Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

QNAP rolls out patches for multiple vulnerabilities after proof-of-concept exploit published for a remote code execution vulnerability.

Zoom is announcing post-quantum end-to-end encryption on Meetings, with Phone and Rooms coming soon. 

CIA Director William Burns says AI tech will augment humans, not replace them. The agency’s first chief technology officer, Nand Mulchandani, is marshaling the tools.

CISA has added CVE-2023-43208, an unauthenticated remote code execution vulnerability, to its KEV catalog. 

The EPA has issued an enforcement alert, outlining the steps needed to comply with the Safe Drinking Water Act.

Semiconductor giant OmniVision Technologies says personal information was stolen in a September 2023 ransomware attack.

Google is invoking the ‘monoculture’ word in response to a scathing U.S. government report on Microsoft’s inadequate cybersecurity practices.

Linguistic Lumberjack (CVE-2024-4323) is a critical vulnerability in the Fluent Bit logging utility that can allow DoS, information disclosure and possibly RCE.

CyberArk agreed to acquire machine identity management Venafi from Thoma Bravo for $1.54 billion.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

Health insurance firm WebTPA says the personal information of 2.4 million individuals was compromised in a data breach.

People on the Move

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

Joe Levy has been appointed Sophos’ permanent CEO, and Jim Dildine has been named the company’s CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

OT zero trust access and control company Dispel has appointed Dean Macris as its CISO.

Cloud identity and security solutions firm Saviynt has hired former Gartner Analyst Henrique Teixeira as Senior Vice President of Strategy.

More People On The Move
CISA CISA

CISA has added CVE-2023-43208, an unauthenticated remote code execution vulnerability, to its KEV catalog. 

Google Cloud AI Features Google Cloud AI Features

Google is invoking the ‘monoculture’ word in response to a scathing U.S. government report on Microsoft’s inadequate cybersecurity practices.

Slack data for AI Slack data for AI

Slack reveals it has been training AI/ML models on customer data, including messages, files and usage information. It’s opt-in by default.

Top Cybersecurity Headlines

QNAP rolls out patches for multiple vulnerabilities after proof-of-concept exploit published for a remote code execution vulnerability.

Zoom is announcing post-quantum end-to-end encryption on Meetings, with Phone and Rooms coming soon. 

CIA Director William Burns says AI tech will augment humans, not replace them. The agency’s first chief technology officer, Nand Mulchandani, is marshaling the…

CISA has added CVE-2023-43208, an unauthenticated remote code execution vulnerability, to its KEV catalog. 

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit dives into Threat hunting tools and frameworks, and explores the value of threat intelligence data in the defender’s security stack.

Learn More

Vulnerabilities

Cybercrime

Researchers at Trusteer have discovered a variant of Zeus with a P2P component that is targeting high profile sites such as Facebook, Google, Hotmail, and Yahoo in order to compromise debit and credit card data.The attacks being carried out by the P2P version of Zeus use a basic form of social engineering. Depending on the service being targeted at the time, users are presented with offers for additional security measures and rebates.

Microsoft says their new research on cloud computing shows that security may not be the impediment many perceive it to be.In a survey of 94 small to midsized businesses (SMBs) in the U.S. using the cloud and 93 that do not, it was revealed that of those who do:- 35 percent believe their business was more secure- 38 percent said they spent less time managing security

Vaultive, a provider of cloud data encryption solutions, today launched Vaultive for Hosted Exchange, an enterprise-class cloud data encryption solution that encrypts data-at-rest and data-in-use within Hosted Microsoft Exchange environments, while letting enterprise IT retain control of the encryption keys.

A start-up in Russia, backed by Microsoft, says they have developed technology that can stop BitTorrent-based filesharing. The Pirate Pay came into existence due to the growth of copyright infringement in Russia, and the mounting international pressure to stop it.One of the first companies to back Pirate Pay was Microsoft, who granted them $100,000 in seed money. Microsoft was soon followed by Walt Disney Studios and Sony Pictures in Russia, who hired the firm to protect the film, Vysotsky. Thanks...

You've heard it a thousand times before: information is power. The more data you have, the more insight and knowledge you possess. But what happens when your data stores grow so large that securing and managing them effectively is no longer in the cards? What happens when every new security control that's put in place to protect data is just another administrative burden—increasing the security event data that must be monitored, logged, shared between security components, analyzed, and reported on.How...

Backdoor Found In ZTE Android SmartphoneZTE, a handset manufacturer in China, has shipped Android smartphones to the U.S. with a fully enabled backdoor. The news of the backdoor came by way of an anonymous post to Pastebin, but was later confirmed by other researchers.[Updated 05/17 to Add ZTE Working On Patch for Backdoor Vulnerability]

Why are people talking about the Cyber Intelligence Sharing and Protection Act (CISPA) as really protecting the United States from cyber threats? The bill claims its goal is to share intelligence on Internet traffic to help “ensure the protection of our national networks against cyber threats.”

Adobe’s Photoshop is a key application within the marketing, advertising, sales, publishing and graphic design markets. Businesses that rely on images to move product use Adobe’s costly flagship product. So when code execution vulnerabilities were discovered in Photoshop 12 (CS5) it’s easy to think that a patch would not only be released, but that it would be free. Those thoughts couldn’t be further from the truth.

Department of Defense Widens of Defense Industrial Base (DIB) Cybersecurity Information Sharing InitiativesThe U.S. Department of Defense, working alongside the U.S. Department of Homeland Security, announced on Friday that they would expand the availability of the cybersecurity information assurance program launched last year.

The Internet Crime Complaint Center (IC3) released its 2011 Internet Crime Report on Thursday, revealing some of the top scams and cybercrime trends for the year.All totaled, the IC3 said it received and processed 314,246 complaints in 2011, averaging out to 26,000 complaints per month. These numbers represent a 3.4 percent increase over the number of complaints received in 2010. The reported dollar loss was $485.3 million.

TrustSphere, a company that provides reputation and messaging intelligence solutions, has released an email security product that leverages a social graph of trusted senders to block spam and reduce the number of messages erroneously sent to junk mail folders, while at the same time helping to defend against targeted attacks.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.

Cloud Security

Cloud Security

Google is invoking the 'monoculture' word in response to a scathing U.S. government report on Microsoft's inadequate cybersecurity practices.