Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Hundreds of operations and appointments are still being canceled more than two weeks after the June 3 cyberattack on NHS provider Synnovis.

Santander US is notifying over 12,000 employees that their personal information was compromised in a data breach.

A recently patched Vision Pro vulnerability was classified by Apple as a DoS issue, but a researcher has shown that it’s ‘scary’.

Noteworthy stories that might have slipped under the radar: Microsoft email spoofing vulnerability, Snowflake hack victims get ransom demands, LogoFail still around.

Threat actors are exploiting a recent path traversal vulnerability in SolarWinds Serv-U using public PoC code.

CISA says CFATS program data was likely accessed after an Ivanti Connect Secure appliance was hacked in January.

The US government announced a ban on the sale of Kaspersky software over fears that the company is controlled by the Russian government.

Car dealership software provider CDK Global was in the process of restoring services impacted by a cyberattack when it discovered an additional hack.

Change Healthcare is starting to notify hospitals, insurers and other customers that they may have had patient information exposed in a massive cyberattack.

A years-long espionage campaign has targeted telecoms companies in Asia with tools associated with Chinese groups.

Ilya Sutskever’s new company is focused on safely developing “superintelligence” – a reference to AI systems that are smarter than humans.

People on the Move

Data security startup Reco adds Merritt Baer as CISO

Chris Pashley has been named CISO at Advanced Research Projects Agency for Health (ARPA-H).

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

Merlin Ventures has appointed cybersecurity executive Andrew Smeaton as the firm’s CISO-in-Residence.

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

More People On The Move
Kaspersky software ban Kaspersky software ban

The US government announced a ban on the sale of Kaspersky software over fears that the company is controlled by the Russian government.

CDK car dealership hack CDK car dealership hack

Car dealership software provider CDK Global was in the process of restoring services impacted by a cyberattack when it discovered an additional hack.

UEFI vulnerability UEFI vulnerability

Hundreds of PC and server models may be affected by CVE-2024-0762, a privilege escalation and code execution flaw in Phoenix SecureCore UEFI firmware.

Top Cybersecurity Headlines

AI model weights govern outputs from the system, but altered or ‘poisoned’, they can make the output erroneous and, in extremis, useless and dangerous.

AMD has launched an investigation after a notorious hacker announced selling sensitive data allegedly belonging to the company.

Researchers have targeted the MTE security feature in Arm CPUs and showed how attackers could bypass protections.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn how you can transform your security strategy to build your organization’s resilience in the face of evolving threats.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s annual cloud security virtual summit returns with a deliberate focus on exposed attack surfaces and weaknesses in public cloud infrastructure and APIs.

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies.

Learn More

Vulnerabilities

Cybercrime

Secunia, a Copenhagen, Denmark-based provider of vulnerability management solutions, has updated its vulnerability management platform to proactively alert organizations of software vulnerabilities so they can hopefully be addressed before infrastructure is compromised.

Storage giant EMC today said that it has signed a definitive agreement to acquire privately held Silver Tail Systems, a provider of web session intelligence and behavioral analytics for fraud and cybercrime detection.

Security firm Imperva has published its hacker intelligence report for October, which is the company’s second report focusing on the activity of one of the Web’s largest hacking forums. In addition to training resources, such as tutorials and scripts, Imperva also detected a market for social networking fraud. “By examining what information hackers seek out or share in these forums, we can better understand where they are focusing their efforts,” said Amichai Shulman, Imperva’s CTO.

A recent study by AT&T and the Polytechnic Institute of New York University (NYU-Poly) has discovered that while a majority of small businesses allow the use of mobile devices (phones and tablets), very few of them are taking any proactive measures when it comes to device security.

A new report from Trend Micro highlights how network traffic can be used to detect advanced persistent threats (APTs) through the correlation of threat intelligence.

According to The Hill, a blog reporting on Congressional activities, the cybersecurity bill that has had a rocky life in Washington is now likely dead. Both sides of the political spectrum are showing little interest in working out the issues.

On Friday, Mozilla issued another security fix for issues discovered after the release of Firefox 16.0.1, which if exploited, would allow Cross-Site Scripting (XSS) or code execution. The latest release is available now in the update channel and for direct download. Friday’s release marks the third time this month that security issues needed to be addressed. It’s also the 14th critical fix released for version 16.

WASHINGTON - It is expected to be the mother of all cyber diplomatic battles. When delegates gather in Dubai in December for an obscure UN agency meeting, fighting is expected to be intense over proposals to rewrite global telecom rules to effectively give the United Nations control over the Internet.

WatchGuard Technologies, a Seattle, Washington-based IT security solutions vendor, said early this week that its UTM security appliances will soon be able to configure themselves, thanks to “RapidDeploy”, a new cloud-based configuration utility.

ISLAMABAD - Pakistan will block mobile phone networks in several cities early Saturday over security fears during the Muslim festival of Eid al-Adha, Interior Minister Rehman Malik said. The decision "based on intelligence reports" has been taken to prevent attacks by Taliban and Al-Qaeda-linked militants on Muslim congregations in several cities including parts of the capital Islamabad, he said Friday.

I don’t play poker well. I donate money to my friends every few weeks because I like to eat junk food, breathe bad cigar smoke and hang with the guys. I’m so easy to read; when I get a good hand I stare at my opponents’ chips, willing them into the pot. When I’m bluffing, I fidget. Take my money, just invite me back; my ‘tells’ are legendary amongst my friends.

OTTAWA - Canada and the United States announced Friday they were launching a joint cybsersecurity plan to protect their digital infrastructure from online threats. The action plan, under the auspices of the US Department of Homeland Security and Public Safety Canada, aims to better protect critical digital infrastructure and improve the response to cyber incidents.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.

Cloud Security