Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

American Water is reconnecting and reactivating the systems that were taken offline earlier this week due to a cybersecurity incident.

What are CISOs and security leaders prioritizing versus the security operators?

Cybersecurity startup Simbian has launched three LLM AI Agents that work as virtual employees but with the speed, stamina, and accuracy of robots.

With all sessions now available on demand, the online summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies.

Doctor Web says no development or user data was compromised after pro-Ukraine hacktivists claimed the theft of 10 Tb of files.

The Internet Archive has been hacked and hit by a significant DDoS attack, with 31 million users reportedly being impacted by a data breach.

Risk management startup Cyrisma has raised $7 million in a Series A funding round led by Blueprint Equity.

SecurityWeek talked to David Weston, VP enterprise and OS security at Microsoft, to discuss Windows kernel access and safe deployment practices.

Continuous automated red teaming platform provider WatchTowr has raised $19 million in a Series A funding round. 

CISA has added a FortinetFortiOS vulnerability tracked as CVE-2024-23113 to its Known Exploited Vulnerabilities (KEV) catalog.

Mozilla has released a Firefox 131 update to resolve CVE-2024-9680, a code execution vulnerability exploited in the wild as a zero-day.

People on the Move

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn’s first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

More People On The Move
Windows Kernel Access Windows Kernel Access

SecurityWeek talked to David Weston, VP enterprise and OS security at Microsoft, to discuss Windows kernel access and safe deployment practices.

Firefox exploited Firefox exploited

Mozilla has released a Firefox 131 update to resolve CVE-2024-9680, a code execution vulnerability exploited in the wild as a zero-day.

Palo Alto Networks Palo Alto Networks

Palo Alto warns that attackers can access usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

Top Cybersecurity Headlines

Patch Tuesday: Redmond warns that attackers are rigging Microsoft Saved Console (MSC) files to execute remote code on targeted Windows systems. 

Google and Amnesty have seen evidence that a Qualcomm chipset vulnerability tracked as CVE-2024-43047 may be exploited in the wild.

The largest U.S. water utility disconnects customer portal and suspends billing services following a cyberattack.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization’s data security and resilience.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

Late Sunday, a report surfaced from the US House Intelligence Committee, compiled after nearly a yearlong investigation, that said two Chinese telecom equipment makers "cannot be trusted" to be free of influence from Beijing and could be used to undermine US national security.

Crime may not always pay, but it is always costly. At least that is the case for companies in the U.S., according to a new HP-commissioned report from the Ponemon Institute. In an analysis of attacks impacting 56 sample companies during the first seven months of the year, researchers discovered the financial impact of cyber attacks has increased nearly 40 percent since 2010.

GENEVA - The United States will oppose any major revision to 24-year-old global telecommunications regulations at an international conference in December, the head of the US delegation said Monday, insisting the Internet must remain free and open.

New Offerings Help Better Manage and Secure Corporate and Personal Mobile Devices Across The Enterprise Verizon has expanded its portfolio of “Enterprise Mobility as a Service” offerings to provide additional support for managing a wide range of applications, access options and devices, including smartphones, tablets and laptops.

In case you were not aware, October is National Cyber Security Awareness Month, an initiative designed to “engage and educate public and private sector partners through events and initiatives with the goal of raising awareness about cybersecurity.” 

BEIJING - Beijing on Monday urged Washington to "set aside prejudices" after a draft Congressional report said Chinese telecom firms Huawei and ZTE were security threats that should be banned from business in the US.

NullCrew, known for their attack against the University of Cambridge last month, as well as Sony’s mobile division, has now targeted one of the U.K.’s largest mobile operators, leaking email addresses and database schemas.

Michael W. Baxter, 62, a former network engineer for Verizon Wireless, took advantage of flaws in the company’s procurement process to obtain access to millions of dollars in Cisco equipment, which he then sold in order to fund what authorities call a lavish lifestyle.

Committee Says Chinese Telcoms Failed to Provide Adequate Answers On Relationship With Chinese GovernmentWASHINGTON - Chinese telecom giants Huawei and ZTE pose a security threat to the United States and should be barred from US contracts and acquisitions, a yearlong congressional investigation has concluded.

New details have emerged about the attack toolkit that was used to launch the distributed denial of service (DDoS) attacks against a number of US-based financial institutions late last month.The majority of the banking attack traffic does not appear to have been generated by client bots, but rather from compromised servers in data centers, Carl Herberger, vice-president of security solutions at Radware, told SecurityWeek on Thursday.

During a Wave of Trojan Attacks, a Virtual-machine-synching Module Would "Duplicate" Victim PCs and Use a Genuine IP Address When Compromising Accounts...A gang of cyber thugs has threatened to launch a series of Trojan attacks against at least 30 U.S. banks, according to RSA. Word of what the security firm is saying could be a "blitzkrieg-like" series of attacks was published by the RSA FraudAction Research Labs on Thursday.

MANILA - Philippine President Benigno Aquino defended a new cybercrime law Friday amid a storm of protests from critics who say it will severely curb Internet freedoms and intimidate netizens into self-censorship.

BeyondTrust has released a new version of its free “Community Edition” Retina vulnerability assessment tool. With Retina Community, enterprises can perform on-the-fly assessments without waiting for the next audit, the company said.

WASHINGTON - The United States needs to develop offensive weapons in cyberspace as part of its effort to protect the nation from cyber attacks, a senior military official said Thursday. "If your defense is only to try to block attacks you can never be successful," General Keith Alexander, director of the National Security Agency and commander of the US Cyber Command, told a Washington symposium.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Application security and vulnerability management platform DefectDojo has raised $7 million in Series A funding.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.