CISO Strategy
The SEC filed charges against SolarWinds and its CISO over misleading investors about its cybersecurity practices and known risks.
Hi, what are you looking for?
SecurityWeek
Government
A new GAO report reveals that 20 out of 23 US federal agencies have not fully implemented incident response plans.
Incident Response
New Relic said hackers gained access to an environment using social engineering and stolen credentials for an employee account.
Identity & Access
Okta expands scope of October breach, saying hackers stole names and email addresses of all its customer support system users.
Incident Response
Sumo Logic has completed its investigation into the recent security breach and found no evidence of impact to customer data.
CISO Strategy
The Biden for President campaign is looking for a cybersecurity chief to “define the organization's risk appetite” and manage its cybersecurity and IT initiatives.
Incident Response
Patch Tuesday: Redmond’s security response team flags two vulnerabilities -- CVE-2023-36033 and CVE-2023-36036 -- already being exploited in the wild.
Cloud Security
VMware described the bug as an out-of-bounds write issue in its implementation of the DCE/RPC protocol. CVSS severity score of 9.8/10.
Data Protection
Adlumin, a startup working on technology to boost security for mid-market firms, has banked $70 million in new funding led by SYN Ventures.
Cyberwarfare
Microsoft says an APT group tracked as Storm-0062 has been hacking Confluence installations since mid-September, three weeks before Atlassian’s disclosure.
Incident Response
Adobe Commerce customers exposed to code execution, privilege escalation, arbitrary file system read, and security feature bypass attacks.
Data Breaches
The fundraising software company Blackbaud has agreed to pay $49.5 million to settle claims brought by the attorneys general of 49 states and Washington,...
Cloud Security
Cisco warns that unauthenticated, remote attackers can log into devices using root account, which has default, static credentials that cannot be changed or deleted.
Incident Response
Rapid7 says attackers are targeting a critical pre-authentication flaw in Progress Software’s WS_FTP server just days after disclosure.
Cloud Security
Israeli security startup Gem Security has raised a total of $34 million to tackle cloud threat detection and incident response.
Incident Response
DHS has published a new set of recommendations to help federal agencies better report cyber incidents and protect critical infrastructure.
Cybercrime
Clorox says the recent cyberattack has been contained, but production is still not fully restored and there is a short supply of products.
Data Breaches
The hijacked data includes driver’s license numbers and/or social security numbers from a Caesars Entertainment loyalty database.
ICS/OT
Hackers launched a cyberattack on an Irish water utility, causing disruption and leaving people without water for two days.
CISO Strategy
Artificial Intelligence
Vulnerabilities