CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Researchers have warned that powerful AI models could be used to supercharge online disinformation, cyberattacks or creation of bioweapons.

San Francisco startup gets fresh capital from Battery Ventures to compete in the crowded identity and access management space.

Noteworthy stories that might have slipped under the radar: fake Lockdown Mode, a new Linux RAT, jailbreaking AI, and an entire country’s DNS hijacked.

French startup ProvenRun raises €15 million investment to build secure software for connected vehicles and IoT devices.

WordPress 6.4.2 patches a flaw that could be chained with another vulnerability to execute arbitrary code.

Russian threat actor APT28 has been exploiting a no-interaction Outlook vulnerability in attacks against 14 countries.

The US and UK announce charges and sanctions against two hackers working with Russia’s FSB security service.

A Bluetooth authentication bypass allows attackers to connect to vulnerable Android, Linux, and Apple devices and inject keystrokes.

Hackers launched a cyberattack on an Irish water utility, causing disruption and leaving people without water for two days. 

End-to-End encryption in Facebook Messenger means that no one other than the sender and the recipient — not even Meta — can decipher people’s messages.

The US cybersecurity agency calls attention to a Russian APT targeting academia, defense, governmental organizations, NGOs and think-tanks.

A study commissioned by Apple shows that 2.6 billion personal data records were compromised in breaches in the past two years.

Government agencies in the Five Eyes countries have published new guidance on creating memory safety roadmaps.

Nissan Oceania says it has been working on restoring its systems after falling victim to a cyberattack.

Pool Party is a new set of eight Windows process injection techniques that evade endpoint detection and response solutions.

Artificial Intelligence Act Artificial Intelligence Act

Researchers have warned that powerful AI models could be used to supercharge online disinformation, cyberattacks or creation of bioweapons.

Hackers targeting Water systems in Ireland Hackers targeting Water systems in Ireland

Hackers launched a cyberattack on an Irish water utility, causing disruption and leaving people without water for two days. 

SLAM CPU attack SLAM CPU attack

Security features that major CPU vendors plan on integrating into their future products can increase the surface for certain types of attacks.

Top Cybersecurity Headlines

Researchers have warned that powerful AI models could be used to supercharge online disinformation, cyberattacks or creation of bioweapons.

San Francisco startup gets fresh capital from Battery Ventures to compete in the crowded identity and access management space.

Noteworthy stories that might have slipped under the radar: fake Lockdown Mode, a new Linux RAT, jailbreaking AI, and an entire country’s DNS hijacked.

French startup ProvenRun raises €15 million investment to build secure software for connected vehicles and IoT devices.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.

Register

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Watch Now

Upcoming Virtual Events

CISOs and risk management leaders must understand clearly the role of cyber insurance in a robust security program, ongoing changes to premiums and policy pricing, the errors that could deny coverage and how it all fits into global incident response planning.

Learn More
Cyber AI & Automation Summit

SecurityWeek’s inaugural Cyber AI & Automation Summit pushes the boundaries of security discussions by exploring the implications and applications of predictive AI, machine learning, and automation in modern cybersecurity programs.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place in 2023 as a virtual event. (June 13-14, 2023)

Learn More

As CISOs and corporate defenders grapple with the intricacies of securing sensitive data passing through multi-cloud deployments and APIs, the importance of frameworks, tools, controls and design models have surfaced to the front burner. (July 19, 2023)

Learn More

Vulnerabilities

Cybercrime

As the United States and other countries prepare for the transition to a smarter electrical grid, the industry focus has been on getting smart grids themselves up and running, often with little consideration for cyber security issues.

Well aware of the rich benefits of cloud computing and virtualized environments but anxious about the exposure of sensitive data through computing resources no longer under their physical control, organizations find themselves torn between the potential of these distributed models and the chance that hackers could penetrate security barriers and cause severe damage. But can sensitive data (and the applications that use this data) be safely deployed in the cloud?

Cellcrypt, a provider of encrypted voice calling solutions for mobile phones, today announced the availability of Cellcrypt Mobile™ for Android™, a version of its encrypted voice calling application that runs on Android devices operating over Wi-Fi™, GSM and CDMA wireless networks.

New Challenges Emerging as Virtualization and Private Clouds Go Mainstream: Survey Reveals Discrepancy Between Project Goals and Reality According to a recent study, seventy-six percent of enterprises that have implemented server virtualization indicated that security was a somewhat or extremely large factor in being more confident about placing business-critical applications on virtualized servers. Sixty-three percent listed security as a significant/extreme challenge to implementing server virtualization.

SOA Software, a Service Oriented Architecture (SOA) and cloud services Governance provider, announced the availability of Atmosphere, an API Management solution that manages, monitors and secures APIs.The solution helps ensure that APIs deliver the level of service customers and partners require and provide security of corporate and customer information and assets.

The PCI Security Standards Council (PCI SSC), the standards body that manages the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) requirements and the Payment Application Data Security Standard (PA-DSS), today announced the availability of online PCI Awareness training. Priced at $495 with group discounts available for an introductory level course, the four hour training is designed for those interested in learning more about PCI and provides an overview of PCI security basics.

A recent cyber attack on the IMF resulted in the loss of a “large quantity” of data, including emails and documents, a person familiar with the incident told Bloomberg.Many experts believe the incident was a state-sponsored attack connected to foreign governments, and while the IMF has been quiet on the issue, if this is the case, it’s likely that the attacker could be an IMF member.

Following the arrest of three alleged "Anonymous" members by Spanish authorities on Friday, Turkey's state-run news agency has reported that police have detained 32 individuals allegedly linked to the hacktivist group.The Anatolia news agency said today that the suspects were taken into custody after conducting raids in a dozen cities for suspected ties to Anonymous.The group recently targeted Web sites of the country's telecommunications watchdog, the prime minister's office and parliament as a protest to Turkey's plans to introduce Internet...

Southern California Medical-Legal Consultants, Inc. (SCMLC), a California company that represents medical providers in the recovery of billing from workers’ compensation insurance carriers, announced on Saturday that data containing the names and social security numbers of approximately 300,000 individuals who have applied for California workers’ compensation benefits had been exposed to unauthorized access.

With tax credits being dished out for all types of programs, ranging from hybrid vehicles and solar energy to home buying and charitable donations, AGV Technologies CEO JR Smith has another idea in mind: Tax incentives to those using security software protect themselves online.

Years back, when viruses threatened our infrastructure, the industry responded and changed the battlefield. As the threat landscape continues to evolve so must our defense strategies.

It’s certainly justified for an organization to worry about theft, loss or legal noncompliance as they put data in the public cloud. The cloud is a fast-moving target that continues to evolve so it’s fair to ask such questions as: At what moment will the security and controls be enough? and If we get locked in now, will we be locked out of future progress?

Solera Networks, a provider of network forensics solutions, today released Solera OS 5.0, a major update to its network forensics platform.Solera OS 5.0 helps IT security teams see everything happening on their networks in real-time, helping to recognize threats, and understand exactly what’s needed to defend against future attacks.

Varonis Systems, a provider of data governance software, this week released the latest version of its DatAdvantage for Exchange, bringing increased visibility and control over mailboxes and public folders to Microsoft Exchange administrators.With Varonis DatAdvantage for Exchange, administrators have increased visibility over built-in Microsoft Exchange journaling and diagnostics which only captures a limited amount of data.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Government agencies in the Five Eyes countries have published new guidance on creating memory safety roadmaps.

Cloud Security

Cloud Security

While applications and cloud infrastructure present different risk profiles and require different security assessments, they must not be viewed separately with regards to enterprise...