Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

The European Council has added six Russian hackers to the EU’s sanctions list for their cyberattacks against member states and Ukraine.

A Mirai-like botnet has started exploiting a critical-severity vulnerability in discontinued Zyxel NAS products.

Indonesia’s national data center has been compromised by a hacking group asking for a $8 million ransom that the government won’t pay.

CoinStats says North Korean hackers drained $2 million in virtual assets from 1,590 cryptocurrency wallets.

Five WordPress plugins were injected with malicious code that creates a new administrative account.

Researcher shows how hackers could use social engineering to deliver ransomware and other malware to Meta’s Quest 3 VR headset.

Car dealerships in North America are still wrestling with major disruptions that started last week with cyberattacks on a company whose software is used widely in the auto retail sales sector.

Employees of the Any.Run malware analysis service were recently targeted in a phishing attack that was part of a BEC campaign.

Neiman Marcus has disclosed a data breach impacting 64,000 people just as a hacker announced the sale of customer data.

Google has released a Chrome security update to resolve four high-severity use-after-free vulnerabilities.

Assange will plead guilty to an Espionage Act charge of conspiring to unlawfully obtain and disseminate classified national defense information, the Justice Department said.

People on the Move

Gabriel Agboruche has been named Executive Director of OT and Cybersecurity at Jacobs.

Data security startup Reco adds Merritt Baer as CISO

Chris Pashley has been named CISO at Advanced Research Projects Agency for Health (ARPA-H).

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

Merlin Ventures has appointed cybersecurity executive Andrew Smeaton as the firm’s CISO-in-Residence.

More People On The Move
Meta Quest 3 VR hacking Meta Quest 3 VR hacking

Researcher shows how hackers could use social engineering to deliver ransomware and other malware to Meta’s Quest 3 VR headset.

Neiman Marcus data breach Neiman Marcus data breach

Neiman Marcus has disclosed a data breach impacting 64,000 people just as a hacker announced the sale of customer data.

SnailLoad attack SnailLoad attack

New attack named SnailLoad allows a remote attacker to infer websites and videos viewed by a user without direct access to network traffic.

Top Cybersecurity Headlines

The US government announced a ban on the sale of Kaspersky software over fears that the company is controlled by the Russian government.

Car dealership software provider CDK Global was in the process of restoring services impacted by a cyberattack when it discovered an additional hack.

Hundreds of PC and server models may be affected by CVE-2024-0762, a privilege escalation and code execution flaw in Phoenix SecureCore UEFI firmware.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn how you can transform your security strategy to build your organization’s resilience in the face of evolving threats.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s annual cloud security virtual summit returns with a deliberate focus on exposed attack surfaces and weaknesses in public cloud infrastructure and APIs.

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies.

Learn More

Vulnerabilities

Cybercrime

A recent study by Experian Data Breach Resolution says that consumers are far from pleased with the typical response from a company during the aftermath of a data breach. Consumers expect a company to protect their data fully, but when that doesn’t happen, they would also like to have the issue explained fully, instead, they feel left in the dark.

Researchers at Trend Micro have discovered a malicious PowerPoint file circulating via email, which if executed, installs a backdoor on the victim’s system. The backdoor is made possible thanks to a vulnerability in Flash Player. The good news, however, is that the vulnerability itself has long since been patched, and malicious attachments are easy to avoid.

In an effort to help organizations develop mobile applications that have security baked-in from the start, IBM has announced a series of static application security testing tools for Android.There are more than 5 billion mobile devices in the world, and according to a recent IBM study, when addressing the BYOD (Bring Your Own Device) phenomenon, 55% of CIOs said that mobile security has become their top concern. It’s just not feasible to ban personal devices in the workplace.

Following drama last month that started when Adobe said it would essentially force users to pay for an upgrade to address security vulnerabilities in some of its most popular graphics applications but later changed its tune, Adobe today rele

Google Two-Factor Authentication Flaw Led to Breach at CloudFlare, Exposed Other Google Apps for Business CustomersLate last week, news broke that web security and performance startup CloudFlare was attacked, resulting in a hacker being able to successfully redirect web traffic of one of the company’s largest clients.

Microsoft has said that it would activate Do Not Track (DNT) by default in Internet Explorer 10 on Windows 8. This announcement caused a bit of a clash between Mozilla – the first to implement DNT – and advertisers.

The group known as SwaggSec, who targeted Foxconn earlier this year, released a collection of files over the weekend, allegedly taken after they compromised China Telecom and Warner Bros.Neither firm has issued a statement on the incident, but according to statements made by SwaggSec, China Telecom attempted to address the breach by relocating their SQL database. The effort was wasted however, as they only changed the IP location.

The secretive Defense Advanced Research Projects Agency (DARPA) is launching a new effort called 'Plan X' to improve its cyber-warfare capabilities, according to the Washington Post.DARPA's mission is to develop technologies for the U.S. military in the name of national security. According to the Washington Post, the effort represents a shift in the priorities of the agency, whose past activities in cyberspace have been more focused on protecting defense department computers. In November, DARPA announced a research initiative to improve...

Earlier this week, SecurityWeek reported that the University of Nebraska was investigating a cyber attack that resulted in a security breach of an information system that houses sensitive data on students and alumni dating back to 1985 that contains personal records for students, alumni and applicants of the university’s four campuses and could affect up to 650,000 individuals.

IPv6 Security Challenges: Experts Offer Advice for Organizations Planning to Deploy IPv6, Starting with Ensuring Visibility and Control.World IPv6 Launch day is scheduled for June 6 with the goal of bringing major Internet Service Providers (ISPs) and Web companies together to jumpstart widespread adoption of IPv6.  But from a security standpoint, companies should follow an old saying: look before you leap.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.

Cloud Security