CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Researchers have warned that powerful AI models could be used to supercharge online disinformation, cyberattacks or creation of bioweapons.

San Francisco startup gets fresh capital from Battery Ventures to compete in the crowded identity and access management space.

Noteworthy stories that might have slipped under the radar: fake Lockdown Mode, a new Linux RAT, jailbreaking AI, and an entire country’s DNS hijacked.

French startup ProvenRun raises €15 million investment to build secure software for connected vehicles and IoT devices.

WordPress 6.4.2 patches a flaw that could be chained with another vulnerability to execute arbitrary code.

Russian threat actor APT28 has been exploiting a no-interaction Outlook vulnerability in attacks against 14 countries.

The US and UK announce charges and sanctions against two hackers working with Russia’s FSB security service.

A Bluetooth authentication bypass allows attackers to connect to vulnerable Android, Linux, and Apple devices and inject keystrokes.

Hackers launched a cyberattack on an Irish water utility, causing disruption and leaving people without water for two days. 

End-to-End encryption in Facebook Messenger means that no one other than the sender and the recipient — not even Meta — can decipher people’s messages.

The US cybersecurity agency calls attention to a Russian APT targeting academia, defense, governmental organizations, NGOs and think-tanks.

A study commissioned by Apple shows that 2.6 billion personal data records were compromised in breaches in the past two years.

Government agencies in the Five Eyes countries have published new guidance on creating memory safety roadmaps.

Nissan Oceania says it has been working on restoring its systems after falling victim to a cyberattack.

Pool Party is a new set of eight Windows process injection techniques that evade endpoint detection and response solutions.

Artificial Intelligence Act Artificial Intelligence Act

Researchers have warned that powerful AI models could be used to supercharge online disinformation, cyberattacks or creation of bioweapons.

Hackers targeting Water systems in Ireland Hackers targeting Water systems in Ireland

Hackers launched a cyberattack on an Irish water utility, causing disruption and leaving people without water for two days. 

SLAM CPU attack SLAM CPU attack

Security features that major CPU vendors plan on integrating into their future products can increase the surface for certain types of attacks.

Top Cybersecurity Headlines

Researchers have warned that powerful AI models could be used to supercharge online disinformation, cyberattacks or creation of bioweapons.

San Francisco startup gets fresh capital from Battery Ventures to compete in the crowded identity and access management space.

Noteworthy stories that might have slipped under the radar: fake Lockdown Mode, a new Linux RAT, jailbreaking AI, and an entire country’s DNS hijacked.

French startup ProvenRun raises €15 million investment to build secure software for connected vehicles and IoT devices.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.

Register

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Watch Now

Upcoming Virtual Events

CISOs and risk management leaders must understand clearly the role of cyber insurance in a robust security program, ongoing changes to premiums and policy pricing, the errors that could deny coverage and how it all fits into global incident response planning.

Learn More
Cyber AI & Automation Summit

SecurityWeek’s inaugural Cyber AI & Automation Summit pushes the boundaries of security discussions by exploring the implications and applications of predictive AI, machine learning, and automation in modern cybersecurity programs.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place in 2023 as a virtual event. (June 13-14, 2023)

Learn More

As CISOs and corporate defenders grapple with the intricacies of securing sensitive data passing through multi-cloud deployments and APIs, the importance of frameworks, tools, controls and design models have surfaced to the front burner. (July 19, 2023)

Learn More

Vulnerabilities

Cybercrime

Guardian Analytics, a provider of behavioral analytics-based fraud prevention solutions, today announced a fraud monitoring solution delivered as a managed service, designed to allow institutions to enjoy the benefits of fraud prevention software without the need for increased staff or training.

Tripwire, a provider of IT Security and compliance solutions that was recently acquired by private equity firm Thoma Bravo, has released a library of pre-selected “Cybercrime controls” for the company’s Tripwire Enterprise solution that combines key configuration hardening standards with a collection of breach detection rules into an easy-to-install package for Windows servers.

WatchGuard Technologies today announced that it has added SCADA Signatures to its next-generation firewalls and UTMs with Application Control. The SCADA (supervisory control and data acquisition) signatures enable WatchGuard XTM and legacy e-Series security appliances to provide threat protection for industrial control systems that monitor and control industrial, infrastructure or facility-based networks.

NeXpose 2011 Summer Release Brings Increased Deployment Flexibility, Enhanced Integration, Scalability and Improved Administrative CapabilitiesRapid7, a Boston-based provider of vulnerability management and penetration testing solutions, today launched NeXpose® 2011 Summer Release, the latest update of the company’s vulnerability management solution, adding support for private cloud deployments based on its multi-tenant architecture, along with other enhancements.

Operators Sold Networking Gear Supported by Counterfeit Cisco Labels, Boxes, Manuals and Serial Numbers Obtained from Cisco Support SiteAfter selling $1 million worth of counterfeit Cisco equipment through a business operated with a co-defendant, Christopher Myers, 42, of Leawood, Kansas, has been sentenced to 33 months in federal prison.

New Solution Delivers All-Inclusive Software Providing 'Secure Everywhere Access' to Help Meet Regulatory and Compliance Requirements Network security vendor Fortinet, today launched FortiClient, an endpoint software agent that brings secure remote access connectivity to remote devices.

McAfee Appoints Michael DeCesare and Todd Gebhart as Co-Presidents McAfee today said President David DeWalt has announced his resignation, and said it would create an office of the president, to be headed by Michael DeCesare and Todd Gebhart who will serve as co-presidents. DeWalt, who served as President for more than four years, will continue as a non-employee member of the McAfee Board of Directors.

UpdatedAccording to Anonymous, in what the hacker group is calling, “Military Meltdown Monday,” they have acquired and released to the public, a list of approximately 90,000 military emails and Base64 password hashes, after hacking into systems from Booz Allen Hamilton, the large government contractor that works closely with many defense, intelligence, and civil sectors on cyber security. (Anonymous originally stated the passwords were MD5, non-salted hashes)

Just like any business, cybercriminals need to be ready to respond to incidents and events that can be beneficial to their businesses. For cybercriminals utilizing malware as a tool of choice for their dark-sided business, ongoing delivery and spreading of their malicious software is critical to a successful and profitable operation. Malware Delivery Networks are a key component of cybercriminal success, and key component in the the malware supply chain.

It’s always the insider. Well, maybe not always, but it sometimes seems that’s what we are hearing. I was reading articles on some recent cases and any of them seem to have a common theme: “XXX Case Exposes Insider Risks” and “Employee Error Leads to XXX Hack” are just a couple recent headlines. The press also published info about a recent breach which was caused when an employee clicked on an attachment that they pulled from the junk email folder.

The Washington Post has notified users of its job board that a recent a cyber attack has resulted in a data breach that compromised up to 1.27 million job seeker accounts.The Washington Post said that the attack occurred in two brief episodes, once on June 27 and once on June 28, resulting in the attacker(s) getting hold of roughly 1.27 million user IDs and e-mail addresses. Passwords or other personal information were not compromised, the publisher said.

It’s July. An odd time to be talking about Super Bowl security, right? Actually, it’s never too early to focus on information security and risk management, and Super Bowl security is certainly no exception. Super Bowl officials take two full years to plan and implement their strategy. IT security pros everywhere would be well advised to learn from them and take action long before crunch time.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Government agencies in the Five Eyes countries have published new guidance on creating memory safety roadmaps.

Cloud Security

Cloud Security

While applications and cloud infrastructure present different risk profiles and require different security assessments, they must not be viewed separately with regards to enterprise...