Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

A Belarusian hacker activist group claims to have infiltrated the network of the country’s main KGB security agency and accessed personnel files of over 8,600 employees.

A new Android trojan named Brokewell can steal user’s sensitive information and allows attackers to take over devices.

More than 1,400 CrushFTP servers remain vulnerable to an actively exploited zero-day for which PoC has been published.

More than 90,000 unique IPs are still infected with a PlugX worm variant that spreads via infected flash drives.

Noteworthy stories that might have slipped under the radar: Volkswagen hacked by Chinese threat group, DDoS service shut down, Rubrik IPO.

UK cybersecurity firm Darktace has agreed to sell itself to private equity giant Thoma Bravo for approximately $5.32 million in cash.

A vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites.

Predictive attack intelligence and risk protection startup BforeAI has raised $15 million in a Series A funding round led by SYN Ventures.

Palo Alto Networks has shared remediation instructions for organizations whose firewalls have been hacked via CVE-2024-3400.

A new phishing campaign abuses compromised email accounts and targets corporate users with PDF files hosted on Autodesk Drive.

The FTC is sending a total of $5.6 million in refunds to over 117,000 Ring customers as result of a 2023 settlement.

People on the Move

Mike Dube has joined cloud security company Aqua Security as CRO.

Cody Barrow has been appointed as CEO of threat intelligence company EclecticIQ.

Shay Mowlem has been named CMO of runtime and application security company Contrast Security.

Attack detection firm Vectra AI has appointed Jeff Reed to the newly created role of Chief Product Officer.

Shaun Khalfan has joined payments giant PayPal as SVP, CISO.

More People On The Move
Android Malware Android Malware

A new Android trojan named Brokewell can steal user’s sensitive information and allows attackers to take over devices.

Palo Alto Networks Palo Alto Networks

Palo Alto Networks has shared remediation instructions for organizations whose firewalls have been hacked via CVE-2024-3400.

CISA Warns of Windows Print Spooler Flaw After Microsoft Sees Russian Exploitation

CISA warns organizations of a two-year-old Windows Print Spooler vulnerability being exploited in the wild.

Top Cybersecurity Headlines

A Belarusian hacker activist group claims to have infiltrated the network of the country’s main KGB security agency and accessed personnel files of over…

A new Android trojan named Brokewell can steal user’s sensitive information and allows attackers to take over devices.

More than 1,400 CrushFTP servers remain vulnerable to an actively exploited zero-day for which PoC has been published.

More than 90,000 unique IPs are still infected with a PlugX worm variant that spreads via infected flash drives.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit dives into Threat hunting tools and frameworks, and explores the value of threat intelligence data in the defender’s security stack.

Learn More

Vulnerabilities

Cybercrime

Blizzard Entertainment’s BattleNet (battle.net) portal, which allows gamers access to games such as Diablo III, World of Warcraft, and StarCraft II, has suffered a data breach, the company says. As a result, users are being encouraged to change their passwords. A statement from Blizzard was thin on details, but the company stresses that at this point, “credit card and other customer payment data does NOT appear to have been accessed or affected.”

WASHINGTON - (AFP) - The FBI warned computer users on Thursday to ignore a fake message, purportedly from its officers, that freezes people's screens and demands that they pay a fine for visiting inappropriate websites."We're getting inundated with complaints," said Donna Gregory from the US Internet Crime Complaint Center, referring to the virus known as Reveton ransomware, which has hit users in the United States and globally.

WASHINGTON - (AFP) - The US Federal Trade Commission fined Google $22.5 million for violating the privacy of people who used rival Apple's Safari web browser even after pledging not to do so.The FTC said Google had agreed with the commission in October 2011 not to place tracking cookies on or deliver targeted ads to Safari users, but then went ahead and did so.

Responding to a CA Compromise - Is Your Organization Prepared?In last month’s Information Technology Laboratory (ITL) Bulletin, the National Institute on Standards and Technology (NIST) focused on offering guidance for incident response teams dealing with the aftermath of a Certificate Authority (CA) breach, an issue that is worth examining if your organization uses PKI in any capacity.

Akamai Technologies has released its State of the Internet report for the first quarter of 2012, based on data collected from its massive global network. While Akamai observed attack traffic originating from 182 unique countries, the highest level of observed attacks originated in the Asia-Pacific region over the quarter, the report found.

Refusing to buckle to the pressure put on them by industry insiders and the competition, Microsoft said on Tuesday that Do Not Track (DNT) will be a default option for Internet Explorer 10. As was the case when SecurityWeek last reported on the issue, Microsoft maintains that the choice reflects their desire to protect the privacy of the end user.

After a journalist for Wired had his digital life wiped away, and his coverage on the topic exposed how their customer service and user experience policies can be exploited for malicious gain, Apple and Amazon have adopted new policies for account access.

BotoPedia, a site similar to Wikipedia, but focusing on bots (both good and bad), made its debut today. It’s the brainchild of Incapsula, a cloud-based website security and performance service, and they’re hoping it will serve as a useful resource for organizations who need help developing Web-based policies.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Cloud Security

Artificial Intelligence

Cisco announces Hypershield, an AI-native and cloud-native enterprise security solution with a wide range of capabilities.