Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Maintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload campaign.

Splunk patches high-severity vulnerabilities in Enterprise, including an authentication token exposure issue.

A significant cybersecurity challenge arises from managing the immense volume of data generated by numerous IT security tools, leading organizations into a reactive rather than proactive approach.

Threat intelligence firm EclecticIQ documents the delivery of malware phishing lures to government and private energy organizations in India.

Coro has raised $100 million in Series D funding for its enterprise-grade platform tailored for the small- and mid-sized market.

Cisco has released patches for multiple IOS and IOS XE software vulnerabilities leading to denial-of-service (DoS).

Zafran has emerged from stealth mode with a risk and mitigation platform and $30 million in funding from Sequoia Capital and Cyberstarts.

Two Chinese cyberespionage groups have been targeting entities and member countries affiliated with ASEAN.

In just the first two months of 2024, threat intelligence firm Flashpoint has logged dramatic increases in all major threat indicators.

The US is offering a reward of up to $10 million for information on BlackCat ransomware affiliates that targeted US critical infrastructure.

Although the attack on the national library of the UK occurred five months ago, the Library’s infrastructure won’t be rebuilt until mid-April 2024, and then the full restoration of systems and data can begin.

CISA is seeking comment on the implementation of CIRCIA, which will cost $2.6 billion and will impact 316,000 entities.

Artificial intelligence computing giant NVIDIA patches flaws in ChatRTX for Windows and warns of code execution and data tampering risks.

Google ships a security-themed Chrome browser refresh to fix flaws exploited at the CanSecWest Pwn2Own hacking contest.

Despite a surge in zero-day attacks, data shows that security investments into OS and software exploit mitigations are forcing attackers to find new attack surfaces and bug patterns.

Threat Intelligence Report Threat Intelligence Report

In just the first two months of 2024, threat intelligence firm Flashpoint has logged dramatic increases in all major threat indicators.

AI vulnerability exploitation AI vulnerability exploitation

Disputed Ray AI framework vulnerability exploited to steal information and deploy cryptominers on hundreds of clusters.

ZenHammer AMD CPU attack ZenHammer AMD CPU attack

A new Rowhammer attack named ZenHammer has been demonstrated against DRAM on systems with AMD CPUs, including DDR5.

Top Cybersecurity Headlines

Maintainers of the Python Package Index (PyPI) repository were forced to suspend new project creation and new user registration to mitigate a malware upload…

Splunk patches high-severity vulnerabilities in Enterprise, including an authentication token exposure issue.

A significant cybersecurity challenge arises from managing the immense volume of data generated by numerous IT security tools, leading organizations into a reactive rather…

Threat intelligence firm EclecticIQ documents the delivery of malware phishing lures to government and private energy organizations in India.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit dives into Threat hunting tools and frameworks, and explores the value of threat intelligence data in the defender’s security stack.

Learn More

Vulnerabilities

Cybercrime

A threat to target the Internet’s root Domain Name System (DNS) servers and knock the Internet offline may be more difficult than the hackers think. Hackers reputedly associated with Anonymous made the threat to launch what they dubbed “Operation Global Blackout” March 31 in response to actions by Wall Street, the Stop Online Piracy Act (SOPA) and “irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs.”

Russia’s political season is heating up. Here in America, we have Super PACs, skewed election coverage, and scandals. As it turns out, Russia has some of that too -- perhaps politics and fighting among party lines is somewhat universal. The difference however, is that we’re not seeing the types of Internet-based activism in America that exists in Russia. Furthermore, when political powers enforce their might in America, it’s a bit more subtle.

Earlier this month, Trustwave had a change of heart and reversed a decision to issue subordinate certificates that allowed a private company the ability to impersonate virtually any domain on the Web. Those actions have led Mozilla to clarify its stance on the issue, and offer one final warning to any company seeking to offer the same business services that Trustwave walked away from.

Defendant Allegedly Sought to be Associated with an Armed Extremist Group, Believed He Would Take Part in al-Qaeda AttackOn Friday, the Department of Justice said that FBI agents had arrested a man for allegedly attempting to detonate a bomb in a planned suicide attack on the U.S. Capitol Building.

In college, I took a required Computer Science class called “Systems Principles”. My professor started the class by listing out the seven key components in a successful system/program development process:1. Requirements2. Specifications3. Design

The Federal Trade Commission and the Bureau of Consumer Protection were attacked by AntiSec Thursday and into Friday, in response to their support and participation in ACTA, the Anti-Counterfeiting Trade Agreement, and issues with Google’s recent privacy policy changes.

Researchers at Panda Security have uncovered a botnet that not only swipes financial information, but also goes after rival malware.PandaLabs, the company’s research arm, recently detected a new bot called Ainslot.L targeting Windows machines. The malware’s primary job is to log user activities, download additional malware to take control of the system and steal log-in information related to online banking sites. But as a side bonus, the malware goes on a seek-and-destroy mission targeting other bots, including Zeus and DarkComet.

Trend Micro today announced that is has open sourced the code to its popular free security tool, HijackThis. The tool scans systems to find settings that may have been modified by spyware, malware or other programs that have wiggled their way onto a system and caused problems.

Researchers at Symantec have uncovered a fake app store for Google Android that is hosting malware designed to bilk users out of big bucks.According to Symantec, mobile malware scammers have created the fake market to host various applications that are actually Trojans used for SMS fraud.

In response to the increase in attacks on industrial control systems that power utilities, industries and critical infrastructure systems, Norway-based Norman ASA is launching a product designed to protect SCADA (supervisory control and data acquisition) systems against cyber attacks from malware such as trojans, worms and viruses—ones like stuxnet.

FishNet Security today launched a new cloud-based threat monitoring and response service aimed at helping businesses log information security events across multiple sources, reduce data leakage, and proactively respond to emerging threats and meet regulatory requirements.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

BlueFlag Security emerges from stealth mode with $11.5 million in a seed funding round led by Maverick Ventures and Ten Eleven Ventures.

Cloud Security

Cloud Security

Please the fireside chat as Phil Bues, Cloud Research Manager at IDC, discusses the challenges and best practices for cybersecurity leaders managing cloud identities.