Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Ferrari said that a ransomware attack was responsible for a data breach that exposed customer details, but did not impact company operations.

Maryland startup Aembit gets funding to build an identity platform designed to manage, enforce, and audit access between federated workloads.

Cryptocurrency ATM maker General Bytes discloses a security incident resulting in the theft of millions of dollars’ worth of crypto-coins.

Waterfall Security Solutions and TXOne Networks have each announced launching new OT security appliances.

Hitachi Energy has blamed a data breach affecting employees on the recent exploitation of a zero-day vulnerability in Fortra’s GoAnywhere solution.

NBA is notifying individuals that their information was stolen in a data breach at a third-party mailing services provider.

Cybercriminals are abusing the Adobe Acrobat Sign service in a campaign distributing the RedLine information stealer malware.

Conor Brian Fitzpatrick of New York was arrested and charged last week for allegedly running the popular cybercrime forum BreachForums.

Huawei has replaced thousands of product components banned by the US with homegrown versions, its founder has said.

Latitude Financial Services says the personal information of 300,000 customers was stolen in a cyberattack.

Three US government agencies have issued a joint warning to organizations about LockBit 3.0 ransomware attacks.

The recently identified Trigona ransomware has been highly active, targeting tens of organizations globally.

Ferrari ransomware attack and data breach Ferrari ransomware attack and data breach

Ferrari said that a ransomware attack was responsible for a data breach that exposed customer details, but did not impact company operations.

Pompompurin arrested Pompompurin arrested

Conor Brian Fitzpatrick of New York was arrested and charged last week for allegedly running the popular cybercrime forum BreachForums.

Huawei Huawei

Huawei has replaced thousands of product components banned by the US with homegrown versions, its founder has said.

Top Cybersecurity Headlines

Ferrari said that a ransomware attack was responsible for a data breach that exposed customer details, but did not impact company operations.

Maryland startup Aembit gets funding to build an identity platform designed to manage, enforce, and audit access between federated workloads.

Cryptocurrency ATM maker General Bytes discloses a security incident resulting in the theft of millions of dollars’ worth of crypto-coins.

Waterfall Security Solutions and TXOne Networks have each announced launching new OT security appliances.

SecurityWeek Industry Experts

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents. (Sponsored by: Immersive Labs)

Register

Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems. (Sponsored by: Saviynt)

Register

Upcoming Virtual Events

Attack Surface Management Summit

As network defenders adopt Attack Surface Management tools to continuously monitor for signs of weaknesses, this event will share best practices and actionable information to reduce risk from exposed attack surfaces.

Learn More
Ransomware Resilience & Recovery Summit

This event will separate hype from reality. SecurityWeek’s Ransomware Resilience and Recovery Summit will help cybersecurity teams to plan, prepare, and recover from ransomware incidents that continue to impose major costs businesses.

Learn More
Supply Chain Security Summit

The surge in software supply chain attacks has sent defenders scrambling to find mitigations and solutions. This event will address the complex nature of the problem, best practices for mitigating security issues, and tools and frameworks available.

Learn More
Zero Trust Strategies Summit

Zero Trust is more than a marketing buzzword. In this event, security experts will decipher the confusing world of Zero Trust, and share war stories on securing organizations by eliminating implicit trust and continuously validating every stage of digital interaction.

Learn More

Vulnerabilities

Cybercrime

Heartland Payment Systems quietly issued a press release late Wednesday afternoon, announcing a settlement agreement with Discover Financial Services related to a 2008 data breach.Heartland will pay Discover $5 million as part of the settlement and the case is officially closed.On January 20, 2009 Heartland announced that a security breach had occurred in 2008, involving malicious software that compromised data within Heartland's network.

Verizon and VMware to Launch Enterprise-Class Hybrid Cloud Solution Verizon Business and VMware have announced a new enterprise-class hybrid cloud solution which the two claim will enable enterprises with vCloud-based infrastructure to move their applications to the cloud using existing IT configurations and applications, with no compromise in security or performance.

Fortinet released its August 2010 Threat Landscape report showing some interesting changes and shifts from previous months, with an interesting trend in “Do-It-Yourself” Botnet Kits gaining momentum and becoming a serious threat.

QualysGuard PCI 5.0 - New Dashboard and Interactive Workflows to Support New Approved Scanning Vendor Requirements Qualys upgraded its PCI compliance suite today with the release of QualysGuard PCI 5.0. The upgraded solution provides customers a simplified way to meet the latest Payment Card Industry Data Security Standard (PCI DSS) compliance requirements.

Snoop Dogg and Norton Announce 'Hack is Wack' Video Contest To Raise Cybercrime Awareness Think you can bust out some silly fresh rhymes on the subjects of hacking, identity theft and computer viruses?

Wyse Technology today announced an expanded strategy involving thin and zero client computing, desktop virtualization, unified communications, and mobile access to virtual environments. Wyse will work with key partners including Citrix, IBM, Microsoft, VMware and others, along with its resellers, to deploy what the company characterizes as “a broader set of options for government, business and education.”

HP Launches CloudStart to Fast Track Customers to Private Clouds HP wants to take customers on a flight to the private cloud – and get them there quickly. HP says that with its HP CloudStart solution, it can deploy an open and flexible private cloud environment within 30 days.

.LNK Exploits - Shortcuts to InsecurityThe vulnerability in Windows Shell’s parsing of .LNK (shortcut) files presents some interesting and novel features in terms of its media lifecycle as well as its evolution from zero-day to patched vulnerability. For most of us, the vulnerability first came to light in the context of Win32/Stuxnet, malware that in itself presents some notable quirks.

Fake TweetDeck Updates Being Spread via Hacked Twitter AccountsCybercriminals are using hacked/compromised Twitter accounts to spread malicious links pointing to a fake update to TweetDeck, a popular client used to access Twitter.Some of the messages (tweets) that users may see include ones such as:• Hurry up for tweetdeck update!• Update TweetDeck! Bank Holiday• Critical tweetdeck update Bank Holiday• Sorry for offtopic, but it is a critical TweetDeck update. It won't work tomorrow!

Enterprise Data Loss Continues at Alarming RateA plethora of social media tools, increasing adoption of mobile devices being used for business, and the economic downturn are posing serious challenges for organizations looking to keep confidential company and customer data within company walls.Email leads the way as the number one method confidential company information is leaked in large enterprises, while social media tools and mobile devices are becoming a major threat, according to a recent study.

NETGEAR today announced the introduction of a new Unified Threat Management appliance that integrates with Microsoft Active Directory to provide single sign-on. While focused on businesses with fewer than 100 employees, the new appliance, dubbed the ProSecure® UTM50, has been optimized for larger businesses and built with scalability in mind.

CA Technologies Acquires Arcot Systems for $200 Million in CashThe security space is hot folks! The acquisitions of security related companies continues this morning with CA Technologies announcing that it has signed a definitive agreement to acquire Arcot Systems, Inc., a provider of authentication and fraud prevention solutions. CA will pay $200 million in cash for the privately-held company.

Undersecretary of Defense William J. Lynn has published an essay in Foreign Affairs magazine redefining the United States’ stance towards cyberwarfare, and he’s already getting shot at – primarily by IT pundits who find it hard to believe that the incident which led to the Pentagon’s recognizing cyberspace as a new “domain of warfare” could have really happened as described.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

GitHub this week made secret scanning generally available and free for all public repositories.

Cloud Security