CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Researchers have warned that powerful AI models could be used to supercharge online disinformation, cyberattacks or creation of bioweapons.

San Francisco startup gets fresh capital from Battery Ventures to compete in the crowded identity and access management space.

Noteworthy stories that might have slipped under the radar: fake Lockdown Mode, a new Linux RAT, jailbreaking AI, and an entire country’s DNS hijacked.

French startup ProvenRun raises €15 million investment to build secure software for connected vehicles and IoT devices.

WordPress 6.4.2 patches a flaw that could be chained with another vulnerability to execute arbitrary code.

Russian threat actor APT28 has been exploiting a no-interaction Outlook vulnerability in attacks against 14 countries.

The US and UK announce charges and sanctions against two hackers working with Russia’s FSB security service.

A Bluetooth authentication bypass allows attackers to connect to vulnerable Android, Linux, and Apple devices and inject keystrokes.

Hackers launched a cyberattack on an Irish water utility, causing disruption and leaving people without water for two days. 

End-to-End encryption in Facebook Messenger means that no one other than the sender and the recipient — not even Meta — can decipher people’s messages.

The US cybersecurity agency calls attention to a Russian APT targeting academia, defense, governmental organizations, NGOs and think-tanks.

A study commissioned by Apple shows that 2.6 billion personal data records were compromised in breaches in the past two years.

Government agencies in the Five Eyes countries have published new guidance on creating memory safety roadmaps.

Nissan Oceania says it has been working on restoring its systems after falling victim to a cyberattack.

Pool Party is a new set of eight Windows process injection techniques that evade endpoint detection and response solutions.

Artificial Intelligence Act Artificial Intelligence Act

Researchers have warned that powerful AI models could be used to supercharge online disinformation, cyberattacks or creation of bioweapons.

Hackers targeting Water systems in Ireland Hackers targeting Water systems in Ireland

Hackers launched a cyberattack on an Irish water utility, causing disruption and leaving people without water for two days. 

SLAM CPU attack SLAM CPU attack

Security features that major CPU vendors plan on integrating into their future products can increase the surface for certain types of attacks.

Top Cybersecurity Headlines

Researchers have warned that powerful AI models could be used to supercharge online disinformation, cyberattacks or creation of bioweapons.

San Francisco startup gets fresh capital from Battery Ventures to compete in the crowded identity and access management space.

Noteworthy stories that might have slipped under the radar: fake Lockdown Mode, a new Linux RAT, jailbreaking AI, and an entire country’s DNS hijacked.

French startup ProvenRun raises €15 million investment to build secure software for connected vehicles and IoT devices.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.

Register

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Watch Now

Upcoming Virtual Events

CISOs and risk management leaders must understand clearly the role of cyber insurance in a robust security program, ongoing changes to premiums and policy pricing, the errors that could deny coverage and how it all fits into global incident response planning.

Learn More
Cyber AI & Automation Summit

SecurityWeek’s inaugural Cyber AI & Automation Summit pushes the boundaries of security discussions by exploring the implications and applications of predictive AI, machine learning, and automation in modern cybersecurity programs.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place in 2023 as a virtual event. (June 13-14, 2023)

Learn More

As CISOs and corporate defenders grapple with the intricacies of securing sensitive data passing through multi-cloud deployments and APIs, the importance of frameworks, tools, controls and design models have surfaced to the front burner. (July 19, 2023)

Learn More

Vulnerabilities

Cybercrime

Although it’s a little early for the “what did you do on your summer vacation?” essay, I have mine done. I vacationed in Orlando with my family last week. We did the whole Universal Studios/Disney thing, and had a blast. Although my kids called me a geek for doing so, I pondered the meaning of various happenings and observations that week. Here’s my attempt to unpack the significance of these events.

International Operation Targeted Two Cybercriminal Rings That Caused More than $74 million in losses The Department of Justice and the FBI, along with other law enforcement agencies around the world, announced the indictment of two individuals from Latvia as part of Operation Trident Tribunal, an ongoing operation targeting international cyber crime.

It’s rare that a day goes by without seeing news of another breach or other form of cyber attack in the news headlines. According to a recent survey, organizations are currently experiencing multiple breaches, with more than half (59 percent) of respondents citing two or more breaches in the past 12 months.

Do you allow your employees to surf using open wireless networks from their phones or laptops? What are the easiest ways that attackers can sniff email or gain access to corporate information from these devices? What are the best ways to protect corporation information on the go?

RSA, the Security Division of EMC, has been in the news lately, and not in a good way. The first shoe dropped in March, when the company disclosed via press release that an unknown attacker, likely a state-sponsored actor, stole certain unidentified assets related to its SecurID product.

McAfee announced enhancements to its security management solution today, adding automated and real-time security and risk analytics to help customers proactively identify, assess, manage and report on enterprise security.The McAfee Security Management solution delivers complete integration between its McAfee® ePolicy Orchestrator® platform, McAfee® Risk Advisor, and McAfee endpoint products to enable organizations to gain visibility of security and risk events across on-premise or hosted desktop, network, or server.Enhancements to the updated soution include:

TLS, Transport Layer Security, is a means of securing the transmission of email between two MTAs (mail transfer agents). It prevents an eavesdropper from capturing the headers and body of an email in clear text. TLS is a near-universal feature of MTAs (there are some MTAs that privilege speed over security that lack the feature), and mail administrators usually have it enabled such that anyone attempting to send an email can request its use and negotiate a TLS session.

Skype allows customers to communicate over Voice over Internet Protocol (VoIP) platforms. And because it is encrypted, Skype, which was recently purchased by Microsoft for $8.5 Billion, is used by many businesses today for their international phone calls. What researchers have found, however, is a novel way to decrypt those conversations without ever knowing the encryption key.

Not a week goes by without Web hacking – Sony (again!), FBI, Citibank, ADP, and many others that we don’t even hear about. At best, companies are tinkering with their Web security issues instead of attacking them head-on.

HR and Payroll outsourcing giant Automatic Data Processing, Inc., (ADP) experienced a system intrusion, that as of now, has affected one client. In an announcement this afternoon, ADP said that it was investigating and taking measures to address the impact of a system intrusion that occurred with a client at Workscape, a benefits administration provider that ADP acquired in August 2010. Though the incident is limited to a single client, ADP didn't say if and how many records from the...

Mobile devices bring incredible benefits in terms of productivity and efficiency in the workplace and for personal use. But there’s a catch: "The ways smart phones, laptops and tablets interconnect work life and personal life raise serious security challenges for organizations—and the stakes are high,” according to Alastair MacWillson, global managing director of Accenture’s global security practice and SecurityWeek columnist.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Government agencies in the Five Eyes countries have published new guidance on creating memory safety roadmaps.

Cloud Security

Cloud Security

While applications and cloud infrastructure present different risk profiles and require different security assessments, they must not be viewed separately with regards to enterprise...