Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Join the webinar to learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Use of AI to cut through the noise and confusion of the current vulnerability prioritization approaches suggests an exciting future for AI-assisted operations to vulnerability triaging.

High-severity vulnerability in Apple Shortcuts could lead to sensitive information leak without user’s knowledge.

Noteworthy stories that might have slipped under the radar: Spyware vendor Variston is reportedly shutting down, Crowdstrike tracks 232 threat actors, Meta and Freenom reach settlement. 

ConnectWise ScreenConnect vulnerability tracked as CVE-2024-1709 and SlashAndGrab exploited to deliver ransomware and other malware.

Tangerine Telecom says attackers stole the personal information of 230,000 individuals from a legacy customer database.

AT&T said the hourslong outage to its U.S. cellphone network Thursday appeared to be the result of a technical error, not a malicious attack.

Microsoft releases PyRIT red teaming tool to help identify risks in generative AI through automation.

European security vendor Avast is charged with harvesting consumer web browsing data through its browser extension and anti-virus software and “and sold it without adequate notice and without consumer consent.”

Eye care practice management firm American Vision Partners faces lawsuit over data breach impacting 2.3 million patients.

Russian state-sponsored threat actor Turla has been using a new backdoor in recent attacks targeting Polish NGOs.

Threat actors are actively deploying the recently released self-replicating and self-propagating SSH-Snake worm.

Leaked documents show how Chinese authorities surveil dissidents overseas, hack other nations and promote pro-Beijing narratives online.

CISA, FBI and EPA release guidance on how Water and Wastewater Systems Sector entities can secure their environments.

Change Healthcare is experiencing network disruptions after taking systems offline in response to a cyberattack.

ConnectWise vulnerability exploited ConnectWise vulnerability exploited

ConnectWise ScreenConnect vulnerability tracked as CVE-2024-1709 and SlashAndGrab exploited to deliver ransomware and other malware.

Lockbit ransomware takedown Lockbit ransomware takedown

The US is offering big rewards for information on LockBit cybercriminals as law enforcement claims to have identified some individuals.

Apple PQ3 quantum encryption for iMessage Apple PQ3 quantum encryption for iMessage

Apple unveils PQ3, a new post-quantum cryptographic protocol for iMessage designed to protect communications against quantum computing attacks.

Top Cybersecurity Headlines

Join the webinar to learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Use of AI to cut through the noise and confusion of the current vulnerability prioritization approaches suggests an exciting future for AI-assisted operations to…

High-severity vulnerability in Apple Shortcuts could lead to sensitive information leak without user’s knowledge.

Noteworthy stories that might have slipped under the radar: Spyware vendor Variston is reportedly shutting down, Crowdstrike tracks 232 threat actors, Meta and Freenom…

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Upcoming Virtual Events

CISOs and risk management leaders must understand clearly the role of cyber insurance in a robust security program, ongoing changes to premiums and policy pricing, the errors that could deny coverage and how it all fits into global incident response planning.

Learn More
Cyber AI & Automation Summit

SecurityWeek’s inaugural Cyber AI & Automation Summit pushes the boundaries of security discussions by exploring the implications and applications of predictive AI, machine learning, and automation in modern cybersecurity programs.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place in 2023 as a virtual event. (June 13-14, 2023)

Learn More

As CISOs and corporate defenders grapple with the intricacies of securing sensitive data passing through multi-cloud deployments and APIs, the importance of frameworks, tools, controls and design models have surfaced to the front burner. (July 19, 2023)

Learn More

Vulnerabilities

Cybercrime

Qualys, the soon-to-go-public provider of cloud security and compliance solutions, today said that its flagship QualysGuard Web Application Scanning (WAS) service will be able to help customers identify Web application cookies in order to help organizations comply with the European Union (EU) Cookie Directive that will be enforced in the United Kingdom (UK) effective on May 26, 2012.

Each year, security experts and IT experts take a hard look at the threats that dominated in years past in an effort to prepare for the future. While hacker groups and technology are evolving faster than ever, there are still trends we can spot if we take a far and wide enough step back to see the whole picture. The annual Verizon Data Breach Investigations report shines some holistic light on what’s been happening in the world of cybercrime. Here’s...

Cisco Addresses Code execution and DoS Vulnerabilities Cisco has issued three security advisories that address vulnerabilities within Cisco ASA and ASASM, their AnyConnect Secure Mobility Client, and Application Control Engine (ACE). According to their warnings, Cisco says that the issues could lead to code execution in some cases, or denial of service in others.

Michael Barrett, PayPal's CISO, was initially against the idea of paying people who reported security problems properly. However, after seeing the success of the bug bounty programs launched by Mozilla, Google, and Facebook, he’s had a change of heart. So on Thursday, PayPal officially launched a bounty program of their own, becoming the first financial firm on the Web to do so in the process.

A Russian security firm, using a combination of TCP scans and Google, found that nearly a quarter of the organizations running vulnerable versions of SAP are tempting fate by leaving them exposed to the Internet. This discovery, the research says, dispels the myth that SAP systems are only available from the internal network, leading to the misconception that they are protected by design.

According to comments made on Iran’s state-ran television by Intelligence Minister Heydar Moslehi, the nation has detected another cyber attack aimed at their nuclear facilities. These claims come shortly after the New York Times and Washington Post independently revealed that the U.S., along with Israel, used Stuxnet and Flame to target Iran’s nuclear program.Iran's Intelligence Minister Heydar Moslehi made the comments Thursday afternoon.

Researchers at ESET have uncovered a new worm that is stealing AutoCAD drawings and designs, and shipping them off to an email account that appears to be in China. Given the hype around Stuxnet and other focused code, the appearance of this worm took ESET researchers by surprise.The malware itself is written in AutoLISP, the scripting language used by AutoCAD. Over the last two months, the worm – called ACAD/Medre.A – has remained focused on Latin America, most notably Peru.

Face.com, the facial recognition start-up recently purchased by Facebook, has patched a vulnerability in its KLIK application that could have enabled attackers to compromise Twitter and Facebook accounts. The vulnerability was reported by independent security researcher Ashkan Soltani. KLIK is an iPhone camera app designed to make it easy for Facebook users to tag their friends in photos using facial recognition technology.

Security firm Sophos has issued alerts on to two separate, but related attacks, targeting a European aeronautical parts supplier and a European medical company. In each case, the attackers are using an unpatched vulnerability in Internet Explorer to target their victims.

Internet security firm Check Point Software Technologies today introduced a new line of security appliances designed to provide multi-layered DDoS protection to help organizations defend against a wide range of Distributed Denial of Service (DDoS) attacks.The new “DDoS Protector” line of appliances come in seven models that offer throughput ranging from 500Mbps to 12 Gbps. Additionally, the appliances are integrated with the Check Point management suite, giving users a single point of control and a full view of security events.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Only 54% of major code changes go through a full security review, a new CrowdStrike State of Application Security report reveals.