Watch on Demand: Attack Surface Management Summit | All Sessions Now Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Sessions from SecurityWeek’s 2024 Attack Surface Management are now available to watch on demand.

CISA has laid out the FOCAL plan, which aligns the collective operational defense capabilities across federal agencies.

Iranian hackers sought to interest President Joe Biden’s campaign in information stolen from rival Donald Trump’s campaign.

Serial entrepreneur Sinan Eren is back with Opnova, a startup working on automating security workflows with limited human supervision.

CISA is warning organizations that two Oracle vulnerabilities tracked as CVE-2022-21445 and CVE-2020-14644 are being exploited in the wild. 

Attack simulation firm has raised $45 million in growth funding, bringing the total amount raised to $80 million.

Atlassian’s September 2024 monthly security bulletin details multiple high-severity vulnerabilities in four products.

Microsoft has observed the threat actor Vanilla Tempest targeting US healthcare organizations with INC ransomware.

The Port of Seattle, which owns and runs the airport, has decided not to pay, the official said.

Threats have become more complex as the threat surface has expanded and it is now about the evolution of protecting a business and its ecosystem.

The US government has announced the disruption of Raptor Train, a Flax Typhoon botnet powered by hacked consumer devices.

People on the Move

Bob Turner has been named CISO at Penn State University.

V2X has appointed Christopher Carter as CISO.

Andrew McLaughlin has been appointed Chief Operating Officer at SandboxAQ.

Credential management firm Axiad has appointed Brian Szeto as CFO and Lynne Boyd as VP of sales.

Secure infrastructure access firm Teleport has named a new CRO and CMO.

More People On The Move
Raptor Train botnet takedown Raptor Train botnet takedown

The US government has announced the disruption of Raptor Train, a Flax Typhoon botnet powered by hacked consumer devices.

How did Pagers explode in Lebanon? How did Pagers explode in Lebanon?

Between 3 to 5 grams of a highly explosive material were concealed inside pagers prior to their delivery to Hezbollah, and then remotely triggered simultaneously.

Deepfake AI Threat Deepfake AI Threat

When it comes to adversarial use of AI, the real question is whether the AI threat is a deep fake, or whether the deepfake is the AI threat.

Top Cybersecurity Headlines

Two recently patched Progress Software WhatsUp Gold vulnerabilities may have been exploited in the wild, possibly in ransomware attacks.

Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.

Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe. 

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization’s data security and resilience.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

According to research from security firm AlienVault, there appears to be a connection between the "PlugX" gang out of China and the latest Internet Explorer vulnerability. The connection comes from a payload being delivered by sites using the vulnerability to target systems, which has the same attack process used by the PlugX gang.

Google has always had a sharp nose for rising Internet trends. Just recently, the search giant announced that it had acquired VirusTotal, an anti-malware start-up company to beef up protection for its Internet services.

TOKYO - At least 19 Japanese websites, including those of a government ministry, courts and a hospital, have come under cyberattack, apparently from China, police said Wednesday. Many of the websites were altered to show messages proclaiming Chinese sovereignty over the Diaoyu islands, a Japanese-administered chain Tokyo calls Senkaku, the National Police Agency (NPA) said in a statement.

Researchers at FireEye recently detected two new Grum command servers, as the botnet’s owners attempted to remain under the radar as they rebuilt it. The rebirth was short-lived, as the C&Cs (hosted in Turukey) were taken offline within hours.

TAIPEI - (AFP) - Nearly 1,000 civil servants in Taiwan must take classes in cyber security after falling for a trap set up by their employer to test Internet safety, an official said on Wednesday. The government of New Taipei City, near capital Taipei, sent out an email last month which claimed to contain a steamy sex video in order to check how carefully its 6,000 staff were protecting their computers against hacking and virus attacks, she said.

Two women have been given probation and hit with a minor fine for their role in a credit card skimming scam. The two worked at a steakhouse in Alton, Illinois where the scheme gained traction, but were given the lighter sentences for their passive roles. The mastermind behind the operation, a “romantic partner” to one of the women, was sentenced to 57 months in prison last summer.

In August, word spread that after the Senate rejected the Cybersecurity Act of 2012 the Obama administration was considering an executive order that would deal with some of the provisions in the failed bill. Last week, a draft of such an order was leaked to the Web.

PITTSBURGH (AP) — An Ohio man will plead guilty to sending anonymous YouTube threats in which he claimed to have hacked into the University of Pittsburgh's computer system on the heels of a series of unrelated disruptive bomb threats, his attorney told The Associated Press. Brett Hudson will admit he's guilty "and he's going to get on with his life," defense attorney Warner Mariani said.

On Monday, Google announced that IMAP/SMTP and XMPP would be getting a security boost in the form of OAuth 2.0. The transition comes as the company depreciates older standards (OAuth 1.0a) on the GMail and Google Talk services. Ryan Troll, a member of Google’s Application Security Team, said in a blog post that the changes are part of a long term plan to support additional mechanisms to protect user information.

HONG KONG - Chinese telecom giant Huawei is perplexed at its treatment in the West, with the United States fearful it is a Trojan horse for cyber warfare even as Europe eagerly courts its business. The contrast was stark last week when the private company's elusive founder and chief executive officer, Ren Zhengfei, appeared alongside British Prime Minister David Cameron at the signing of a $2 billion investment deal in London.

FireHost, a Dallas based cloud hosting provider that has made security the focus of its offerings, today announced that it has raised $10 Million in a Series C round of funding. The announcement comes just about a year to the day when the company announced that it raised $10 Million in a Series B funding round last September. 

In response to reports of a Zero-Day vulnerability targeting all versions of Internet Explorer, with the single exception of Internet Explorer 10, Microsoft has confirmed the issue and offered guidance to customers.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

RunSafe Security has raised $12 million in a Series B funding round for a solution designed to help companies develop secure software.

Cloud Security