Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Jan Leike, who ran OpenAI’s “Super Alignment” team, believes there should be more focus on preparing for the next generation of AI models, including on things like safety.

Slack reveals it has been training AI/ML models on customer data, including messages, files and usage information. It’s opt-in by default.

Noteworthy stories that might have slipped under the radar: FBI is targeting Scattered Spider, Australia’s MediSecure hacked, new Wi-Fi attack.

CISA has added two vulnerabilities in discontinued D-Link products to its KEV catalog, including a decade-old flaw.

A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.

The Antidot Android banking trojan snoops on users and steals their credentials, contacts, and SMS messages.

The Black Basta group abuses remote connection tool Quick Assist in vishing attacks leading to ransomware deployment.

The US government has announced charges, seizures, arrests and rewards as part of an effort to disrupt a scheme that generates revenue for North Korea.

C/side has emerged from stealth mode with $1.7 million in pre-seed funding from Scribble Ventures and angel investors

Network infrastructure as-a-service Alkira has raised $100 million in a Series C funding round led by Tiger Global Management.

Honoring my father by translating his timeless life lessons into practical wisdom for the cybersecurity profession.

People on the Move

OT zero trust access and control company Dispel has appointed Dean Macris as its CISO.

Cloud identity and security solutions firm Saviynt has hired former Gartner Analyst Henrique Teixeira as Senior Vice President of Strategy.

PR and marketing firm FleishmanHillard named Scott Radcliffe as the agency’s global director of cybersecurity.

Portnox, a provider of zero trust access control solutions, announced that Joseph Rodriguez has joined the company as Chief Revenue Officer.

Cybersecurity awareness training firm NINJIO has appointed Jon Dion as its Chief Revenue Officer.

More People On The Move
Slack data for AI Slack data for AI

Slack reveals it has been training AI/ML models on customer data, including messages, files and usage information. It’s opt-in by default.

Microsoft Quick Assist Tool Abused for Ransomware Delivery

The Black Basta group abuses remote connection tool Quick Assist in vishing attacks leading to ransomware deployment.

Palo Alto Networks partners with IBM on cybersecurity Palo Alto Networks partners with IBM on cybersecurity

Palo Alto Networks and IBM announced a significant partnership to jointly provide cybersecurity solutions.

Top Cybersecurity Headlines

Jan Leike, who ran OpenAI’s “Super Alignment” team, believes there should be more focus on preparing for the next generation of AI models, including…

Slack reveals it has been training AI/ML models on customer data, including messages, files and usage information. It’s opt-in by default.

Noteworthy stories that might have slipped under the radar: FBI is targeting Scattered Spider, Australia’s MediSecure hacked, new Wi-Fi attack.

CISA has added two vulnerabilities in discontinued D-Link products to its KEV catalog, including a decade-old flaw.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit dives into Threat hunting tools and frameworks, and explores the value of threat intelligence data in the defender’s security stack.

Learn More

Vulnerabilities

Cybercrime

CVE-2012-0779 Used in Targeted Attacks Aimed At Manufacturers of Products Used by Defense IndustryOn Friday, Adobe issued a security bulletin to address a recently discovered critical vulnerability in its Flash Player, that according to reports, is being used in targeted attacks.

On Wednesday, a remote code execution vulnerability in PHP was accidentally exposed to the Web, prompting fears that it may be used to target vulnerable websites on a massive scale. The bug itself was traced back to 2004, and came to light during a recent CTF competition.The group that discovered the bug was waiting for a patch to be published before they released any information. However, on Wednesday details were leaked to Reddit prompting the group (Eindbazen) disclose what they...

During what can only be classified as a partial drive-by download attack, visitors to arriving at a compromised domain using an Android device may be subjected to malware that automatically downloads. However, unlike established drive-by attacks, the malware will require user permission to install.The attack was initially reported by a user on Reddit, and the malware family involved has been around since late 2011.

Microsoft is planning to release seven security bulletins – three of which are rated 'critical' – as part of this month's Patch Tuesday update.The fixes span a number of different products, with the critical bulletins covering issues in Microsoft Windows, Silverlight, Microsoft Office and the .NET Framework. All totaled, 23 security vulnerabilities are on tap to be patched.

The Vulnerability Discovery Team at Carnegie Mellon University’s Software Engineering Institute CERT Program has released two new software testing tools designed to help developers find vulnerabilities across major operating systems including Microsoft Windows, Mac OS X, and Linux.The new tools, all available for free, include CERT Failure Observation Engine and the CERT Linux Triage Tools, as well enhancements to its CERT Basic Fuzzing Framework tool.

There is a class of complex vulnerabilities that are difficult to test for, are exploited in clever, stealthy attacks and can cost enterprises millions of dollars in losses. Think zero-day bugs are being described? Think again.Business logic attacks are the topic of the description above, as well as a new whitepaper from Web application security vendor NT OBJECTives. In the report, the company details 10 of the most common business logic attack vectors and offers advice to developers on closing...

CISO Role Shifting From Technology-focused to Strategic Business Leadership Role A new study coming from IBM’s Center for Applied Insights looked to tap into the minds of Chief Information Security Officers (CISOs) in order to get their take on the challenges they currently face and their thoughts on what they expect to see in the near future.

Boulder, Colorado-based identity and access management firm Symplified, on Wednesday announced “Symplified Structure”, a platform that enables telcos, cloud service providers, cloud application brokers, and cloud application hosting companies to integrate identity and access management (IAM) into their cloud services offerings.

Security giant Symantec (NASDAQ:SYMC) today reported the results of its fourth quarter and the fiscal year 2012, ended March 30, 2012. For the fiscal year, GAAP revenue was $6.73 billion, up 9 percent year-over-year and up 6 percent after adjusting for currency.The company reported GAAP revenue of $1.68 billion for its fiscal fourth quarter, flat year-over-year and up 1 percent after adjusting for currency.Key financial metrics reported today include:

Ice Cream is Always Tastier on the Other Cone. Why Cloud SEM is Better Than Your SEM.I'm going to take you through a story, then a rant and then I’ll sprinkle on some clarity. Although the correlation might be hard to grasp, I promise to take it full circle. If you get one thing out of this post, it’s that the cloud is tasty.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.

Cloud Security

Cloud Security

Financial terms were not released but the price tag is expected to be hefty with Exabeam’s most recent valuation pegged at $2.5 billion.