Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

According to a barebones Apple advisory, the new iOS 18.0.1 fixes two bugs that expose passwords and audio snippets to malicious hackers.

The coordinated action resulted in the seizure of more than 100 domains used for spear-phishing targets in the US, UK, and Europe.

CISO salaries are getting higher and experience counts. Average annual compensation for these cybersecurity leaders is more than $550K.

The hack of a police system that exposed contact details of all Dutch police officers was almost certainly carried out by hackers working for a foreign government, the justice minister said.

Jenkins has released patches for multiple high- and medium-severity vulnerabilities impacting the automation tool and several plugins.

An Ivanti EPM SQL injection vulnerability tracked as CVE-2024-29824 has been exploited to target some of the company’s customers.

A critical-severity vulnerability in Cisco NDFC could allow attackers to execute commands with elevated privileges.

Several e-filing and record management systems used in various US states were affected by serious vulnerabilities exposing sensitive data.

Over 4,000 Adobe Commerce and Magento stores unpatched against an exploited vulnerability have been compromised.

CISA director Jen Easterly says there is no chance a foreign adversary can change the results of the upcoming US election.

The latest Chrome and Firefox security updates address multiple high-severity vulnerabilities affecting the popular web browsers.

People on the Move

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

Mario Duarte, formerly head of security at Snowflake, has joined Aembit as CISO.

Kevin Mandia has joined Expel’s board of directors and has been named chair of the board at SpecterOps.

Adam Geller has joined Zscaler as Chief Product Officer.

More People On The Move
CISOs Salaries CISOs Salaries

CISO salaries are getting higher and experience counts. Average annual compensation for these cybersecurity leaders is more than $550K.

Rackspace Breach Rackspace Breach

A breach at Rackspace exposes the fragility of the software supply chain, triggering a blame game among vendors over an exploited zero-day.

DDoS attack DDoS attack

Cloudflare recently mitigated another record-breaking DDoS attack, peaking at 3.8 Tbps and 2.14 billion Pps. 

Top Cybersecurity Headlines

Previously seized LockBit websites have been used to announce more arrests, charges and infrastructure disruptions.

That dream of a decentralized privacy-retaining identity system able to combat AI-driven bots and deepfakes may not be as elusive as feared – courtesy of Tools for Humanity (TfH) and Worldcoin.

Gavin Newsom vetoed a landmark bill SB 1047 aimed at establishing first-in-the-nation safety measures for large artificial intelligence models.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization’s data security and resilience.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

BEIJING - Despite several years of escalating diplomacy and warnings, the U.S. is making little headway in its efforts to tamp down aggressive Chinese cyberattacks against American companies and the government. U.S. Defense Secretary Leon Panetta, who is wrapping up three days of meetings with military and civilian leaders, said he has brought the issue up at every session and come away with little more than agreements to talk again.

Cyber Espionage Attacks Hit Philippine Oil Company and Canadian Energy FirmResearchers from Dell SecureWorks’ Counter Threat Unit say they have discovered yet another cyber espionage campaign targeting oil and energy companies. 

Employees are increasingly turning to web-based or web-enabled applications to help get their jobs done. To combat the risks associated with these applications, one of the most significant evolutions in network security over the last few years has been the advent of application control. This technology gives administrators visibility and control over each application that is allowed to communicate on the network.

IBM's X-Force 2012 mid-year report found a sharp increase in browser-related exploits, Mac-based attacks, and SMS related scams. Since its last Trend and Risk Report, released at the beginning of the year, IBM's X-Force has seen an increase in malware and malicious Web activities, a disconnect in how corporations implement "bring your own device" (BYOD) programs, and increased concern in how users are selecting passwords to protect their various Web accounts.

MANILA - The Philippines said Thursday it had deported 279 Taiwanese accused of running a multi-million-dollar online scam that prompted stepped-up airport screening to guard against criminal gangs. The Taiwanese were put on two chartered flights on Wednesday to Taipei, where they face prosecution, immigration spokeswoman Antonette Mangrobang said.

On Wednesday, Microsoft released a FixIt tool for those wanting some automated protection from the latest Zero-Day for Internet Explorer. However, if users at home are using caution as they surf the Web, and organizations are being proactive, it might be easier to wait until Friday, when Microsoft will issue an out-of-band security update to their browser, fully addressing the problem.

Veracode Launches Vendor Application Security Testing ProgramApplication security testing firm Veracode on Wednesday launched an automated program to help businesses evaluate security risks associated with third-party software.

According to security vendor Incapsula, August was a busy month for Web Application attacks. The company's latest "attack heat map report" shows some interesting snapshots of the Web, including an overall attack level in Denmark of 0.74 percent, which was launched from a single source.

NEW YORK - A US financial industry group warned banks and other institutions to beware cyber attacks Wednesday, after some firms reported sporadic problems with their websites. The Financial Services Information Sharing and Analysis Center said it raised its cyber threat level from "elevated" to "high."

EMC said today that it has acquired Montreal-based Silicium Security, a developer of endpoint monitoring technology that helps security teams detect and mitigate unknown and advanced malware. Originally developed for a Canadian government customer, the Company’s says its flagship product, ECAT has been deployed since 2007.

LOUISVILLE, KY — A computer programmer from central Kentucky who once did contract work for Toyota has been charged with hacking into and damaging computers used by the automobile maker.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Application security and vulnerability management platform DefectDojo has raised $7 million in Series A funding.

Cloud Security

Cloud Security

Credentials are still the most common entry point for bad actors, even as businesses deploy multi-factor authentication (MFA) to strengthen defenses.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.