Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Ransomware insights: When ransomware first appeared, the term became associated with encrypting data. This is a misconception.

Researchers document VoltSchemer attacks that manipulate power voltage to take over commercial wireless chargers.

Security experts describe exploitation of the CVSS 10/10 flaw as “trivial and embarrassingly easy.”

Join the webinar to learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

A new Biden executive order to boost the cybersecurity of US ports highlights the risks associated with the use of Chinese cranes.

Apple unveils PQ3, a new post-quantum cryptographic protocol for iMessage designed to protect communications against quantum computing attacks.

Security teams need to combine the angles of client-side and server-side detection in order to have the best chance of mitigating the risk of advanced mobile malware.

Attackers weaken Redis instances to deploy the new Migo malware and install a rootkit and cryptominers.

Google and Mozilla resolve high-severity memory safety vulnerabilities with the latest Chrome and Firefox updates.

German control system solutions provider PSI Software says it is still recovering from a ransomware attack.

NSA says Rob Joyce is retiring as cybersecurity director and will be replaced by David Luber, the current deputy director of cybersecurity.

The ransomware threat is declining as actors pivot to infostealing, according to IBM, which says that attacks on cloud services and critical infrastructures are growing.

ConnectWise ships patches for extremely critical security defects in its ScreenConnect remote desktop access product and urges emergency patching.

Shadowserver Foundation has identified roughly 28,000 Microsoft Exchange servers impacted by a recent zero-day.

Supply chain security insights: A successful attack against a supplier can lead to multiple opportunities against the supplier’s downstream customers.

Apple PQ3 quantum encryption for iMessage Apple PQ3 quantum encryption for iMessage

Apple unveils PQ3, a new post-quantum cryptographic protocol for iMessage designed to protect communications against quantum computing attacks.

Rob Joyce retiring from NSA Rob Joyce retiring from NSA

NSA says Rob Joyce is retiring as cybersecurity director and will be replaced by David Luber, the current deputy director of cybersecurity.

Lockbit ransomware takedown Lockbit ransomware takedown

The LockBit ransomware operation has been severely disrupted by an international law enforcement operation resulting in server seizures and arrests.

Top Cybersecurity Headlines

Ransomware insights: When ransomware first appeared, the term became associated with encrypting data. This is a misconception.

Researchers document VoltSchemer attacks that manipulate power voltage to take over commercial wireless chargers.

Security experts describe exploitation of the CVSS 10/10 flaw as “trivial and embarrassingly easy.”

Join the webinar to learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the live webinar to learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Upcoming Virtual Events

CISOs and risk management leaders must understand clearly the role of cyber insurance in a robust security program, ongoing changes to premiums and policy pricing, the errors that could deny coverage and how it all fits into global incident response planning.

Learn More
Cyber AI & Automation Summit

SecurityWeek’s inaugural Cyber AI & Automation Summit pushes the boundaries of security discussions by exploring the implications and applications of predictive AI, machine learning, and automation in modern cybersecurity programs.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place in 2023 as a virtual event. (June 13-14, 2023)

Learn More

As CISOs and corporate defenders grapple with the intricacies of securing sensitive data passing through multi-cloud deployments and APIs, the importance of frameworks, tools, controls and design models have surfaced to the front burner. (July 19, 2023)

Learn More

Vulnerabilities

Cybercrime

Sourcefire’s FireSIGHT and FireAMP Mobile Provide Visibility and Control to Help Discover and Block Mobile Threats on Enterprise NetworksCybersecurity solutions provider Sourcefire today announced new solutions designed to help enterprises protect against advanced threats stemming from mobile devices and the challenges associated with the “Bring Your Own Device” (BYOD) trend.

Automatic Transfer System Circumvents Banking Security Measures, Uses "Man in the Browser" Attack to Automate Bank FraudTrend Micro today released a new report that identifies an Automatic Transfer System (ATS) that enables cybercriminals to circumvent many bank security measures and drain victims' bank accounts without leaving visible signs of malicious activity.

The HoneyNet project has launched a new tool dubbed Ghost, developed by a German student, which aims to combat USB-based malware. The researcher from Bonn University, Sebastian Peoplau, developed his tool as part of his bachelor thesis, but it may end up being a go to resource for prevention on standalone and critical systems.

Vladislav Anatolievich Khorokhorin, better known in some circles as ‘Badb’ – has been extradited from France to the United States in order to face charges for credit card trafficking.Badb, according to the U.S. Department of Justice, is the world’s most prolific sellers of stolen credit cards. He made his first appearance before a U.S. judge last week in Washington, D.C., where he was arraigned and ordered detained pending trial.

Facebook, Google, Twitter, AOL, IAB Unite to Protect Users From Malicious Ads With Creation of Ads Integrity AllianceA new alliance comprised of several large online companies and organizations on Friday, announced the launch of the “Ads Integrity Alliance,” an initiative with a mission to protect users from bad ads and maintain trust in the online advertising world.

Weichao Sun, a Trend Micro mobile threat researcher, has discovered a malicious library file within certain Android applications, which hides its routines within the dynamic library in order to make detection harder and avoid removal.The malicious library, libvadgo, was developed using a common Android development toolset. Once libvadgo is called via Java_com_airpuh_ad_UpdateCheck_DataInit, the phone is scanned for signs of being rooted. If so, then various commands are initiated and a separate file is run.

Earlier this week, an Industrial Control System (ICS) security assessment firm, DigitalBond, posted details on a Phishing attack that was targeting their company. Additional research into the attempt has linked the attackers to similar campaigns targeting defense contractors and universities.

US-CERT has issued a warning to organizations and systems providers focusing on a VM vulnerability, which if exploited, would allow the attacker to leave the guest environment; better known as a guest-to-host virtual machine escape.

On Tuesday, the exploit code needed in order to gain administrative rights on several F5 network appliances was added to the Metasploit framework. The addition comes one week after F5 warned customers about the issue, and advised them to take one of three recommended actions, such as upgrading to a non-vulnerable version.

On Tuesday, Microsoft patched over two dozen vulnerabilities across the Windows platform. At the same time, criminals started targeted a new vulnerability that has now become the topic of interest within the security-focused community, especially when Google announced that it is being actively exploited.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Only 54% of major code changes go through a full security review, a new CrowdStrike State of Application Security report reveals.

Cloud Security