Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

The White House is seeking public comment on the risks and benefits of having an AI system’s key components publicly available for anyone to use and modify.

Join the webinar to learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Use of AI to cut through the noise and confusion of the current vulnerability prioritization approaches suggests an exciting future for AI-assisted operations to vulnerability triaging.

High-severity vulnerability in Apple Shortcuts could lead to sensitive information leak without user’s knowledge.

Noteworthy stories that might have slipped under the radar: Spyware vendor Variston is reportedly shutting down, Crowdstrike tracks 232 threat actors, Meta and Freenom reach settlement. 

ConnectWise ScreenConnect vulnerability tracked as CVE-2024-1709 and SlashAndGrab exploited to deliver ransomware and other malware.

Tangerine Telecom says attackers stole the personal information of 230,000 individuals from a legacy customer database.

AT&T said the hourslong outage to its U.S. cellphone network Thursday appeared to be the result of a technical error, not a malicious attack.

Microsoft releases PyRIT red teaming tool to help identify risks in generative AI through automation.

European security vendor Avast is charged with harvesting consumer web browsing data through its browser extension and anti-virus software and “and sold it without adequate notice and without consumer consent.”

Eye care practice management firm American Vision Partners faces lawsuit over data breach impacting 2.3 million patients.

Russian state-sponsored threat actor Turla has been using a new backdoor in recent attacks targeting Polish NGOs.

Threat actors are actively deploying the recently released self-replicating and self-propagating SSH-Snake worm.

Leaked documents show how Chinese authorities surveil dissidents overseas, hack other nations and promote pro-Beijing narratives online.

CISA, FBI and EPA release guidance on how Water and Wastewater Systems Sector entities can secure their environments.

ConnectWise vulnerability exploited ConnectWise vulnerability exploited

ConnectWise ScreenConnect vulnerability tracked as CVE-2024-1709 and SlashAndGrab exploited to deliver ransomware and other malware.

Lockbit ransomware takedown Lockbit ransomware takedown

The US is offering big rewards for information on LockBit cybercriminals as law enforcement claims to have identified some individuals.

Apple PQ3 quantum encryption for iMessage Apple PQ3 quantum encryption for iMessage

Apple unveils PQ3, a new post-quantum cryptographic protocol for iMessage designed to protect communications against quantum computing attacks.

Top Cybersecurity Headlines

The White House is seeking public comment on the risks and benefits of having an AI system’s key components publicly available for anyone to…

Join the webinar to learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Use of AI to cut through the noise and confusion of the current vulnerability prioritization approaches suggests an exciting future for AI-assisted operations to…

High-severity vulnerability in Apple Shortcuts could lead to sensitive information leak without user’s knowledge.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Upcoming Virtual Events

CISOs and risk management leaders must understand clearly the role of cyber insurance in a robust security program, ongoing changes to premiums and policy pricing, the errors that could deny coverage and how it all fits into global incident response planning.

Learn More
Cyber AI & Automation Summit

SecurityWeek’s inaugural Cyber AI & Automation Summit pushes the boundaries of security discussions by exploring the implications and applications of predictive AI, machine learning, and automation in modern cybersecurity programs.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place in 2023 as a virtual event. (June 13-14, 2023)

Learn More

As CISOs and corporate defenders grapple with the intricacies of securing sensitive data passing through multi-cloud deployments and APIs, the importance of frameworks, tools, controls and design models have surfaced to the front burner. (July 19, 2023)

Learn More

Vulnerabilities

Cybercrime

The latest iteration of PCI compliance regulations adds to the already increasing burdens of the typical IT security professional. With it comes fear, uncertainty and doubt for those looking to execute PCI compliance controls properly and in turn to preserve their jobs. I had a chance recently to present as a guest keynote speaker at the North America CACS ISACE conference on implementing sound compliance and audit controls for key management.

Venafi, a Salt Lake City, Utah-based provider of enterprise key and certificate management solutions, has shared the results of scans performed on 450 Global 2000 companies, revealing that on average, nearly one in five digital security certificates deployed by the organizations rely on a technology that makes them open targets for Flame-, Stuxnet- and Duqu-style malware breaches.

CrowdStrike Streamlines Malware Reverse Engineering With CrowdREArmed with $26 million in venture funding, security startup CrowdStrike has released a tool designed to make it faster to reverse engineer malicious files by encouraging researchers to work together on a cloud-based collaboration platform.

There is a saying in the InfoSec world – you can’t patch human stupidity. It isn’t hard to prove that statement depending on the situation, but a new account on Twitter is making the task a simple one. The account, @NeedADebitCard, is re-tweeting people who are openly declaring their intent to share the wealth (what little of it there is) by posting pictures of their debit and credit cards for all to see.

Twitter, the ever popular, privacy respecting social network, released their first transparency report this week, after taking a cue from Google. The report isn’t glowing, but it is a solid start and another view of how a major Internet portal deals with protecting a user’s rights.

According to research from Symantec and Sophos, the Blackhole exploit kit has been upgraded with some new features recently. The latest revision includes a payload that targets an unpatched vulnerability in Microsoft XML Core Services , and new JavaScript that addresses propagation issues.

Sourcefire CEO John Burris Takes Medical Leave of AbsenceCybersecurity solutions provider Sourcefire, Inc. today said that its Chief Executive Officer, John Burris, has taken a medical leave of absence to undergo a series of treatments for colon cancer.

According to newly released data from International Data Corporation (IDC), security appliance vendors enjoyed strong continued growth during the first quarter of this year, as evidenced by recent numbers coming from the technology market research firm.

A new whitepaper from McAfee takes a look at the emergence of hacktivism and the implications of how digital protest movements may evolve in the future. The report, titled ‘Hacktivism: Cyberspace has become the new medium for political voices’, was authored by Francois Paget, a senior malware research engineer at McAfee Labs in France. The paper traces hacktivism from the first uses of the word to the people launching politically-motivated distributed denial-of-service (DDoS) attacks under the Anonymous label.

Anonymous Looks to Save the Planet by Targeting ExxonMobil, Shell and BP Last week, and continuing into the weekend, Anonymous targeted ExxonMobil and claimed to have compromised company data during Op SaveTheArctic. The attack was in response to environmental concerns, and it isn’t the first time Exxon has come under the gun with regards to the faceless hacking collective.

On June 24, with little fanfare, Stuxnet died. The malware exposed as being a government project aimed at slowing Iran’s nuclear intiatives, stopped replicating. Despite a reported link to a plant shutdown in Iran, the state run media called Stuxnet a failure.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Only 54% of major code changes go through a full security review, a new CrowdStrike State of Application Security report reveals.