Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

The growing collaboration between authoritarian governments and criminal hackers has alarmed national security officials and cybersecurity experts.

New threat report shows that the potential for disruption to November’s Election Day is severe, and the threat is real.

A critical-severity flaw in GitHub Enterprise Server could lead to unauthorized access to the vulnerable instances.

Volkswagen has issued a statement after the 8Base ransomware group claimed to have stolen valuable data from the company’s systems.

CISOs from Box and Smartsheet discuss the route toward, the role within, and the future of being a successful CISO.

Splunk has released patches for multiple vulnerabilities in Splunk Enterprise, including two high-severity remote code execution flaws.

Door access controllers remain vulnerable to remote hacker attacks for extended periods of time, a researcher has found.

Automattic has rolled out updates for 101 Jetpack versions released over the past eight years to resolve a critical vulnerability.

Entry points in packages across multiple programming languages are susceptible to exploitation in supply chain attacks.

Intel and AMD respond to new attack methods named TDXDown and CounterSEVeillance that can be used against TDX and SEV technology.

With all sessions now available on demand, the online summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies.

People on the Move

Former Darktrace CEO Poppy Gustafsson has joined the UK government as Minister for Investment.

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn’s first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

More People On The Move
Trusted execution environment (TEE) vulnerabilities Trusted execution environment (TEE) vulnerabilities

Intel and AMD respond to new attack methods named TDXDown and CounterSEVeillance that can be used against TDX and SEV technology.

Iran cyberattacks Iran cyberattacks

The Iran-linked APT OilRig has intensified cyber operations against the United Arab Emirates and the broader Gulf region.

Fidelity Data Breach Fidelity Data Breach

Fidelity Investments is notifying 77,000 individuals that their personal information was compromised in a data breach.

Top Cybersecurity Headlines

OpenAI has disrupted 20 cyber and influence operations this year, including the activities of Iranian and Chinese state-sponsored hackers.

SecurityWeek talked to David Weston, VP enterprise and OS security at Microsoft, to discuss Windows kernel access and safe deployment practices.

Mozilla has released a Firefox 131 update to resolve CVE-2024-9680, a code execution vulnerability exploited in the wild as a zero-day.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization’s data security and resilience.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

WASHINGTON - Lockheed Martin sacked its president and chief executive-in-waiting Christopher Kubasik Friday over an unauthorized "close personal relationship" with an employee of the company. The company said it took the action after an ethics investigation confirmed the "improper conduct" which violated the powerful defense contractor's code of ethics.

LONDON - Britain's tax department on Friday confirmed it was investigating missing data after a newspaper reported that HSBC bank was being probed over offshore accounts in Jersey used by criminals. "We can confirm we have received the data and we are studying it," HM Revenue and Customs (HMRC) said in a statement. "We receive information from a very wide range of sources which we use to ensure the tax rules are being respected.

The infamous Stuxnet virus infected Chevron’s network in 2010, according to a report from The Wall Street Journal. The oil giant told the paper that they believe the infection was not intended, noting that the government wasn’t aware of how far the infection spread.

MoneyGram International Inc., a company that provides money transfer services, has reached a deal with the U.S. Department of Justice and will pay $100 million for aiding and abetting wire fraud and failing to maintain an effective anti-money laundering program.

Sendmail this week announced the release of the Sentrion Rogue Email Application Control (REAC) appliance, a new offering designed to address the security and compliance needs of organizations migrating email-generating systems and applications to the cloud. Details on REAC were announced at their annual International Messaging Infrastructure Summit in Washington, D.C.

With more than $32 billion in reported cyber-security losses in the U.S. alone last year (and with unreported losses likely to be equally huge), there should be no doubt that cyber crime is a serious problem.

Microsoft is prepping fixes for 19 security vulnerabilities for this month's Patch Tuesday. The vulnerabilities are stretched out across six bulletins, four of which are rated critical. Those four address 13 bugs affecting Windows, Internet Explorer and the .NET Framework.

Researchers at Group-IB have discovered a new vulnerability in Adobe Reader that is being sold on criminal forums. The moderate price, $30,000 - $50,000, likely reflects some of the limitations the vulnerability has to cope with. According to Group-IB’s initial disclosure, the vulnerability is being sold to a limited circle of criminals, and has already been added to custom versions of the Blackhole Exploit Kit.

SAN FRANCISCO - Some people logging onto Twitter on Thursday were greeted with word that their passwords were reset due to concerns their accounts may have been breached by hackers. The San Francisco-based one-to-many text messaging service said the routine security precaution was accidentally applied to more users than intended. Twitter did not specify the number of accounts involved.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Application security and vulnerability management platform DefectDojo has raised $7 million in Series A funding.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.