Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Republican Gov. Phil Scott said the legislation would have made Vermont “a national outlier and more hostile than any other state to many businesses and non-profits.”

Security researchers at Cisco Talos and Volexity flag two Pakistani espionage campaigns targeting Indian government entities.

Retired U.S. Army General Paul M. Nakasone brings cybersecurity experience to OpenAI’s Board of Directors and Safety and Security Committee.

The increase in mass exploitation involving edge services and devices is likely to worsen.

Ascension says patient information was stolen in an early-May ransomware attack that involved an employee downloading malware.

Noteworthy stories that might have slipped under the radar: Overview of the ICS malware Fuxnet, Google accused of tracking users, scammers impersonate CISA staff.

Rockwell Automation has patched three high-severity vulnerabilities in its FactoryTalk View SE HMI software.

CISA urges federal agencies to apply mitigations for an exploited Progress Telerik vulnerability as soon as possible.

Microsoft is not rolling out Recall with Copilot+ PCs as it’s seeking additional feedback and working on improving security.

YesWeHack has raised more than $52 million to date to build and market a crowdsourced vulnerability reporting platform.

Pyte has raised $5 million for its secure computation platform, bringing the total investment in the company to $12 million. 

People on the Move

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

Jill Passalacqua has been appointed Chief Legal Officer at autonomous security solutions provider Horizon3.ai.

Cisco has appointed Sean Duca as CISO and Practice Leader for the APJC region.

Megan Samford named Chief Security Officer of Schneider Electric’s US National Security Agreements & US Federal Business.

Timothy Yost has been named Chief Financial Officer at BlueVoyant.

More People On The Move
Windows Recall security Windows Recall security

Microsoft is not rolling out Recall with Copilot+ PCs as it’s seeking additional feedback and working on improving security.

ICS vulnerabilities ICS vulnerabilities

Analysis and insights on the prevalence and impact of password exposure vulnerabilities in ICS and other OT products.

Microsoft Patches Zero-Click Outlook Vulnerability That Could Soon Be Exploited

Microsoft’s June 2024 Patch Tuesday updates resolve a zero-click Outlook vulnerability leading to remote code execution.

Top Cybersecurity Headlines

The TellYouThePass ransomware gang started exploiting a recent code execution flaw in PHP days after public disclosure.

Apple has released a visionOS update that patches CVE-2024-27812, which may be the first flaw specific to the VR headset.

Arm warns that CVE-2024-4610, a Mali GPU kernel driver vulnerability addressed two years ago, is exploited in attacks.

Mandiant says a financially motivated threat actor has compromised hundreds of Snowflake instances using customer credentials stolen via infostealer malware that infected non-Snowflake owned systems.

Fortinet announces plans to acquire Lacework, a late-stage cloud security startup that was once listed as a “unicorn” company valued north of $1 billion.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn how you can transform your security strategy to build your organization’s resilience in the face of evolving threats.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit dives into Threat hunting tools and frameworks, and explores the value of threat intelligence data in the defender’s security stack.

Learn More

Vulnerabilities

Cybercrime

The latest version of Apple’s Mac OS X, Mountain Lion, due in just a few short weeks, will come with a rather important security feature – automatic updating.The news comes from those testing the newest developer preview. Apple has included a new system called OS X Security Update Test 1.0, which will check Apple’s servers daily for the latest security patches.The auto checking can also be set to run each time a Mac restarts, and any updates that are available...

Bitdefender, a Bucharest, Romania-based provider of antivirus and PC security software, this week officially launched its line of 2013 security products, bringing new enhancements and security features to help keep users safe.

Research from security firm Trusteer shows that when it comes to crime, sometimes criminals prefer to build things from scratch, taking a Lego-type of approach to crime kit development. Expanding on research from Trend Micro, Trusteer says that this type of approach is present in the development and sale of custom malware designed to harvest banking data.

Apple has adjusted their marketing strategy after the Flashback malware ruined their “it doesn’t get viruses” promotional pitch when comparing the OS X to Windows. The change was noticed by Sophos, after the OS X website had a bit of a facelift recently.Flashback, the Mac-based malware that struck in April, led to the creation of a 550,000 node botnet comprised of all Macs. In the end, the malware wasn’t nearly as harmful as some suggested, as it only displayed advertisements...

Last Friday, the Gioconda Law Group, a New York-based brand protection and anti-counterfeiting law firm, filed a suit against Arthur Wesley Kenzie, a self-styled cyber security expert living in Canada.Kenzie is accused of trademark infringement and Cybersquatting – the act of intentionally registering a domain with a deliberate misspelling of a protected name for the purpose of personal gain or misdirection. In addition, he used the misspelled domain to acquire emails intended for the law-firm.

F5 Networks has launched a cloud-based service that will detect and stop IP addresses associated with malicious activities from accessing the network. Powered by Webroot’s IP Reputation Service and integrated into F5's Traffic Management Operating System (TMOS), F5’s newest offering is designed to merge with their other subscription-based solutions.

Two members of LulzSec, Ryan Cleary (19), and Jake Davis (18), appeared in a London court on Monday. During their appearance, Cleary and Davis each admitted to being members of LulzSec and pled guilty to launching DDoS attacks against the CIA and Sony Corp websites.

Qualys, the soon-to-go-public provider of cloud security and compliance solutions, today said that its flagship QualysGuard Web Application Scanning (WAS) service will be able to help customers identify Web application cookies in order to help organizations comply with the European Union (EU) Cookie Directive that will be enforced in the United Kingdom (UK) effective on May 26, 2012.

Each year, security experts and IT experts take a hard look at the threats that dominated in years past in an effort to prepare for the future. While hacker groups and technology are evolving faster than ever, there are still trends we can spot if we take a far and wide enough step back to see the whole picture. The annual Verizon Data Breach Investigations report shines some holistic light on what’s been happening in the world of cybercrime. Here’s...

Cisco Addresses Code execution and DoS Vulnerabilities Cisco has issued three security advisories that address vulnerabilities within Cisco ASA and ASASM, their AnyConnect Secure Mobility Client, and Application Control Engine (ACE). According to their warnings, Cisco says that the issues could lead to code execution in some cases, or denial of service in others.

Michael Barrett, PayPal's CISO, was initially against the idea of paying people who reported security problems properly. However, after seeing the success of the bug bounty programs launched by Mozilla, Google, and Facebook, he’s had a change of heart. So on Thursday, PayPal officially launched a bounty program of their own, becoming the first financial firm on the Web to do so in the process.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.

Cloud Security