Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Republican Gov. Phil Scott said the legislation would have made Vermont “a national outlier and more hostile than any other state to many businesses and non-profits.”

Security researchers at Cisco Talos and Volexity flag two Pakistani espionage campaigns targeting Indian government entities.

Retired U.S. Army General Paul M. Nakasone brings cybersecurity experience to OpenAI’s Board of Directors and Safety and Security Committee.

The increase in mass exploitation involving edge services and devices is likely to worsen.

Ascension says patient information was stolen in an early-May ransomware attack that involved an employee downloading malware.

Noteworthy stories that might have slipped under the radar: Overview of the ICS malware Fuxnet, Google accused of tracking users, scammers impersonate CISA staff.

Rockwell Automation has patched three high-severity vulnerabilities in its FactoryTalk View SE HMI software.

CISA urges federal agencies to apply mitigations for an exploited Progress Telerik vulnerability as soon as possible.

Microsoft is not rolling out Recall with Copilot+ PCs as it’s seeking additional feedback and working on improving security.

YesWeHack has raised more than $52 million to date to build and market a crowdsourced vulnerability reporting platform.

Pyte has raised $5 million for its secure computation platform, bringing the total investment in the company to $12 million. 

People on the Move

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

Jill Passalacqua has been appointed Chief Legal Officer at autonomous security solutions provider Horizon3.ai.

Cisco has appointed Sean Duca as CISO and Practice Leader for the APJC region.

Megan Samford named Chief Security Officer of Schneider Electric’s US National Security Agreements & US Federal Business.

Timothy Yost has been named Chief Financial Officer at BlueVoyant.

More People On The Move
Windows Recall security Windows Recall security

Microsoft is not rolling out Recall with Copilot+ PCs as it’s seeking additional feedback and working on improving security.

ICS vulnerabilities ICS vulnerabilities

Analysis and insights on the prevalence and impact of password exposure vulnerabilities in ICS and other OT products.

Microsoft Patches Zero-Click Outlook Vulnerability That Could Soon Be Exploited

Microsoft’s June 2024 Patch Tuesday updates resolve a zero-click Outlook vulnerability leading to remote code execution.

Top Cybersecurity Headlines

The TellYouThePass ransomware gang started exploiting a recent code execution flaw in PHP days after public disclosure.

Apple has released a visionOS update that patches CVE-2024-27812, which may be the first flaw specific to the VR headset.

Arm warns that CVE-2024-4610, a Mali GPU kernel driver vulnerability addressed two years ago, is exploited in attacks.

Mandiant says a financially motivated threat actor has compromised hundreds of Snowflake instances using customer credentials stolen via infostealer malware that infected non-Snowflake owned systems.

Fortinet announces plans to acquire Lacework, a late-stage cloud security startup that was once listed as a “unicorn” company valued north of $1 billion.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn how you can transform your security strategy to build your organization’s resilience in the face of evolving threats.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit dives into Threat hunting tools and frameworks, and explores the value of threat intelligence data in the defender’s security stack.

Learn More

Vulnerabilities

Cybercrime

As cybercriminals crank out massive amounts of malware on a daily basis, identifying, analyzing and classifying malware is a challenge, and one that needs to be met using automation. This is nothing new for traditional anti-virus vendors, but something mobile security firms are still developing tools for.This week, mobile security vendor NQ Mobile said that it has devised a new way to detect mobile threats without relying on known malware samples and their signatures.

Using data taken from raw application traffic within some 2,000 organizations worldwide, the semi-annual Application Usage and Risk Report from Palo Alto Networks shows that streaming media, P2P applications, and social networking are sucking the corporate bandwidth away from other areas where bandwidth and availability are a must.

A Higher Education Student Database is an Identity Thief’s Dream Come True...No more fertile ground for security breaches exists in the United States than our colleges and universities. The confluence of enormous stores of identity data, atmospheres of freedom of information, and ready-made teams of socially motivated hackers chosen from the best and brightest our country has to offer make this claim close to a certainty.

In the wake of a breach at Wyndham Worldwide that has resulted in a lawsuit against the company from the FTC, questions have emerged about why there was no SEC filing from the hotel and resort chain – given the guidance and recommendations published by the commission last year.

Web Application Security gurus, WhiteHat Security, released a report this week that examines the severity and duration of Web application security related vulnerabilities discovered in 2011. When the numbers are stacked against those from similar reports published since 2007, the number of major vulnerabilities has fallen dramatically.

According to a study from Symantec, information is a pricy asset within an organization, costing businesses $1.1 trillion annually. Yet, the same organizations paying such a high cost to manage their data often have problems protecting it.

On July 9, the FBI will shutdown the temporary servers that enable systems infected by the DNSChanger malware to access the Web. For most, the shutdown will mean nothing; however that isn’t the case for 60 companies within the Fortune 500.

Secunia, a provider vulnerability management solutions, on Thursday launched Secunia Personal Software Inspector 3.0, a free scanner that identifies software applications that may be insecure and need to be patched.Following its debut in 2007, the tool now supports and provides the security status for more than 3,000 vendors, including Microsoft and third-party programs.

SIEM vendor LogRhythm, on Thursday announced that it has closed a $15 million Series D round of funding led by Siemens’ Venture Capital group.The Boulder, Colorado-based company said the funds would be used to help accelerate growth, product innovation and international expansion.

The Alaska Department of Health and Social Services (DHSS) has agreed to pay a $1.7 million federal fine to settle possible violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). As part of their agreement with the U.S. Department of Health and Human Services (HHS), Alaska's DHSS has also agreed to revise, review and maintain policies and procedures meant to keep the agency in compliance.

MOSCOW, Russia – Kaspersky Lab provided a sneak peek and demonstration of the 2013 edition of its Kaspersky Internet Security suite today at the Kaspersky Lab Security Summit 2012 taking place this week in Moscow—just miles away from the company’s headquarters.

Fake Carder Forum Setup by the FBI Let Agents Monitor and Record Discussions and Private Messages Between CybercriminalsA sting operation setup by the FBI that roots back to 2010 resulted in 24 arrests on Tuesday, following what the bureau said was the largest coordinated international law enforcement action in history directed at “carding” crimes.

Imagine walking into your bank’s local branch office, sliding a carton across the counter containing vegetables from your refrigerator drawer, a diamond necklace, and a plunge router, and asking the teller to deposit them. The bank teller then labels each carefully with your name, then lobs them over his shoulder into a huge vat along with other people’s stuff.Those of you who regularly read my columns, know that I like analogies. Admittedly, some of them may be weak; however, likening...

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.

Cloud Security