CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Researchers have warned that powerful AI models could be used to supercharge online disinformation, cyberattacks or creation of bioweapons.

San Francisco startup gets fresh capital from Battery Ventures to compete in the crowded identity and access management space.

Noteworthy stories that might have slipped under the radar: fake Lockdown Mode, a new Linux RAT, jailbreaking AI, and an entire country’s DNS hijacked.

French startup ProvenRun raises €15 million investment to build secure software for connected vehicles and IoT devices.

WordPress 6.4.2 patches a flaw that could be chained with another vulnerability to execute arbitrary code.

Russian threat actor APT28 has been exploiting a no-interaction Outlook vulnerability in attacks against 14 countries.

The US and UK announce charges and sanctions against two hackers working with Russia’s FSB security service.

A Bluetooth authentication bypass allows attackers to connect to vulnerable Android, Linux, and Apple devices and inject keystrokes.

Hackers launched a cyberattack on an Irish water utility, causing disruption and leaving people without water for two days. 

End-to-End encryption in Facebook Messenger means that no one other than the sender and the recipient — not even Meta — can decipher people’s messages.

The US cybersecurity agency calls attention to a Russian APT targeting academia, defense, governmental organizations, NGOs and think-tanks.

A study commissioned by Apple shows that 2.6 billion personal data records were compromised in breaches in the past two years.

Government agencies in the Five Eyes countries have published new guidance on creating memory safety roadmaps.

Nissan Oceania says it has been working on restoring its systems after falling victim to a cyberattack.

Pool Party is a new set of eight Windows process injection techniques that evade endpoint detection and response solutions.

Artificial Intelligence Act Artificial Intelligence Act

Researchers have warned that powerful AI models could be used to supercharge online disinformation, cyberattacks or creation of bioweapons.

Hackers targeting Water systems in Ireland Hackers targeting Water systems in Ireland

Hackers launched a cyberattack on an Irish water utility, causing disruption and leaving people without water for two days. 

SLAM CPU attack SLAM CPU attack

Security features that major CPU vendors plan on integrating into their future products can increase the surface for certain types of attacks.

Top Cybersecurity Headlines

Researchers have warned that powerful AI models could be used to supercharge online disinformation, cyberattacks or creation of bioweapons.

San Francisco startup gets fresh capital from Battery Ventures to compete in the crowded identity and access management space.

Noteworthy stories that might have slipped under the radar: fake Lockdown Mode, a new Linux RAT, jailbreaking AI, and an entire country’s DNS hijacked.

French startup ProvenRun raises €15 million investment to build secure software for connected vehicles and IoT devices.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.

Register

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Watch Now

Upcoming Virtual Events

CISOs and risk management leaders must understand clearly the role of cyber insurance in a robust security program, ongoing changes to premiums and policy pricing, the errors that could deny coverage and how it all fits into global incident response planning.

Learn More
Cyber AI & Automation Summit

SecurityWeek’s inaugural Cyber AI & Automation Summit pushes the boundaries of security discussions by exploring the implications and applications of predictive AI, machine learning, and automation in modern cybersecurity programs.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place in 2023 as a virtual event. (June 13-14, 2023)

Learn More

As CISOs and corporate defenders grapple with the intricacies of securing sensitive data passing through multi-cloud deployments and APIs, the importance of frameworks, tools, controls and design models have surfaced to the front burner. (July 19, 2023)

Learn More

Vulnerabilities

Cybercrime

NetQin Mobile today warned that it had discovered malware embedded in more than 20 Android applications circulating via various forums on the Internet which auto-dials phone numbers to incur high user fees. The infected mobile applications include QQ Doudizhu, Voice SMS, Drag Racing, Trader, Donkey Jump, Jungle Monkey and Gold Miner among others.

Late Sunday night, hackers gained access to several areas of PBS Web servers and were able publish a fake news story on a PBS news blog. The hackers also published PBS internal user login information that they were able to siphon from PBS databases. The fake story was about rapper Tupac Shakur, who died in 1996 after being shot in Las Vegas, being been found alive and well in a small resort in New Zealand. (See screenshot as the story...

Lockheed Martin says a swift, deliberate response helped thwart an IT breach following a "significant and tenacious attack" on its network.On Saturday, May 21, Lockheed Martin detected what it called a “significant and tenacious attack on its information systems network.”

MobileIron, a provider of management and security solutions for mobile devices, raised another significant amount of cash as it looks to carve a leadership position in the mobile security space.

According to a report coming from Reuters, Lockheed Martin, the largest provider of IT services, systems integration, and training to the U.S. Government, is experiencing a major disruption to its computer systems, possibly related to a network security issue, sources familiar with the issue told Reuters on Thursday.

Damballa Inc., a company that helps identify and defend against cyber threats, today launched the latest version of its cyber threat solution designed to detect subscriber malware infections in Internet service provider (ISP) and telecommunications provider networks.Damballa CSP 1.6, identifies cyber threat activity on any type of subscriber device including PC, Mac, iPad, iPhone, Android and all mobile and smartphone platforms by monitoring a carrier’s DNS activity for malicious network traffic.

Core Security Technologies, a Boston based provider of security testing and measurement solutions, today announced enhancements to its CORE INSIGHT Enterprise solution, featuring a new attack path simulation that can simulate an enterprise environment and show potential paths that an attacker could take and the exploits that could be used to conduct an attack.

“A chain is no stronger than its weakest link, and life is after all a chain” -William JamesI was reminded when talking to a friend and colleague this week that security is, fundamentally, about people. It is basically a social activity for all that we focus so intently on the technology and on the minutiae of events. And while there isn’t always a traitor to point to, there is always a uniquely Human dimension to security.

Zenprise, a provider of mobile device management solutions, today announced the availability of Zenprise Secure Mobile Gateway™, a new offering that provides multilayer protection against malicious or blacklisted applications. With Zenprise Secure Mobile Gateway, IT administrators can provide employees the freedom to download and install applications on personal devices, while helping to protect enterprise resources from security breaches and rogue applications.

Symantec’s May 2011 MessageLabs Intelligence Report revealed a new trend in spammers establishing their own fake URL-shortening services to perform URL redirection. Symantec attributes this month's 2.9 percentage point increase in spam to the new spamming activity, a rise that was expected following the Rustock botnet takedown in March.

Application Whitelisting and Change Policy Management Ensure that Data and Applications are Protected Today’s cyberspace is often compared to the Wild West, with good reason. Criminal gangs roam around a vast, untamed wilderness. Cattle rustling has been replaced by identity theft. And, sometimes, just for kicks, today’s cyberscum deny services or destroy infrastructure—the modern-day equivalent of getting drunk and shooting up the town.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Government agencies in the Five Eyes countries have published new guidance on creating memory safety roadmaps.

Cloud Security

Cloud Security

While applications and cloud infrastructure present different risk profiles and require different security assessments, they must not be viewed separately with regards to enterprise...