SecurityWeek

Inside the Mind of a CISO 2024 is a survey of 209 security leaders to understand the thinking and operational methods and motivations of CISOs.

Critical vulnerabilities have been found in an Emerson gas chromatograph and Claroty warns that attacks could have a serious impact.

CISA on Wednesday warned that three older flaws in GeoServer, Linux kernel, and Roundcube webmail are exploited in the wild.

The LockBit ransomware group claimed to have hacked the US Federal Reserve, but leaked data from an Arkansas-based bank.

Aqua Security shows that code in repositories remains accessible even after being deleted or overwritten, continuing to leak secrets.

WikiLeaks founder Julian Assange returned to Australia, hours after pleading guilty to obtaining and publishing U.S. military secrets.

Google has announced new Chrome Enterprise Core features that should be very useful to IT and security teams.

Google has disrupted over 175,000 YouTube and Blogger instances related to the Chinese influence operation Dragonbridge.

Freed from the shackles of always demanding a technical background, the CISO can concentrate on building a diverse team comprising multiple skills.

Some expressed concern about a rise in hybrid attacks by Russia – including allegations of election interference, cyberattacks and sabotage.

The P2Pinfect worm targeting Redis servers has been updated with ransomware and cryptocurrency mining payloads.

More than 100,000 websites are affected by a supply chain attack injecting malware via a Polyfill domain.

Several vulnerabilities patched recently in Siemens Sicam products could be exploited in attacks aimed at the energy sector.

Exploitation attempts targeting CVE-2024-5806, a critical MOVEit Transfer vulnerability patched recently, have started.

The European Council has added six Russian hackers to the EU’s sanctions list for their cyberattacks against member states and Ukraine.

A Mirai-like botnet has started exploiting a critical-severity vulnerability in discontinued Zyxel NAS products.

Indonesia’s national data center has been compromised by a hacking group asking for a $8 million ransom that the government won’t pay.

CoinStats says North Korean hackers drained $2 million in virtual assets from 1,590 cryptocurrency wallets.

Five WordPress plugins were injected with malicious code that creates a new administrative account.

Researcher shows how hackers could use social engineering to deliver ransomware and other malware to Meta’s Quest 3 VR headset.