Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Republican Gov. Phil Scott said the legislation would have made Vermont “a national outlier and more hostile than any other state to many businesses and non-profits.”

Security researchers at Cisco Talos and Volexity flag two Pakistani espionage campaigns targeting Indian government entities.

Retired U.S. Army General Paul M. Nakasone brings cybersecurity experience to OpenAI’s Board of Directors and Safety and Security Committee.

The increase in mass exploitation involving edge services and devices is likely to worsen.

Ascension says patient information was stolen in an early-May ransomware attack that involved an employee downloading malware.

Noteworthy stories that might have slipped under the radar: Overview of the ICS malware Fuxnet, Google accused of tracking users, scammers impersonate CISA staff.

Rockwell Automation has patched three high-severity vulnerabilities in its FactoryTalk View SE HMI software.

CISA urges federal agencies to apply mitigations for an exploited Progress Telerik vulnerability as soon as possible.

Microsoft is not rolling out Recall with Copilot+ PCs as it’s seeking additional feedback and working on improving security.

YesWeHack has raised more than $52 million to date to build and market a crowdsourced vulnerability reporting platform.

Pyte has raised $5 million for its secure computation platform, bringing the total investment in the company to $12 million. 

People on the Move

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

Jill Passalacqua has been appointed Chief Legal Officer at autonomous security solutions provider Horizon3.ai.

Cisco has appointed Sean Duca as CISO and Practice Leader for the APJC region.

Megan Samford named Chief Security Officer of Schneider Electric’s US National Security Agreements & US Federal Business.

Timothy Yost has been named Chief Financial Officer at BlueVoyant.

More People On The Move
Windows Recall security Windows Recall security

Microsoft is not rolling out Recall with Copilot+ PCs as it’s seeking additional feedback and working on improving security.

ICS vulnerabilities ICS vulnerabilities

Analysis and insights on the prevalence and impact of password exposure vulnerabilities in ICS and other OT products.

Microsoft Patches Zero-Click Outlook Vulnerability That Could Soon Be Exploited

Microsoft’s June 2024 Patch Tuesday updates resolve a zero-click Outlook vulnerability leading to remote code execution.

Top Cybersecurity Headlines

The TellYouThePass ransomware gang started exploiting a recent code execution flaw in PHP days after public disclosure.

Apple has released a visionOS update that patches CVE-2024-27812, which may be the first flaw specific to the VR headset.

Arm warns that CVE-2024-4610, a Mali GPU kernel driver vulnerability addressed two years ago, is exploited in attacks.

Mandiant says a financially motivated threat actor has compromised hundreds of Snowflake instances using customer credentials stolen via infostealer malware that infected non-Snowflake owned systems.

Fortinet announces plans to acquire Lacework, a late-stage cloud security startup that was once listed as a “unicorn” company valued north of $1 billion.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn how you can transform your security strategy to build your organization’s resilience in the face of evolving threats.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit dives into Threat hunting tools and frameworks, and explores the value of threat intelligence data in the defender’s security stack.

Learn More

Vulnerabilities

Cybercrime

A Russian security firm, using a combination of TCP scans and Google, found that nearly a quarter of the organizations running vulnerable versions of SAP are tempting fate by leaving them exposed to the Internet. This discovery, the research says, dispels the myth that SAP systems are only available from the internal network, leading to the misconception that they are protected by design.

According to comments made on Iran’s state-ran television by Intelligence Minister Heydar Moslehi, the nation has detected another cyber attack aimed at their nuclear facilities. These claims come shortly after the New York Times and Washington Post independently revealed that the U.S., along with Israel, used Stuxnet and Flame to target Iran’s nuclear program.Iran's Intelligence Minister Heydar Moslehi made the comments Thursday afternoon.

Researchers at ESET have uncovered a new worm that is stealing AutoCAD drawings and designs, and shipping them off to an email account that appears to be in China. Given the hype around Stuxnet and other focused code, the appearance of this worm took ESET researchers by surprise.The malware itself is written in AutoLISP, the scripting language used by AutoCAD. Over the last two months, the worm – called ACAD/Medre.A – has remained focused on Latin America, most notably Peru.

Face.com, the facial recognition start-up recently purchased by Facebook, has patched a vulnerability in its KLIK application that could have enabled attackers to compromise Twitter and Facebook accounts. The vulnerability was reported by independent security researcher Ashkan Soltani. KLIK is an iPhone camera app designed to make it easy for Facebook users to tag their friends in photos using facial recognition technology.

Security firm Sophos has issued alerts on to two separate, but related attacks, targeting a European aeronautical parts supplier and a European medical company. In each case, the attackers are using an unpatched vulnerability in Internet Explorer to target their victims.

Internet security firm Check Point Software Technologies today introduced a new line of security appliances designed to provide multi-layered DDoS protection to help organizations defend against a wide range of Distributed Denial of Service (DDoS) attacks.The new “DDoS Protector” line of appliances come in seven models that offer throughput ranging from 500Mbps to 12 Gbps. Additionally, the appliances are integrated with the Check Point management suite, giving users a single point of control and a full view of security events.

On Monday, Fujitsu Laboratories, the National Institute of Information and Communications Technology (NICT), and Kyushu University, announced that they have successfully performed a full cryptanalysis of a 278-digit (923-bit)-long pairing-based cryptography.

Back in February 2011, Google launched support for two-factor authentication, a login method that requires two independent elements in order to successfully access an account. The first element being a password, and the second element typically being something you “have” with you or have access to, such as an authentication code from a token or mobile phone.

Employees at small- and medium-sized businesses are increasingly adopting unmanaged, personal-use online file sharing solutions without the “ok” from their IT department, something that appears to be part of the broader trend of the consumerization of IT. That is according to the results of Symantec’s 2011 SMB File Sharing Survey released on Tuesday.

Cyber criminals don’t carry weapons or even leave the comfort of their homes. Botnet and phishing systems are constantly aware of their vast network...

As part of Google’s Safe Browsing initiative that launched five years ago, the search giant had the goal of protecting Internet users from malicious content of various types, including phishing sites, malware, and poisoned search results.While most of the major security vendors produce their own threat reports on an ongoing basis, Google hasn’t always shared the numbers behind what its platform sees and blocks on an ongoing basis.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.

Cloud Security