Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

A coming White House Executive Order seeks to protect personal information by preventing the mass transfer of Americans’ sensitive data to countries of concern.

The API attack surface is expanding and API vulnerabilities are growing. AI will help attackers find and exploit API vulnerabilities at scale.

The US has restricted trade with Canadian company Sandvine for aiding the Egyptian government’s web monitoring operations.

Pharmaceutical solutions provider Cencora discloses a cyberattack that resulted in personal information being stolen from its systems.

The US government says Russia’s APT28 group compromised Ubiquiti EdgeRouters to run cyberespionage operations worldwide.

When evaluating XDR, consider its value based on its ability to reduce complexity and improve threat detection and response times.

Chinese threat actors target Ivanti VPN appliances with new malware designed to persist system upgrades.

Intel announces new and improved security features with the latest vPro platform and Core Ultra processors.

White House calls for the “timely, complete, and consistent” publication of CVE and CWE data to help solve the security metrics problem.

The Black Basta and Bl00dy ransomware gangs have started exploiting two vulnerabilities in ConnectWise ScreenConnect.

The US government makes a $45 million investment in 16 projects to improve cybersecurity across the energy sector.

8,800 domains, many once owned by major companies, have been abused to get millions of emails past spam filters as part of SubdoMailing campaign.

Quantum computers are coming, and will defeat current PKE encryption. But this cryptopocalypse is not dependent upon quantum computers — it could happen through other means, at any time.

U-Haul says customer information was compromised in a data breach involving a reservation tracking system.

The best Red Team engagements are a balanced mix of technology, tools and human operators.

Intel Core Ultra vPro security Intel Core Ultra vPro security

Intel announces new and improved security features with the latest vPro platform and Core Ultra processors.

NIST Cybersecurity Framework 2.0 NIST Cybersecurity Framework 2.0

NIST releases Cybersecurity Framework 2.0, the first major update since the creation of the CSF a decade ago.

AI in Cybersecurity AI in Cybersecurity

AI will allow attackers to improve their attacks, and defenders to improve their defense. Over time, little will change — but the battle will be more intense.

Top Cybersecurity Headlines

A coming White House Executive Order seeks to protect personal information by preventing the mass transfer of Americans’ sensitive data to countries of concern.

The API attack surface is expanding and API vulnerabilities are growing. AI will help attackers find and exploit API vulnerabilities at scale.

The US has restricted trade with Canadian company Sandvine for aiding the Egyptian government’s web monitoring operations.

Pharmaceutical solutions provider Cencora discloses a cyberattack that resulted in personal information being stolen from its systems.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects. [March 20, 2024]

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit dives into Threat hunting tools and frameworks, and explores the value of threat intelligence data in the defender’s security stack.

Learn More

Vulnerabilities

Cybercrime

LockPath, an Overland Park, Kanas-based provider of governance, risk and compliance (GRC) solutions, today announced that it has closed a $6 million series B financing round led by El Dorado Ventures.The company says its “Keylight platform” helps organizations of all sizes address regulatory compliance and risk management needs.

Kaspersky Lab, the only security vendor to fight a patent lawsuit filed by IPAT (Information Protection and Authentication of Texas), officially announced last week that they were victorious following a three-year court battle. IPAT filed a patent suit in 2009, targeting nearly every security vendor in the industry.

Apple is investigating ways to prevent people from bypassing the In-App purchasing mechanism (IAP), the company says. However, aside from forcing a demo video offline with a DMCA request to YouTube, the “iDevice” giant is coming up empty.

Blue Coat Systems, the Sunnyvale-California-based provider of Web security and WAN optimization solutions that was taken private by private equity firm Thoma Bravo for $1.3 billion in a deal announced in December 2011, today introduced a set of mobile application controls to help address security risks associated with the use of unauthorized mobile applications on corporate networks.

CISOs Today Must Build a Risk-Aware Culture Where Security Awareness Permeates Every Level of the Organization...

Database giant Oracle on Thursday issued its pre-release announcement for its July 2012 Critical Patch Update, saying it would issue 88 new security vulnerability fixes across hundreds of Oracle products. As part of the update, Oracle will issue 4 new security fixes for vulnerabilities in the company’s flagship Oracle Database Server, 3 of which may be remotely exploitable without authentication.

nCircle, a provider of information risk and security solutions, today announced PureCloud™ Enterprise, a new scanning solution designed to help enterprises address the common gaps in security visibility. PureCloud Enterprise enables scan results to be integrated into the nCircle Suite360 Intelligence Hub™ to provide users with a single view of security risk, consolidated reporting and analytics.

Computer graphics technology firm NVIDIA, a company that holds more the 5,000 patent and credited with inventing the GPU, on Thursday said it had shut down its “NVIDIA Developer Zone,” after the online community for developers had been hacked.

A few heart freezing moments:• A phone call that begins with the words: We have your child – we want $250,000 to guarantee her safe return. If you go to the police, you will never see her again.• You receive a thick manila envelope with compromising pictures of you and a young woman, not your wife. You’ve been invited to a local bar to talk.

Earlier this week, SecurityWeek detailed the shutdown of the DarkComet project by its creator, because his works were used to attack protesters in Syria. The RAT had an interesting lifespan, and it was used in several attacks, according to Arbor Networks.Jean-Pierre Lesueur, who was responsible for bringing DarkComet to life, said that DarkComet was developed and given away for free, as long as people didn’t use it for malicious purposes.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

The API attack surface is expanding and API vulnerabilities are growing. AI will help attackers find and exploit API vulnerabilities at scale.