Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Jan Leike, who ran OpenAI’s “Super Alignment” team, believes there should be more focus on preparing for the next generation of AI models, including on things like safety.

Slack reveals it has been training AI/ML models on customer data, including messages, files and usage information. It’s opt-in by default.

Noteworthy stories that might have slipped under the radar: FBI is targeting Scattered Spider, Australia’s MediSecure hacked, new Wi-Fi attack.

CISA has added two vulnerabilities in discontinued D-Link products to its KEV catalog, including a decade-old flaw.

A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.

The Antidot Android banking trojan snoops on users and steals their credentials, contacts, and SMS messages.

The Black Basta group abuses remote connection tool Quick Assist in vishing attacks leading to ransomware deployment.

The US government has announced charges, seizures, arrests and rewards as part of an effort to disrupt a scheme that generates revenue for North Korea.

C/side has emerged from stealth mode with $1.7 million in pre-seed funding from Scribble Ventures and angel investors

Network infrastructure as-a-service Alkira has raised $100 million in a Series C funding round led by Tiger Global Management.

Honoring my father by translating his timeless life lessons into practical wisdom for the cybersecurity profession.

People on the Move

OT zero trust access and control company Dispel has appointed Dean Macris as its CISO.

Cloud identity and security solutions firm Saviynt has hired former Gartner Analyst Henrique Teixeira as Senior Vice President of Strategy.

PR and marketing firm FleishmanHillard named Scott Radcliffe as the agency’s global director of cybersecurity.

Portnox, a provider of zero trust access control solutions, announced that Joseph Rodriguez has joined the company as Chief Revenue Officer.

Cybersecurity awareness training firm NINJIO has appointed Jon Dion as its Chief Revenue Officer.

More People On The Move
Slack data for AI Slack data for AI

Slack reveals it has been training AI/ML models on customer data, including messages, files and usage information. It’s opt-in by default.

Microsoft Quick Assist Tool Abused for Ransomware Delivery

The Black Basta group abuses remote connection tool Quick Assist in vishing attacks leading to ransomware deployment.

Palo Alto Networks partners with IBM on cybersecurity Palo Alto Networks partners with IBM on cybersecurity

Palo Alto Networks and IBM announced a significant partnership to jointly provide cybersecurity solutions.

Top Cybersecurity Headlines

Jan Leike, who ran OpenAI’s “Super Alignment” team, believes there should be more focus on preparing for the next generation of AI models, including…

Slack reveals it has been training AI/ML models on customer data, including messages, files and usage information. It’s opt-in by default.

Noteworthy stories that might have slipped under the radar: FBI is targeting Scattered Spider, Australia’s MediSecure hacked, new Wi-Fi attack.

CISA has added two vulnerabilities in discontinued D-Link products to its KEV catalog, including a decade-old flaw.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit dives into Threat hunting tools and frameworks, and explores the value of threat intelligence data in the defender’s security stack.

Learn More

Vulnerabilities

Cybercrime

In a letter to Senator John McCain, originally obtained by the Washington Post for a report published last Friday, General Keith Alexander, the director of the NSA and current commander of the U.S. Cyber Command, says that the U.S. should implement policy that would require hardened network defenses.

The Blackhole exploit kit has moved its ransom-based payloads forward from child porn and terrorism to copyright violations. The new theme from the crime kit is professionally developed and is mostly targeting users in Europe.The changeup from Blackhole was discovered by researchers at abuse.ch, the Swiss security blog. Briefly, the Blackhole exploit kit was launched in 2010 by developers in Russia. The kit targets various vulnerabilities, from Windows only, to Adobe’s Flash and PDF formats, and Java.

On Tuesday, the PHP Group plans to release new versions of PHP in order to address the problems with a previous patch, which was intended to close a security problem. As SecurityWeek reported on Friday, the first patch released by PHP was easily bypassed.

Jared Wein, a Software Engineer at Mozilla, has come up with a rather clever security feature for Web browser plugins such as Flash – manual activation. The feature is currently only available in the nightly build of Firefox, but Wein expects it to be ready for Firefox 14.The manual activation is called “click-to-play” and once it is enabled, plugins will require an additional click – or manual activation – before rendering Web content. For example, videos on YouTube will require...

On Friday, security researcher David Emery reported the discovery of a problem within Mac OS X 10.7.3, which results in a user’s password being recorded to a log file in plain text.Emery explained that a debug switch in the current release of Lion was activated sometime before its release, resulting in the user’s legacy Filevault password being written to a log file in plain text. This log will remain on the system for several weeks, and anyone with read access...

Jericho Botnet Analysis: Infection, Persistence and Malicious FunctionsWe’ve talked a lot about modern malware as a concept, but I’d like to use this week’s column to call out one particular sample of malware that I’ve had my eye on for the last several weeks – a new banking botnet that has been referred to as the Jericho Botnet.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.

Cloud Security

Cloud Security

Financial terms were not released but the price tag is expected to be hefty with Exabeam’s most recent valuation pegged at $2.5 billion.