Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

QNAP rolls out patches for multiple vulnerabilities after proof-of-concept exploit published for a remote code execution vulnerability.

Zoom is announcing post-quantum end-to-end encryption on Meetings, with Phone and Rooms coming soon. 

CIA Director William Burns says AI tech will augment humans, not replace them. The agency’s first chief technology officer, Nand Mulchandani, is marshaling the tools.

CISA has added CVE-2023-43208, an unauthenticated remote code execution vulnerability, to its KEV catalog. 

The EPA has issued an enforcement alert, outlining the steps needed to comply with the Safe Drinking Water Act.

Semiconductor giant OmniVision Technologies says personal information was stolen in a September 2023 ransomware attack.

Google is invoking the ‘monoculture’ word in response to a scathing U.S. government report on Microsoft’s inadequate cybersecurity practices.

Linguistic Lumberjack (CVE-2024-4323) is a critical vulnerability in the Fluent Bit logging utility that can allow DoS, information disclosure and possibly RCE.

CyberArk agreed to acquire machine identity management Venafi from Thoma Bravo for $1.54 billion.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

Health insurance firm WebTPA says the personal information of 2.4 million individuals was compromised in a data breach.

People on the Move

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

Joe Levy has been appointed Sophos’ permanent CEO, and Jim Dildine has been named the company’s CFO.

CISA executive assistant director for cybersecurity Eric Goldstein is leaving the agency after more than three years.

OT zero trust access and control company Dispel has appointed Dean Macris as its CISO.

Cloud identity and security solutions firm Saviynt has hired former Gartner Analyst Henrique Teixeira as Senior Vice President of Strategy.

More People On The Move
CISA CISA

CISA has added CVE-2023-43208, an unauthenticated remote code execution vulnerability, to its KEV catalog. 

Google Cloud AI Features Google Cloud AI Features

Google is invoking the ‘monoculture’ word in response to a scathing U.S. government report on Microsoft’s inadequate cybersecurity practices.

Slack data for AI Slack data for AI

Slack reveals it has been training AI/ML models on customer data, including messages, files and usage information. It’s opt-in by default.

Top Cybersecurity Headlines

QNAP rolls out patches for multiple vulnerabilities after proof-of-concept exploit published for a remote code execution vulnerability.

Zoom is announcing post-quantum end-to-end encryption on Meetings, with Phone and Rooms coming soon. 

CIA Director William Burns says AI tech will augment humans, not replace them. The agency’s first chief technology officer, Nand Mulchandani, is marshaling the…

CISA has added CVE-2023-43208, an unauthenticated remote code execution vulnerability, to its KEV catalog. 

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit dives into Threat hunting tools and frameworks, and explores the value of threat intelligence data in the defender’s security stack.

Learn More

Vulnerabilities

Cybercrime

Security researchers are reporting the emergence of another variant of the Flashback Trojan targeting Mac machines. According to Intego, the new variant continues to use a patched Java vulnerability to infect users. No password is required for it to install, and it places files in the victim’s home folder at the following concerns:• ~/Library/LaunchAgents/com.java.update.plist• ~/.jupdate

Network security vendor Fortinet today introduced a series of dedicated appliances designed to help organizations defend against DDoS attacks.Designed for enterprises, hosting providers, and cloud service providers, the new FortiDDoS family of appliances takes advantage of custom ASICs (custom chips designed for a particular use) that the company says are capable of mitigating DDoS attacks while maintaining latency less than 26 microseconds.

Nissan Motor Co. has come forward with news that malicious attackers had successfully breached its networks recently, but that the company believes the hackers did not get away with what they wanted.Andy Palmer, Executive Vice President of Nissan Motor Co., did say, however, that the hackers managed to plant malware inside the organization and likely got their hands on user IDs and hashed passwords in an incident that occurred on April 13, 2012.Palmer provided the following statement on the incident:

Vormetric, a provider of encryption and key management solutions, today introduced the latest version of its encryption solution which the company says can significantly reduce the cost and application impact associated with encrypting data across the enterprise.

Symantec announced this week that it is combining the VeriSign checkmark, which it inherited as a result of its acquisition of VeriSign’s Authentication Services business in 2010, with its Norton brand to create a single seal dubbed the “Norton Secured Seal.”

After celebrating the one-year mark for its Web bug bounty program back in February of this year, along with the announcement that, at the time, the search giant had paid out more than $400,000 in rewards to researchers, Google how has upped the ante in hopes that security researchers will further work to find and disclose more critical vulnerabilities on its systems in hopes of making the Google world more secure.

Mobile security firm, NQ Mobile, today announced that Gavin Kim has joined the company as Chief Product Officer. In the created newly position, Kim will lead the company’s product, solutions and strategic partnerships, providing new opportunities for customer and business growth in the United States and global markets.

According to new research from Bit9, 61% of IT security professionals are concerned about attacks from Anonymous or other hacktivists. The data comes from questions given to nearly 2,000 IT security experts in order to discover what keeps them awake at night.

Hackers Allegedly Compromised, Liquidated Brokerage Accounts in $1 Million Trading Account Hacking, Securities Fraud Scheme A Russian national living in New York has been charged with hacking into retail brokerage accounts and using his access to steal nearly a million dollars by executing sham trades.

After more than 20 years with the FBI, the nation’s top cyber cop has made a move to the private sector. Shawn Henry will join two former McAfee executives as President of CrowdStrike Services, a subsidiary of security startup CrowdStrike that will focus on helping organizations protect intellectual property and national security information.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.

Cloud Security

Cloud Security

Google is invoking the 'monoculture' word in response to a scathing U.S. government report on Microsoft's inadequate cybersecurity practices.