Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

The White House is seeking public comment on the risks and benefits of having an AI system’s key components publicly available for anyone to use and modify.

Join the webinar to learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Use of AI to cut through the noise and confusion of the current vulnerability prioritization approaches suggests an exciting future for AI-assisted operations to vulnerability triaging.

High-severity vulnerability in Apple Shortcuts could lead to sensitive information leak without user’s knowledge.

Noteworthy stories that might have slipped under the radar: Spyware vendor Variston is reportedly shutting down, Crowdstrike tracks 232 threat actors, Meta and Freenom reach settlement. 

ConnectWise ScreenConnect vulnerability tracked as CVE-2024-1709 and SlashAndGrab exploited to deliver ransomware and other malware.

Tangerine Telecom says attackers stole the personal information of 230,000 individuals from a legacy customer database.

AT&T said the hourslong outage to its U.S. cellphone network Thursday appeared to be the result of a technical error, not a malicious attack.

Microsoft releases PyRIT red teaming tool to help identify risks in generative AI through automation.

European security vendor Avast is charged with harvesting consumer web browsing data through its browser extension and anti-virus software and “and sold it without adequate notice and without consumer consent.”

Eye care practice management firm American Vision Partners faces lawsuit over data breach impacting 2.3 million patients.

Russian state-sponsored threat actor Turla has been using a new backdoor in recent attacks targeting Polish NGOs.

Threat actors are actively deploying the recently released self-replicating and self-propagating SSH-Snake worm.

Leaked documents show how Chinese authorities surveil dissidents overseas, hack other nations and promote pro-Beijing narratives online.

CISA, FBI and EPA release guidance on how Water and Wastewater Systems Sector entities can secure their environments.

ConnectWise vulnerability exploited ConnectWise vulnerability exploited

ConnectWise ScreenConnect vulnerability tracked as CVE-2024-1709 and SlashAndGrab exploited to deliver ransomware and other malware.

Lockbit ransomware takedown Lockbit ransomware takedown

The US is offering big rewards for information on LockBit cybercriminals as law enforcement claims to have identified some individuals.

Apple PQ3 quantum encryption for iMessage Apple PQ3 quantum encryption for iMessage

Apple unveils PQ3, a new post-quantum cryptographic protocol for iMessage designed to protect communications against quantum computing attacks.

Top Cybersecurity Headlines

The White House is seeking public comment on the risks and benefits of having an AI system’s key components publicly available for anyone to…

Join the webinar to learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Use of AI to cut through the noise and confusion of the current vulnerability prioritization approaches suggests an exciting future for AI-assisted operations to…

High-severity vulnerability in Apple Shortcuts could lead to sensitive information leak without user’s knowledge.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Upcoming Virtual Events

CISOs and risk management leaders must understand clearly the role of cyber insurance in a robust security program, ongoing changes to premiums and policy pricing, the errors that could deny coverage and how it all fits into global incident response planning.

Learn More
Cyber AI & Automation Summit

SecurityWeek’s inaugural Cyber AI & Automation Summit pushes the boundaries of security discussions by exploring the implications and applications of predictive AI, machine learning, and automation in modern cybersecurity programs.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place in 2023 as a virtual event. (June 13-14, 2023)

Learn More

As CISOs and corporate defenders grapple with the intricacies of securing sensitive data passing through multi-cloud deployments and APIs, the importance of frameworks, tools, controls and design models have surfaced to the front burner. (July 19, 2023)

Learn More

Vulnerabilities

Cybercrime

Researchers at the University of Texas at Austin have demonstrated how the GPS signals of an unmanned aerial vehicle (UAV), or drone, can be hijacked by an outside source.

For many years network security has taken something of a primarily reactive, top-down mentality to dealing with threats. For example, when a new malicious widget emerges, then the security industry spins up new anti-widget products to stop them. These technologies obviously have their place, and few of us would consider securing a network without IPS and anti-virus capabilities. However, most organizations lack a comparable bottoms-up strategy to proactively identify all traffic and determine if it is appropriate.

According to a recently released report coming from the DHS-managed Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), U.S. companies that operate control systems associated with critical infrastructure have experienced a spike in what ICS-CERT calls “cyber incidents” in recent years.

Kaspersky Lab Discovers New Mac OS X Backdoor Variant Used in Targeted AttacksResearchers from Russian security firm Kaspersky Lab today said they have discovered a new APT campaign that is using a new Mac OS X backdoor variant targeted at Uyghur activists.

As cybercriminals crank out massive amounts of malware on a daily basis, identifying, analyzing and classifying malware is a challenge, and one that needs to be met using automation. This is nothing new for traditional anti-virus vendors, but something mobile security firms are still developing tools for.This week, mobile security vendor NQ Mobile said that it has devised a new way to detect mobile threats without relying on known malware samples and their signatures.

Using data taken from raw application traffic within some 2,000 organizations worldwide, the semi-annual Application Usage and Risk Report from Palo Alto Networks shows that streaming media, P2P applications, and social networking are sucking the corporate bandwidth away from other areas where bandwidth and availability are a must.

A Higher Education Student Database is an Identity Thief’s Dream Come True...No more fertile ground for security breaches exists in the United States than our colleges and universities. The confluence of enormous stores of identity data, atmospheres of freedom of information, and ready-made teams of socially motivated hackers chosen from the best and brightest our country has to offer make this claim close to a certainty.

In the wake of a breach at Wyndham Worldwide that has resulted in a lawsuit against the company from the FTC, questions have emerged about why there was no SEC filing from the hotel and resort chain – given the guidance and recommendations published by the commission last year.

Web Application Security gurus, WhiteHat Security, released a report this week that examines the severity and duration of Web application security related vulnerabilities discovered in 2011. When the numbers are stacked against those from similar reports published since 2007, the number of major vulnerabilities has fallen dramatically.

According to a study from Symantec, information is a pricy asset within an organization, costing businesses $1.1 trillion annually. Yet, the same organizations paying such a high cost to manage their data often have problems protecting it.

On July 9, the FBI will shutdown the temporary servers that enable systems infected by the DNSChanger malware to access the Web. For most, the shutdown will mean nothing; however that isn’t the case for 60 companies within the Fortune 500.

Secunia, a provider vulnerability management solutions, on Thursday launched Secunia Personal Software Inspector 3.0, a free scanner that identifies software applications that may be insecure and need to be patched.Following its debut in 2007, the tool now supports and provides the security status for more than 3,000 vendors, including Microsoft and third-party programs.

SIEM vendor LogRhythm, on Thursday announced that it has closed a $15 million Series D round of funding led by Siemens’ Venture Capital group.The Boulder, Colorado-based company said the funds would be used to help accelerate growth, product innovation and international expansion.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Only 54% of major code changes go through a full security review, a new CrowdStrike State of Application Security report reveals.