Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Republican Gov. Phil Scott said the legislation would have made Vermont “a national outlier and more hostile than any other state to many businesses and non-profits.”

Security researchers at Cisco Talos and Volexity flag two Pakistani espionage campaigns targeting Indian government entities.

Retired U.S. Army General Paul M. Nakasone brings cybersecurity experience to OpenAI’s Board of Directors and Safety and Security Committee.

The increase in mass exploitation involving edge services and devices is likely to worsen.

Ascension says patient information was stolen in an early-May ransomware attack that involved an employee downloading malware.

Noteworthy stories that might have slipped under the radar: Overview of the ICS malware Fuxnet, Google accused of tracking users, scammers impersonate CISA staff.

Rockwell Automation has patched three high-severity vulnerabilities in its FactoryTalk View SE HMI software.

CISA urges federal agencies to apply mitigations for an exploited Progress Telerik vulnerability as soon as possible.

Microsoft is not rolling out Recall with Copilot+ PCs as it’s seeking additional feedback and working on improving security.

YesWeHack has raised more than $52 million to date to build and market a crowdsourced vulnerability reporting platform.

Pyte has raised $5 million for its secure computation platform, bringing the total investment in the company to $12 million. 

People on the Move

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

Jill Passalacqua has been appointed Chief Legal Officer at autonomous security solutions provider Horizon3.ai.

Cisco has appointed Sean Duca as CISO and Practice Leader for the APJC region.

Megan Samford named Chief Security Officer of Schneider Electric’s US National Security Agreements & US Federal Business.

Timothy Yost has been named Chief Financial Officer at BlueVoyant.

More People On The Move
Windows Recall security Windows Recall security

Microsoft is not rolling out Recall with Copilot+ PCs as it’s seeking additional feedback and working on improving security.

ICS vulnerabilities ICS vulnerabilities

Analysis and insights on the prevalence and impact of password exposure vulnerabilities in ICS and other OT products.

Microsoft Patches Zero-Click Outlook Vulnerability That Could Soon Be Exploited

Microsoft’s June 2024 Patch Tuesday updates resolve a zero-click Outlook vulnerability leading to remote code execution.

Top Cybersecurity Headlines

The TellYouThePass ransomware gang started exploiting a recent code execution flaw in PHP days after public disclosure.

Apple has released a visionOS update that patches CVE-2024-27812, which may be the first flaw specific to the VR headset.

Arm warns that CVE-2024-4610, a Mali GPU kernel driver vulnerability addressed two years ago, is exploited in attacks.

Mandiant says a financially motivated threat actor has compromised hundreds of Snowflake instances using customer credentials stolen via infostealer malware that infected non-Snowflake owned systems.

Fortinet announces plans to acquire Lacework, a late-stage cloud security startup that was once listed as a “unicorn” company valued north of $1 billion.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn how you can transform your security strategy to build your organization’s resilience in the face of evolving threats.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit dives into Threat hunting tools and frameworks, and explores the value of threat intelligence data in the defender’s security stack.

Learn More

Vulnerabilities

Cybercrime

Why are people talking about the Cyber Intelligence Sharing and Protection Act (CISPA) as really protecting the United States from cyber threats? The bill claims its goal is to share intelligence on Internet traffic to help “ensure the protection of our national networks against cyber threats.”

Adobe’s Photoshop is a key application within the marketing, advertising, sales, publishing and graphic design markets. Businesses that rely on images to move product use Adobe’s costly flagship product. So when code execution vulnerabilities were discovered in Photoshop 12 (CS5) it’s easy to think that a patch would not only be released, but that it would be free. Those thoughts couldn’t be further from the truth.

Department of Defense Widens of Defense Industrial Base (DIB) Cybersecurity Information Sharing InitiativesThe U.S. Department of Defense, working alongside the U.S. Department of Homeland Security, announced on Friday that they would expand the availability of the cybersecurity information assurance program launched last year.

The Internet Crime Complaint Center (IC3) released its 2011 Internet Crime Report on Thursday, revealing some of the top scams and cybercrime trends for the year.All totaled, the IC3 said it received and processed 314,246 complaints in 2011, averaging out to 26,000 complaints per month. These numbers represent a 3.4 percent increase over the number of complaints received in 2010. The reported dollar loss was $485.3 million.

TrustSphere, a company that provides reputation and messaging intelligence solutions, has released an email security product that leverages a social graph of trusted senders to block spam and reduce the number of messages erroneously sent to junk mail folders, while at the same time helping to defend against targeted attacks.

After suffering a massive amount of embarrassment over the leak of classified and sensitive diplomatic cables to WikiLeaks - allegedly at the hands of an insider - the Army wants to use keylogging software with additional abilities, to prevent another Cablegate scale data breach.Maj. Gen. Steven Smith, chief of the Army Cyber Directorate, told the Army Times, that they would soon be shopping for software that would be pre-programmed to detect abnormal behavior, as well as examine web searches, downloads,...

They call it OpDefiance (or Operation Defiance), and on Wednesday Anonymous pushed forward in their continual acts of defiance by targeting the website of Russia’s on-again-off-again president, Vladimr Putin.

The world of social media, with its wealth of information and volume of potential victims, has remained a popular stomping ground for cyber criminals. While examining the ten most prevalent threat detections for April, GFI Software discovered that Twitter and Facebook were no longer the main sources of material for enterprising scammers.

Apple Auto-Disables Outdated Versions of Flash Player, Pushes Several Security Fixes in Mac OS X 10.7.4 and Safari UpdateFollowing a recent update to its iOS software that addressed several security issues with Apple’s mobile devices, the Cupertino tech titan pushed another significant software update today, this time for its flagship Mac OS X operating system and Safari Web browser.

Dell today announced that it has completed its acquisition of IT security vendor SonicWALL, adding several components to the company’s security software and services portfolio.In a deal that was announced on March 13 of this year, while the terms were not publicly disclosed, Dell reportedly paid $1.2 billion to acquired SonicWALL.

Adscend Media LLC, a marketing firm connected to several Clickjacking schemes (also known as Likejacking), has agreed to pay attorney fees and stop spamming Facebook. The agreement was announced on Monday by the Washington State Attorney General’s office.Washington State Attorney General Rob McKenna sued Adscend earlier this year, after a rash of scams on Facebook led to users being tricked into sharing personal information and signing up for subscription services.

David DeWalt Joins Mandiant as Chairman of the Board of Directors Mandiant, a firm focused on security threat detection and response solutions, has announced that former McAfee President and CEO, David DeWalt, has been named as chairman of Mandiant’s board of directors.

MySpace Settles With FTC After Failing to Live up to Privacy ExpectationsOn Tuesday, the Federal Trade Commission (FTC) announced that MySpace has agreed to settle charges that the social networking portal misrepresented its privacy claims to users.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.

Cloud Security