Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Cisco Duo warns that breach exposed phone numbers, phone carriers, metadata and other logs that could lead to downstream social engineering attacks.

NightVision, an early stage startup in the application security testing space, has raised $5.4 million in seed funding.

The Dark Angels (Dunghill) ransomware group claims to have stolen 1 Tb of data from Nexperia, which is investigating the incident.

Juniper Networks patches dozens of vulnerabilities in Junos OS, Junos OS Evolved, and other products.

ICS malware Fuxnet allegedly used by Ukrainian Blackjack group to disrupt industrial sensors and other systems belonging to a Moscow infrastructure firm.

Authorities in Australia and the US have arrested and charged two individuals for developing and selling the Hive RAT.

Former security engineer Shakeeb Ahmed was sentenced to prison for hacking and defrauding cryptocurrency exchanges.

Palo Alto Networks has started releasing hotfixes for the firewall zero-day CVE-2024-3400, which some have linked to North Korea’s Lazarus. 

The bill was approved on a bipartisan basis, 273-147, though it will still have to clear the Senate to become law.

A state-sponsored threat actor has been exploiting a zero-day in Palo Alto Networks firewalls for the past two weeks.

Financial terms of the translation were not disclosed but reports out of Tel Aviv valued the deal in the range of $350 million.

People on the Move

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

Certificate lifecycle management firm Sectigo has hired Jason Scott as its CISO.

The State of Vermont has appointed John Toney as the state’s new CISO.

More People On The Move
Palo Alto Networks Palo Alto Networks

Palo Alto Networks has started releasing hotfixes for the firewall zero-day CVE-2024-3400, which some have linked to North Korea’s Lazarus. 

Microsoft breach Microsoft breach

The US government says Midnight Blizzard’s compromise of Microsoft corporate email accounts “presents a grave and unacceptable risk to federal agencies.”

How AWS disrupts DDoS attacks and is tackling IP Spoofing at the source How AWS disrupts DDoS attacks and is tackling IP Spoofing at the source

SecurityWeek speaks to Tom Scholl, VP and distinguished engineer at AWS, on how the organization tackles IP Spoofing and DDoS attacks.

Top Cybersecurity Headlines

Cisco Duo warns that breach exposed phone numbers, phone carriers, metadata and other logs that could lead to downstream social engineering attacks.

NightVision, an early stage startup in the application security testing space, has raised $5.4 million in seed funding.

The Dark Angels (Dunghill) ransomware group claims to have stolen 1 Tb of data from Nexperia, which is investigating the incident.

Juniper Networks patches dozens of vulnerabilities in Junos OS, Junos OS Evolved, and other products.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit dives into Threat hunting tools and frameworks, and explores the value of threat intelligence data in the defender’s security stack.

Learn More

Vulnerabilities

Cybercrime

Imation Corp., an Oakdale, Minnesota-based storage and data security company, today expanded its "Defender" line of secure USB hard drives, adding drives with capacities of up to 1 terabyte (TB), with an option for biometric fingerprint authentication, and new USB drive management tools.

Trusteer is reporting that they have discovered a new attack utilizing the Citadel Trojan. According to a blog post from the security firm, Citadel is targeting an enterprise VPN belonging to a major international airport, but they have withheld the name.

Oracle has released a patch for a vulnerability (CVE-2012-3132) disclosed by David Litchfield from Accuvant Labs during the Black Hat security conference last month. The vulnerability, which is SQL Injection at its core, allows an attacker to gain high-level privileges, and take complete control over the server.

The malware responsible for attacks on at least 30 local governments, universities, and businesses in the Netherlands, Dorifel (XDocCrypt), is still actively spreading and causing new infections, despite a wide net of detection within the anti-Virus market.

IT security and data protection company, Sophos, on Monday launched Sophos Mobile Control 2.5, the latest version of its offering in the increasingly competitive mobile device management (MDM) space. The latest update brings an updated web-based admin console and new features designed to provide IT administrators with a simple way to offer BYOD in the enterprise.

Last week, an Anon looking for lulz blasted a message into several rooms at once, most of those who seen the message laughed and moved on with their day. However, someone didn’t, and instead a news story appeared that – if anything – proves that the name Anonymous can be used to give even the most outlandish claims a spotlight.

New York City Mayor, Michael Bloomberg, alongside Police Commissioner Ray Kelly, announced a partnership between the city and Microsoft last week, which led to the development of crime prevention technologies that can also help where counterterrorism efforts are concerned. The system, which is said to cost between $30 and $40 million to develop, will be available to any law enforcement agency, and the City of New York will take a 30% cut of any future sale.

NEW YORK - (AFP) - Internet giant Google on Monday said it plans to lay off about 4,000 employees at cellphone maker Motorola Mobility, as it seeks to focus on sales of its Android devices.About two-thirds of the layoffs will come from outside the United States, and some 30 of Motorola Mobility's 90 global facilities will be shut, Google said.The aim of the cuts is to simplify the Motorola line of mobile phones "from feature phones to more innovative and...

If Your Organization Has Information That is Valuable Enough to Keep Private, Then There is Value For An Attacker in Stealing It...

Towards the end of July, anti-Malware vendor Intego broke the story of Crisis, the name given to a Trojan that targets Mac OS X. On Friday, ThreatMetrix, a provider of technologies that help organizations combat fraud and malware, published a report that breaks the code down, and examines the internals of the latest so-called threat targeting Mac users.

PARIS - (AFP) - The battle for Syria is raging on the ground but also on social media, where people on both sides of the conflict are hacking, posting and spamming in a frenzied propaganda war.The Twitter feeds of news organizations have been hacked by pro-regime elements, videos purporting to show atrocities in Syria are regularly posted to YouTube and pro- or anti-government messages often flood Facebook pages.

SAN FRANCISCO - (AFP) - Facebook will submit to external audits of how well it guards users' data under the terms of a settlement finalized Friday with US authorities concerned about privacy abuses.

Project leverages popular search engines to identify vulnerable systems and sensitive data in corporate networks.Information is the key; hackers on both side of the law know this. Thus the tools recently released by security consulting firm Stach & Liu, and the DEF CON presentation given by Francis Brown and Rob Ragan, offer InfoSec teams a chance to win the information race.

At the Black Hat conference last month, PhishMe, a company that teaches security awareness to help users identify Phishing and targeted attacks, spoke to 250 security professionals and asked them for basic information on how their organizations deals with, or is impacted by, Phishing attacks. As it turns out, it’s a common issue, and most of the basics steps are doing little to lessen the blow.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Cloud Security

Cloud Security

Financial terms of the translation were not disclosed but reports out of Tel Aviv valued the deal in the range of $350 million.