Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Jan Leike, who ran OpenAI’s “Super Alignment” team, believes there should be more focus on preparing for the next generation of AI models, including on things like safety.

Slack reveals it has been training AI/ML models on customer data, including messages, files and usage information. It’s opt-in by default.

Noteworthy stories that might have slipped under the radar: FBI is targeting Scattered Spider, Australia’s MediSecure hacked, new Wi-Fi attack.

CISA has added two vulnerabilities in discontinued D-Link products to its KEV catalog, including a decade-old flaw.

A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.

The Antidot Android banking trojan snoops on users and steals their credentials, contacts, and SMS messages.

The Black Basta group abuses remote connection tool Quick Assist in vishing attacks leading to ransomware deployment.

The US government has announced charges, seizures, arrests and rewards as part of an effort to disrupt a scheme that generates revenue for North Korea.

C/side has emerged from stealth mode with $1.7 million in pre-seed funding from Scribble Ventures and angel investors

Network infrastructure as-a-service Alkira has raised $100 million in a Series C funding round led by Tiger Global Management.

Honoring my father by translating his timeless life lessons into practical wisdom for the cybersecurity profession.

People on the Move

OT zero trust access and control company Dispel has appointed Dean Macris as its CISO.

Cloud identity and security solutions firm Saviynt has hired former Gartner Analyst Henrique Teixeira as Senior Vice President of Strategy.

PR and marketing firm FleishmanHillard named Scott Radcliffe as the agency’s global director of cybersecurity.

Portnox, a provider of zero trust access control solutions, announced that Joseph Rodriguez has joined the company as Chief Revenue Officer.

Cybersecurity awareness training firm NINJIO has appointed Jon Dion as its Chief Revenue Officer.

More People On The Move
Slack data for AI Slack data for AI

Slack reveals it has been training AI/ML models on customer data, including messages, files and usage information. It’s opt-in by default.

Microsoft Quick Assist Tool Abused for Ransomware Delivery

The Black Basta group abuses remote connection tool Quick Assist in vishing attacks leading to ransomware deployment.

Palo Alto Networks partners with IBM on cybersecurity Palo Alto Networks partners with IBM on cybersecurity

Palo Alto Networks and IBM announced a significant partnership to jointly provide cybersecurity solutions.

Top Cybersecurity Headlines

Jan Leike, who ran OpenAI’s “Super Alignment” team, believes there should be more focus on preparing for the next generation of AI models, including…

Slack reveals it has been training AI/ML models on customer data, including messages, files and usage information. It’s opt-in by default.

Noteworthy stories that might have slipped under the radar: FBI is targeting Scattered Spider, Australia’s MediSecure hacked, new Wi-Fi attack.

CISA has added two vulnerabilities in discontinued D-Link products to its KEV catalog, including a decade-old flaw.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit dives into Threat hunting tools and frameworks, and explores the value of threat intelligence data in the defender’s security stack.

Learn More

Vulnerabilities

Cybercrime

Implanting Easter Eggs is not Just a Developer’s Take at Humor. They Have the Potential to Double-act as Backdoors with a Devastating Effect.

AlgoSec, a company that provides firewall management solutions, recently released the results of a poll that examined the attitudes and opinions of 180 working IT and security professionals during the RSA Conference earlier this year. The results of the poll show that poor internal processes, practices, and threats pose the largest risk to a network. These problems, the respondents believe, are more of a concern than threats from malicious external sources.

Two technology trade associations, TechAmerica and USTelecom, and one of the world’s largest defense contractors, Boeing, had their web sites knocked offline by Anonymous for their support and connections to the controversial CISPA bill. They are the latest in a string of targets selected by those supporting Anonymous’ Operation Defense (OpDefense).

Researchers at Trusteer have spotted a new attack vector from Zeus that aligns perfectly with previous financially motivated targets. Based on the information collected and previous attacks, it appears as if the newer Zeus configurations will remain focused on the bigger fish.

On Tuesday, Adobe released a security bulletin to address multiple vulnerabilities in Adobe Reader X (10.1.2) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier versions for Linux, and Adobe Acrobat X (10.1.2) and earlier versions for Windows and Macintosh. According to Adobe, exploitation of the vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

When it comes to letting someone go, very rare will you find a business leader who enjoys that part of the job. When you have to fire a network security administrator, not only is it a downer, it’s a risky proposition – unless you follow basic steps.

Microsoft patched 11 security vulnerabilities today, including a critical bug being targeted by attackers. Microsoft released a total of six security bulletins, including four rated ‘critical.’ The vulnerabilities exist across Microsoft Windows, Microsoft Office, Internet Explorer, Forefront United Access Gateway (UAG) and the .NET Framework.

Why doesn’t Everyone have Security Intelligence? One of the Reasons is Superstition.“Step on a crack, break your mother’s back.” Not just lyrics by Devo, but an actual superstition. While it’s mostly just practiced by kids who don’t yet know they’re nascent Parkour enthusiasts, you can observe adults today taking that extra half step occasionally to avoid lines in the sidewalk. You may even catch yourself doing it subconsciously.

Mocana MAP 2.0 Helps Secure Apps Running on iOS DevicesSmart device security firm Mocana, today introduced the latest version of its solution designed to help organizations add fine-grained security and usage policies around individual mobile apps with ease.

Controversial Domain Registrar Tightens Policy After Reports of Rogue Online Pharmacy LinksRegistrar Internet.bs has changed its domain name registration policy in light of reports criticizing its links to as many as one-third of the rogue pharmacies on the Internet.

On Friday, Palo Alto Networks, the network security firm that has made its mark developing next generation firewalls, filed an S-1 registration statement with the Securities and Exchange Commission for a widely-anticipated initial public offering.

Researchers at NQ Mobile, working alongside researchers at North Carolina State University, have discovered new Android malware that is controlled via SMS that can do a number of things on the compromised device including recording calls and surrounding noise.

Supports of Anonymous targeted the U.K. on Saturday, hitting the websites of the Home Office and the Ministry of Justice. While the attack only lasted a short time, Anonymous has said to expect more of the same as they push forward. Currently, the next target is said to be the GCHQ on April 14.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.

Cloud Security

Cloud Security

Financial terms were not released but the price tag is expected to be hefty with Exabeam’s most recent valuation pegged at $2.5 billion.