global expansion and enhance its technology to meet the evolving demands of cybersecurity threats faced by enterprises around the world.Cybereason plans to utilize the newly acquired funds to deepen its product capabilities in EDR solutions and to…