Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

American Express says names, card account numbers, and card expiration dates were compromised in a data breach.

A critical authentication bypass in TeamCity allows remote attackers to take full control of vulnerable servers.

Vulnerabilities in a plugin for the Zeek network security monitoring tool can be exploited in attacks aimed at ICS environments.

The 22-year-old Air National Guard member admitted illegally collecting some of the nation’s most sensitive secrets and sharing them with other users on Discord.

With over 180,000 users, Crimemarket was a trading hub for narcotics, cybercrime tools, and crimeware guides.

A high-severity vulnerability in HikCentral Professional could lead to unauthorized access to certain URLs.

Webinar will provide valuable insights from Honeywell professionals who will guide you through the intricacies of industrial cybersecurity.

Traffic data is the lifeblood of network security, representing the raw, unfiltered truth of what is happening on the network.

The open source platform Tazama provides cost-effective monitoring of digital financial transactions to prevent fraud in real time.

Advanced phishing kit employs novel tactics in attack targeting cryptocurrency platforms and FCC employees.

Researchers demonstrate that remote Stuxnet-style attacks are possible against many modern PLCs using web-based malware.

Georgia’s largest county is still repairing damage inflicted on its government offices by a cyberattack in January 2024.

The Air National Guardsman accused of leaking highly classified military documents on social media is expected to plead guilty in his federal case.

Major vulnerabilities were found in cameras manufactured by the Chinese company Eken Group Ltd., which produces video doorbells under the brand names EKEN and Tuck, among others.

FBI Director Christopher Wray says advances in generative AI make it easier for election interference and meddling easier than before.

ICS network vulnerabilities ICS network vulnerabilities

Vulnerabilities in a plugin for the Zeek network security monitoring tool can be exploited in attacks aimed at ICS environments.

Remote PLC malware attack Remote PLC malware attack

Researchers demonstrate that remote Stuxnet-style attacks are possible against many modern PLCs using web-based malware.

CISA known exploited vulnerabilites CISA known exploited vulnerabilites

CISA says a high-severity elevation of privilege vulnerability in Microsoft Streaming Service is actively exploited in the wild.

Top Cybersecurity Headlines

American Express says names, card account numbers, and card expiration dates were compromised in a data breach.

A critical authentication bypass in TeamCity allows remote attackers to take full control of vulnerable servers.

Vulnerabilities in a plugin for the Zeek network security monitoring tool can be exploited in attacks aimed at ICS environments.

The 22-year-old Air National Guard member admitted illegally collecting some of the nation’s most sensitive secrets and sharing them with other users on Discord.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects. [March 20, 2024]

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit dives into Threat hunting tools and frameworks, and explores the value of threat intelligence data in the defender’s security stack.

Learn More

Vulnerabilities

Cybercrime

Ever since the invention of the lock, someone (somewhere) has tried to defeat it, often going to extremely creative lengths to do so. Such is the case of Ray – a security researcher and law enforcement consultant from Germany– who used a 3D printer to generate copies of handcuff keys that are normally restricted to law enforcement; the Bonowi and Chubb.

CipherCloud, a provider of cloud encryption technologies, has launched a cloud encryption gateway for Office 365 that transparently encrypts all email, calendar, and contact data stored in Microsoft's cloud-based Exchange Online and third-party Hosted Exchange services.

Carnegie Mellon University (CMU), in collaboration with the CERT Program of the Software Engineering Institute (SEI), is launching a new education and certificate program designed for information security executives that will emphasize “strategic cybersecurity management”.

StrikeForce Technologies, TradeHarbor Partner on Three-Factor Authentication Using Voice Verification TechnologyStrikeForce Technologies, a provider of our-of-band authentication and security solutions, will combine voice verification software with its out-of-band authentication platform to create "three-factor" verification for customers increasingly worried about being compromised.

Researchers at malware intelligence firm FireEye are reporting that Dutch authorities have pulled the plug on two secondary servers used by the Grum botnet. The removal of the servers shines light on how quickly some law enforcement agencies work, given that proof of their existence is just over a week old.

Skype has said they are aware of, and will patch, an odd bug that created a privacy issue by sending instant messages to a completely different party. The bug itself is buried somewhere within the massive amounts of client code, and is only triggered during a crash.The issue, according to a notice from Skype’s Leonas Sendrauskas issued on Monday, only happens when a user's Skype client crashes during an IM session. When this happens, some users may have the last...

Norman ASA has updated its Malware Analyzer G2 platform to enhance its ability to fight malware. The Malware Analyzer G2 platform is designed to help analysts inspect malware effectively. In version 3, Norman has included multiple IntelliVM modules to enable multiple pieces of malware to be inspected in parallel as well as the ability to analyze almost any Windows application or file. The product delivers IntelliVM plugins in Python scripts for development and extension of each analysis, according to the...

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

The API attack surface is expanding and API vulnerabilities are growing. AI will help attackers find and exploit API vulnerabilities at scale.