Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Republican Gov. Phil Scott said the legislation would have made Vermont “a national outlier and more hostile than any other state to many businesses and non-profits.”

Security researchers at Cisco Talos and Volexity flag two Pakistani espionage campaigns targeting Indian government entities.

Retired U.S. Army General Paul M. Nakasone brings cybersecurity experience to OpenAI’s Board of Directors and Safety and Security Committee.

The increase in mass exploitation involving edge services and devices is likely to worsen.

Ascension says patient information was stolen in an early-May ransomware attack that involved an employee downloading malware.

Noteworthy stories that might have slipped under the radar: Overview of the ICS malware Fuxnet, Google accused of tracking users, scammers impersonate CISA staff.

Rockwell Automation has patched three high-severity vulnerabilities in its FactoryTalk View SE HMI software.

CISA urges federal agencies to apply mitigations for an exploited Progress Telerik vulnerability as soon as possible.

Microsoft is not rolling out Recall with Copilot+ PCs as it’s seeking additional feedback and working on improving security.

YesWeHack has raised more than $52 million to date to build and market a crowdsourced vulnerability reporting platform.

Pyte has raised $5 million for its secure computation platform, bringing the total investment in the company to $12 million. 

People on the Move

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

Jill Passalacqua has been appointed Chief Legal Officer at autonomous security solutions provider Horizon3.ai.

Cisco has appointed Sean Duca as CISO and Practice Leader for the APJC region.

Megan Samford named Chief Security Officer of Schneider Electric’s US National Security Agreements & US Federal Business.

Timothy Yost has been named Chief Financial Officer at BlueVoyant.

More People On The Move
Windows Recall security Windows Recall security

Microsoft is not rolling out Recall with Copilot+ PCs as it’s seeking additional feedback and working on improving security.

ICS vulnerabilities ICS vulnerabilities

Analysis and insights on the prevalence and impact of password exposure vulnerabilities in ICS and other OT products.

Microsoft Patches Zero-Click Outlook Vulnerability That Could Soon Be Exploited

Microsoft’s June 2024 Patch Tuesday updates resolve a zero-click Outlook vulnerability leading to remote code execution.

Top Cybersecurity Headlines

The TellYouThePass ransomware gang started exploiting a recent code execution flaw in PHP days after public disclosure.

Apple has released a visionOS update that patches CVE-2024-27812, which may be the first flaw specific to the VR headset.

Arm warns that CVE-2024-4610, a Mali GPU kernel driver vulnerability addressed two years ago, is exploited in attacks.

Mandiant says a financially motivated threat actor has compromised hundreds of Snowflake instances using customer credentials stolen via infostealer malware that infected non-Snowflake owned systems.

Fortinet announces plans to acquire Lacework, a late-stage cloud security startup that was once listed as a “unicorn” company valued north of $1 billion.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn how you can transform your security strategy to build your organization’s resilience in the face of evolving threats.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit dives into Threat hunting tools and frameworks, and explores the value of threat intelligence data in the defender’s security stack.

Learn More

Vulnerabilities

Cybercrime

WASHINGTON - Few want to even think about it, but the 2012 US election result could be clouded by problems with voting machines ... again. Twelve years after the Florida punch card debacle in which thousands of votes went uncounted in the crucial state, some experts cite similar concerns about voting technology.

Security software firm Quarri Technologies has extended its hardened Web browser technology to iOS devices to protect against various Web attacks, including session hijacking and data theft. Quarri Protect on Q Mobile for iOS prevents Web browsers from copying and saving data onto iOS devices, Quarri Technologies told SecurityWeek. POQ Mobile for iOS will be part of Quarri's Protect On Q security suite, which already protects Windows systems and Android devices.

According to a recent report from AVG Technologies, many SMBs in the US and UK are missing out on the benefits of cloud technologies due to basic confusion. The organizations that particpated in the study were unsure of cloud services or felt they were only for large organizations.

Researchers at VUPEN Security say they have uncovered multiple vulnerabilities in Windows and Internet Explorer 10 that can be combined to bypass security features in Windows 8. According to VUPEN CEO Chaouki Bekrar, exploiting the vulnerabilities result in remote code execution without any user interaction beyond visiting a webpage.

WASHINGTON - The Pentagon will no longer retain an exclusive contract with Blackberry maker Research in Motion and has invited companies such as Apple to offer smart phones to its vast work force. The move, announced Thursday, comes only days after another government agency, the US Immigration and Customs Enforcement agency, said it was dropping the Blackberry device altogether in favor of Apple's iPhone.

GlobalSign, an SSL Certificate provider, and CloudFlare, a company that helps accelerate Web site performance and improve site security, have teamed up to help GlobalSign customers improve the load time of SSL-secured web content.

Russia Puts First Sites on New Internet BlacklistMOSCOW - Russia on Thursday put into force a new law on the Internet that allows the government to block websites with banned content, prompting fears that it will be used to suppress free speech.

The FBI has arrested 14 people after an investigation concluded that they managed to scam more than $1 million dollars from Citibank by exploiting a security protocol used by the financial firm. The crafty scam was best described as Gone in 60 seconds – after the heist film, according to the feds.

Scouts have been a part of military operations since the dawn of time. There is a great deal of romanticism around the image of the cavalry scouts of the Wild West, Jeb Stuart during the Civil War or images of Long Range Recon Patrols of Vietnam. Why were these groups of soldiers the elite military of their time? Because commanders needed their best to be their eyes and ears. They needed troops they could depend on implicitly and without question...

SAN FRANCISCO - The Electronic Frontier Foundation said Wednesday it has sued the U.S. Department of Homeland Security (DHS) to obtain details about Predator drones on loan to domestic police departments. EFF Internet freedom and privacy champions contended that they filed suit in federal court in San Francisco because the DHS failed to respond to a Freedom of Information Act request for the information.

In two decades practicing law – with a majority focus in the information security industry – I’ve had a front row seat to the meteoric rise in the public discourse on privacy and data loss. Now as a Certified Information Privacy Professional (CIPP) and General Counsel of a company that navigates state breach notice laws, a plethora of sector based federal breach notice laws, and a host of international breach notice laws, I’ve moved in many ways from the front...

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.

Cloud Security