Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

The US is offering a reward of up to $10 million for information on BlackCat ransomware affiliates that targeted US critical infrastructure.

Although the attack on the national library of the UK occurred five months ago, the Library’s infrastructure won’t be rebuilt until mid-April 2024, and then the full restoration of systems and data can begin.

CISA is seeking comment on the implementation of CIRCIA, which will cost $2.6 billion and will impact 316,000 entities.

Artificial intelligence computing giant NVIDIA patches flaws in ChatRTX for Windows and warns of code execution and data tampering risks.

Google ships a security-themed Chrome browser refresh to fix flaws exploited at the CanSecWest Pwn2Own hacking contest.

Despite a surge in zero-day attacks, data shows that security investments into OS and software exploit mitigations are forcing attackers to find new attack surfaces and bug patterns.

Human Security identifies 28 VPN applications for Android and an SDK that turn devices into proxies.

Disputed Ray AI framework vulnerability exploited to steal information and deploy cryptominers on hundreds of clusters.

In the past week Rockwell Automation addressed 10 vulnerabilities found in its FactoryTalk, PowerFlex and Arena Simulation products.

CISA says a second SharePoint vulnerability demonstrated last year at Pwn2Own, CVE-2023-24955, has been exploited in the wild.

Los Angeles firmware and software supply chain firm banks $10.5 million in seed-stage funding led by Two Bear Capital.

Malware hunters sound an alarm after discovering a 40,000-strong botnet packed with end-of-life routers and IoT devices being used in cybercriminal activities.

Startup says simple awareness training is not sufficient – users need to practice ‘good’ behavior beyond simply acknowledging poor behavior and bad intent.

Airbus Defence and Space is set to acquire Infodas, a Germany-based company that boasts €50 million revenue.

UK Judges said the U.S. must guarantee that Assange, who is Australian, “is afforded the same First Amendment protections as a United States citizen, and that the death penalty is not imposed.”

AI vulnerability exploitation AI vulnerability exploitation

Disputed Ray AI framework vulnerability exploited to steal information and deploy cryptominers on hundreds of clusters.

ZenHammer AMD CPU attack ZenHammer AMD CPU attack

A new Rowhammer attack named ZenHammer has been demonstrated against DRAM on systems with AMD CPUs, including DDR5.

Fortinet exploited Fortinet exploited

CVE-2023-48788, a critical SQL injection vulnerability in Fortinet’s FortiClient EMS product, is being exploited in the wild.

Top Cybersecurity Headlines

The US is offering a reward of up to $10 million for information on BlackCat ransomware affiliates that targeted US critical infrastructure.

Although the attack on the national library of the UK occurred five months ago, the Library’s infrastructure won’t be rebuilt until mid-April 2024, and…

CISA is seeking comment on the implementation of CIRCIA, which will cost $2.6 billion and will impact 316,000 entities.

Artificial intelligence computing giant NVIDIA patches flaws in ChatRTX for Windows and warns of code execution and data tampering risks.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit dives into Threat hunting tools and frameworks, and explores the value of threat intelligence data in the defender’s security stack.

Learn More

Vulnerabilities

Cybercrime

LockPath, an Overland Park, Kanas-based provider of governance, risk and compliance (GRC) solutions, today announced that it has closed a $6 million series B financing round led by El Dorado Ventures.The company says its “Keylight platform” helps organizations of all sizes address regulatory compliance and risk management needs.

Kaspersky Lab, the only security vendor to fight a patent lawsuit filed by IPAT (Information Protection and Authentication of Texas), officially announced last week that they were victorious following a three-year court battle. IPAT filed a patent suit in 2009, targeting nearly every security vendor in the industry.

Apple is investigating ways to prevent people from bypassing the In-App purchasing mechanism (IAP), the company says. However, aside from forcing a demo video offline with a DMCA request to YouTube, the “iDevice” giant is coming up empty.

Blue Coat Systems, the Sunnyvale-California-based provider of Web security and WAN optimization solutions that was taken private by private equity firm Thoma Bravo for $1.3 billion in a deal announced in December 2011, today introduced a set of mobile application controls to help address security risks associated with the use of unauthorized mobile applications on corporate networks.

CISOs Today Must Build a Risk-Aware Culture Where Security Awareness Permeates Every Level of the Organization...

Database giant Oracle on Thursday issued its pre-release announcement for its July 2012 Critical Patch Update, saying it would issue 88 new security vulnerability fixes across hundreds of Oracle products. As part of the update, Oracle will issue 4 new security fixes for vulnerabilities in the company’s flagship Oracle Database Server, 3 of which may be remotely exploitable without authentication.

nCircle, a provider of information risk and security solutions, today announced PureCloud™ Enterprise, a new scanning solution designed to help enterprises address the common gaps in security visibility. PureCloud Enterprise enables scan results to be integrated into the nCircle Suite360 Intelligence Hub™ to provide users with a single view of security risk, consolidated reporting and analytics.

Computer graphics technology firm NVIDIA, a company that holds more the 5,000 patent and credited with inventing the GPU, on Thursday said it had shut down its “NVIDIA Developer Zone,” after the online community for developers had been hacked.

A few heart freezing moments:• A phone call that begins with the words: We have your child – we want $250,000 to guarantee her safe return. If you go to the police, you will never see her again.• You receive a thick manila envelope with compromising pictures of you and a young woman, not your wife. You’ve been invited to a local bar to talk.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

BlueFlag Security emerges from stealth mode with $11.5 million in a seed funding round led by Maverick Ventures and Ten Eleven Ventures.

Cloud Security

Cloud Security

Please the fireside chat as Phil Bues, Cloud Research Manager at IDC, discusses the challenges and best practices for cybersecurity leaders managing cloud identities.