Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

A years-long espionage campaign has targeted telecoms companies in Asia with tools associated with Chinese groups.

Ilya Sutskever’s new company is focused on safely developing “superintelligence” – a reference to AI systems that are smarter than humans.

Pomerium raises $13.75 million in Series A funding for dynamic user identity verification and access management platform.

LockBit appears to once again be the most active ransomware group, but experts believe the hackers may just be inflating their numbers. 

Hundreds of PC and server models may be affected by CVE-2024-0762, a privilege escalation and code execution flaw in Phoenix SecureCore UEFI firmware.

AI model weights govern outputs from the system, but altered or ‘poisoned’, they can make the output erroneous and, in extremis, useless and dangerous.

Enterprise identity company raises new capital from JP Morgan and Hercules Capital as it prepares for an IPO exit.

A threat actor targeting Chinese-speaking victims has been using the SquidLoader malware loader in recent attacks.

Atlassian has released Confluence, Crucible, and Jira updates to address multiple high-severity vulnerabilities.

Post-quantum cryptography (PQC) company PQShield has raised $37 million in Series B funding for its quantum-safe cryptography solutions.

A statewide outage of the Massachusetts 911 system was the result of a firewall that blocked calls from reaching emergency responders.

People on the Move

Data security startup Reco adds Merritt Baer as CISO

Chris Pashley has been named CISO at Advanced Research Projects Agency for Health (ARPA-H).

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

Merlin Ventures has appointed cybersecurity executive Andrew Smeaton as the firm’s CISO-in-Residence.

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

More People On The Move
UEFI vulnerability UEFI vulnerability

Hundreds of PC and server models may be affected by CVE-2024-0762, a privilege escalation and code execution flaw in Phoenix SecureCore UEFI firmware.

AI Weights AI Weights

AI model weights govern outputs from the system, but altered or ‘poisoned’, they can make the output erroneous and, in extremis, useless and dangerous.

AMD hack AMD hack

AMD has launched an investigation after a notorious hacker announced selling sensitive data allegedly belonging to the company.

Top Cybersecurity Headlines

Researchers have targeted the MTE security feature in Arm CPUs and showed how attackers could bypass protections.

A British man has been arrested in Spain for allegedly being the ringleader of the notorious Scattered Spider cybercrime group.

Microsoft is not rolling out Recall with Copilot+ PCs as it’s seeking additional feedback and working on improving security.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn how you can transform your security strategy to build your organization’s resilience in the face of evolving threats.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s annual cloud security virtual summit returns with a deliberate focus on exposed attack surfaces and weaknesses in public cloud infrastructure and APIs.

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies.

Learn More

Vulnerabilities

Cybercrime

Building on their previous initiative to warn users who display symptoms of infections, Google said on Tuesday that they would start notifying users who are impacted by DNSChanger malware.

SAP Acquires Ariba for $4.3 BillionSAP AG (NYSE: SAP) today said it would acquire cloud-based business commerce solutions provider, Ariba, Inc. for approximately $4.3 billion.The German software giant said that its subsidiary, SAP America, Inc., has entered into an agreement to acquire Ariba for $45.00 per share.

Although security and networking professionals aren’t officially fortune tellers, being able to predict issues -- and then alleviating them before they happen -- is a large part of the job. One particular issue is the ongoing confusion that users have in understanding the Internet’s Domain Name System (DNS) and its translation of Internet Protocol address numbers into easy-to-remember names. For example, IP address “173.203.107.14” is better known and more easily remembered as SecurityWeek.com.

UK-based IT solutions firm, NCC Group, today anounced a new service that lets organizations simulate the world’s most common form of cyber attack – DDoS attacks.The new “DDoS Assured” service helps companies understand how their IT security systems hold up to DDoS attacks, through an offering that emulates a DDoS attack in a secure, controlled environment.In addition to offering the simulation service, the NCC Group provides security recommendations to clients based on the attack simulation results.

Sophisticated, Multi-faceted Attack Uses an Man in the Browser Attack to Bypass Transaction Authorization Measures Researchers at Trusteer have recently observed a new strategy being deployed by the Tatanga Trojan, which uses multiple attack methods in a single scheme. The attack mixes traditional social engineering with browser hijacking in an attempt to fool the victim into legitimately approving wire transfers.

In an effort to gauge how IT Security professionals are thinking about “Big Data”, Varonis Systems surveyed attendees at the recent Infosecurity Europe 2012 conference on the topic.According to the company, over 180 attendees at the London conference responded, answering questions about whether they thought the definition of big data itself was clear, whether it is or will be a priority for their organizations, and how they could see their organization taking advantage of it.

In an effort to spread information, associates of Anonymous targeted the U.S. Bureau of Justice Statistics’ website on Monday, compromising nearly 2GB of data before the server was taken offline.The 1.7GBs worth of stolen data was compressed into a single file and uploaded to Pirate Bay. The Torrent’s information page explains that Anonymous is releasing the data in order to “spread information, to allow the people to be heard and to know the corruption in their government.”

N.R.C. Chairman Gregory Jaczko Resigns After Being Criticized by Peers Gregory Jaczko, the Chairman of the U.S. Nuclear Regulatory Commission (NRC), said on Monday that he would be resigning from his post, but remain in his position until the administration approves his successor. News of his resignation comes after nearly eight years with the agency.

MasterCard Proposes Cross-Industry Group to Help in Migration of EMV Technology in United StatesIn an effort to spur collaboration between stakeholders that could benefit from the adoption of EMV technology in the United States, MasterCard on Monday proposed the formation of a cross-industry group that it believes would help issuers, merchants, acquirers, processors, terminal and card manufacturers, and others push the technology forward.

The application, which has been taken down by Google, allowed attackers to steal SMS messages from infected devices. Researchers at Trend Micro said they discovered a beta version of a spying tool targeting Google Android devices circulating on Google Play.

Unless you were hiding under a rock, you know that Facebook made its debut as a public company on Friday, listing on the NASDAQ and closing the day valued at approximately $104 billion. Following the historic IPO, Facebook CEO Mark Zuckerberg got married in a surprise wedding that took place just a day after. So for the world’s largest social network, there is plenty to talk about this week, which means that enterprising criminals may want a piece of the action.

Yahoo! has strengthened its webmail filters after researchers at Trend Micro detected a JavaScript attack last week that was targeting its users. In the past, vulnerabilities within webmail platforms have been used to compromise accounts maintained by journalists and activists.

While Chicago police officers battled and bloodied anti-NATO protestors on Sunday, the police department’s website and that of NATO’s fell under attack. Based on the public comments, two separate groups were responsible for the attacks.In a video that was quickly made private once the media picked up on it, AntiS3curityOPS blasted the Chicago Police Department for their actions against protestors during Sunday’s events.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.

Cloud Security