Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Leading artificial intelligence companies made pledge to develop AI safely, while world leaders agreed to build a network of publicly backed safety institutes to advance research and testing of the technology.

QNAP rolls out patches for multiple vulnerabilities after proof-of-concept exploit published for a remote code execution vulnerability.

Zoom is announcing post-quantum end-to-end encryption on Meetings, with Phone and Rooms coming soon. 

CIA Director William Burns says AI tech will augment humans, not replace them. The agency’s first chief technology officer, Nand Mulchandani, is marshaling the tools.

CISA has added CVE-2023-43208, an unauthenticated remote code execution vulnerability, to its KEV catalog. 

The EPA has issued an enforcement alert, outlining the steps needed to comply with the Safe Drinking Water Act.

Semiconductor giant OmniVision Technologies says personal information was stolen in a September 2023 ransomware attack.

Google is invoking the ‘monoculture’ word in response to a scathing U.S. government report on Microsoft’s inadequate cybersecurity practices.

Linguistic Lumberjack (CVE-2024-4323) is a critical vulnerability in the Fluent Bit logging utility that can allow DoS, information disclosure and possibly RCE.

CyberArk agreed to acquire machine identity management Venafi from Thoma Bravo for $1.54 billion.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

People on the Move

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

Joe Levy has been appointed Sophos’ permanent CEO, and Jim Dildine has been named the company’s CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

OT zero trust access and control company Dispel has appointed Dean Macris as its CISO.

Cloud identity and security solutions firm Saviynt has hired former Gartner Analyst Henrique Teixeira as Senior Vice President of Strategy.

More People On The Move
CISA CISA

CISA has added CVE-2023-43208, an unauthenticated remote code execution vulnerability, to its KEV catalog. 

Google Cloud AI Features Google Cloud AI Features

Google is invoking the ‘monoculture’ word in response to a scathing U.S. government report on Microsoft’s inadequate cybersecurity practices.

Slack data for AI Slack data for AI

Slack reveals it has been training AI/ML models on customer data, including messages, files and usage information. It’s opt-in by default.

Top Cybersecurity Headlines

Leading artificial intelligence companies made pledge to develop AI safely, while world leaders agreed to build a network of publicly backed safety institutes to…

QNAP rolls out patches for multiple vulnerabilities after proof-of-concept exploit published for a remote code execution vulnerability.

Zoom is announcing post-quantum end-to-end encryption on Meetings, with Phone and Rooms coming soon. 

CIA Director William Burns says AI tech will augment humans, not replace them. The agency’s first chief technology officer, Nand Mulchandani, is marshaling the…

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit dives into Threat hunting tools and frameworks, and explores the value of threat intelligence data in the defender’s security stack.

Learn More

Vulnerabilities

Cybercrime

CVE-2012-0779 Used in Targeted Attacks Aimed At Manufacturers of Products Used by Defense IndustryOn Friday, Adobe issued a security bulletin to address a recently discovered critical vulnerability in its Flash Player, that according to reports, is being used in targeted attacks.

On Wednesday, a remote code execution vulnerability in PHP was accidentally exposed to the Web, prompting fears that it may be used to target vulnerable websites on a massive scale. The bug itself was traced back to 2004, and came to light during a recent CTF competition.The group that discovered the bug was waiting for a patch to be published before they released any information. However, on Wednesday details were leaked to Reddit prompting the group (Eindbazen) disclose what they...

During what can only be classified as a partial drive-by download attack, visitors to arriving at a compromised domain using an Android device may be subjected to malware that automatically downloads. However, unlike established drive-by attacks, the malware will require user permission to install.The attack was initially reported by a user on Reddit, and the malware family involved has been around since late 2011.

Microsoft is planning to release seven security bulletins – three of which are rated 'critical' – as part of this month's Patch Tuesday update.The fixes span a number of different products, with the critical bulletins covering issues in Microsoft Windows, Silverlight, Microsoft Office and the .NET Framework. All totaled, 23 security vulnerabilities are on tap to be patched.

The Vulnerability Discovery Team at Carnegie Mellon University’s Software Engineering Institute CERT Program has released two new software testing tools designed to help developers find vulnerabilities across major operating systems including Microsoft Windows, Mac OS X, and Linux.The new tools, all available for free, include CERT Failure Observation Engine and the CERT Linux Triage Tools, as well enhancements to its CERT Basic Fuzzing Framework tool.

There is a class of complex vulnerabilities that are difficult to test for, are exploited in clever, stealthy attacks and can cost enterprises millions of dollars in losses. Think zero-day bugs are being described? Think again.Business logic attacks are the topic of the description above, as well as a new whitepaper from Web application security vendor NT OBJECTives. In the report, the company details 10 of the most common business logic attack vectors and offers advice to developers on closing...

CISO Role Shifting From Technology-focused to Strategic Business Leadership Role A new study coming from IBM’s Center for Applied Insights looked to tap into the minds of Chief Information Security Officers (CISOs) in order to get their take on the challenges they currently face and their thoughts on what they expect to see in the near future.

Boulder, Colorado-based identity and access management firm Symplified, on Wednesday announced “Symplified Structure”, a platform that enables telcos, cloud service providers, cloud application brokers, and cloud application hosting companies to integrate identity and access management (IAM) into their cloud services offerings.

Security giant Symantec (NASDAQ:SYMC) today reported the results of its fourth quarter and the fiscal year 2012, ended March 30, 2012. For the fiscal year, GAAP revenue was $6.73 billion, up 9 percent year-over-year and up 6 percent after adjusting for currency.The company reported GAAP revenue of $1.68 billion for its fiscal fourth quarter, flat year-over-year and up 1 percent after adjusting for currency.Key financial metrics reported today include:

Ice Cream is Always Tastier on the Other Cone. Why Cloud SEM is Better Than Your SEM.I'm going to take you through a story, then a rant and then I’ll sprinkle on some clarity. Although the correlation might be hard to grasp, I promise to take it full circle. If you get one thing out of this post, it’s that the cloud is tasty.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.

Cloud Security

Cloud Security

Google is invoking the 'monoculture' word in response to a scathing U.S. government report on Microsoft's inadequate cybersecurity practices.