Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Santander US is notifying over 12,000 employees that their personal information was compromised in a data breach.

A recently patched Vision Pro vulnerability was classified by Apple as a DoS issue, but a researcher has shown that it’s ‘scary’.

Noteworthy stories that might have slipped under the radar: Microsoft email spoofing vulnerability, Snowflake hack victims get ransom demands, LogoFail still around.

Threat actors are exploiting a recent path traversal vulnerability in SolarWinds Serv-U using public PoC code.

CISA says CFATS program data was likely accessed after an Ivanti Connect Secure appliance was hacked in January.

The US government announced a ban on the sale of Kaspersky software over fears that the company is controlled by the Russian government.

Car dealership software provider CDK Global was in the process of restoring services impacted by a cyberattack when it discovered an additional hack.

Change Healthcare is starting to notify hospitals, insurers and other customers that they may have had patient information exposed in a massive cyberattack.

A years-long espionage campaign has targeted telecoms companies in Asia with tools associated with Chinese groups.

Ilya Sutskever’s new company is focused on safely developing “superintelligence” – a reference to AI systems that are smarter than humans.

Pomerium raises $13.75 million in Series A funding for dynamic user identity verification and access management platform.

People on the Move

Data security startup Reco adds Merritt Baer as CISO

Chris Pashley has been named CISO at Advanced Research Projects Agency for Health (ARPA-H).

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

Merlin Ventures has appointed cybersecurity executive Andrew Smeaton as the firm’s CISO-in-Residence.

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

More People On The Move
Kaspersky software ban Kaspersky software ban

The US government announced a ban on the sale of Kaspersky software over fears that the company is controlled by the Russian government.

CDK car dealership hack CDK car dealership hack

Car dealership software provider CDK Global was in the process of restoring services impacted by a cyberattack when it discovered an additional hack.

UEFI vulnerability UEFI vulnerability

Hundreds of PC and server models may be affected by CVE-2024-0762, a privilege escalation and code execution flaw in Phoenix SecureCore UEFI firmware.

Top Cybersecurity Headlines

AI model weights govern outputs from the system, but altered or ‘poisoned’, they can make the output erroneous and, in extremis, useless and dangerous.

AMD has launched an investigation after a notorious hacker announced selling sensitive data allegedly belonging to the company.

Researchers have targeted the MTE security feature in Arm CPUs and showed how attackers could bypass protections.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn how you can transform your security strategy to build your organization’s resilience in the face of evolving threats.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s annual cloud security virtual summit returns with a deliberate focus on exposed attack surfaces and weaknesses in public cloud infrastructure and APIs.

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies.

Learn More

Vulnerabilities

Cybercrime

The modern enterprise IT environment is extremely complex. A myriad of smartphones, tablets, applications and network devices, along with the growing use of virtualization and cloud services, all present an increasing volume of management and security concerns.

An assembly of tech giants including AMD, Honeywell, Intel, Lockheed Martin, and RSA, has come together to form the “Cyber Security Research Alliance”, a consortium that will focus on the "grand challenges" for cyber security and next generation technologies.

AlienVault, the company behind open source SIEM, OSSIM, on Wednesday announced the formation of the Open Minds Exchange (OME), a resource center housing a collection of research, tools, and thoughts from both their in house experts and those in the security community. In an effort to make access to this data readily available, the security firm released two mobile applications for iOS as part of the initiative.

BRUSSELS - Microsoft did not meet commitments to provide clients a web browser choice in 2011-12, the European Commission said Wednesday as it pursued a probe that could lead to more fines for the US software giant. Microsoft had made a legally binding commitment to provide such a choice and it was a serious matter to breach them, European Competition Commissioner Joaquin Almunia said.

The University of Alabama’s Center for Information Assurance and Joint Forensics Research (CIA|JFR) has received $250,000 from the world’s largest social network, thanks in part to their help in taking down the Koobface gang. The money comes from legal winnings earned by Facebook, after they started taking spammers and scammers to court.

Deloitte Survey Shows Few State CISOs Are Confident In Their States' Ability to Defend Against Cyber Attacks Less than a quarter of state chief information security officers were confident in their states' ability to safeguard data from attacks, according to a recent Deloitte & Touche survey. Only 32 percent of the CISOs felt state employees have the "required cyber-security competency."

OTTAWA - Canada "has been slow" to set up firewalls to protect against cyber threats to critical infrastructure, leaving the nation vulnerable to crippling attacks, the auditor general warned Tuesday. In a report, Auditor General Michael Ferguson said the government has made only "limited progress" over the past decade to safeguard electrical grids, telecommunications infrastructure, banking systems, manufacturing and transportation, as well as its own computers.

BRUSSELS - The European Commission outlined measures Tuesday to tighten controls on online gambling, a fast-growing, multi-billion-euro industry, to combat fraud, money laundering and rigging of sport fixtures. "Consumers, but more broadly all citizens, must be adequately protected," European internal markets commissioner Michel Barnier said.

Return Path, provider of email intelligence information and solutions, today launched two anti-phishing solutions that it says will arm brand marketers and IT security professionals with tools to protect their brands through visibility into known, unknown and potentially harmful, fraudulent email traffic.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.

Cloud Security