Upcoming Virtual Event: Cloud Security Summit | July 17 - Register Now
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

CISA says it has evidence that a recent critical-severity vulnerability in GeoServer is exploited in the wild.

The Void Banshee APT exploited the CVE-2024-38112 Windows zero-day to infect systems with the Atlantida stealer.

A team of former GitHub engineers has secured $20 million in venture capital funding from Sequoia to build AI-powered security tools.

Frank Kim and Charles Blauner are responsible for security at both their own company and for the companies in which their firms invest.

Car dealership AutoNation has informed the SEC that the CDK Global ransomware attack impacted its quarterly earnings.

Hackers exploited a flaw to hijack cryptocurrency domains that were migrated from Google Domains to Squarespace.

Disney has launched an investigation after a hacker group named NullBulge leaked data allegedly stolen from the company.

Kaspersky is shutting down operations in the US and laying off employees following the recent Commerce Department ban.

Over 310 GB of data from mSpy, including 2.4 million email addresses and other user data, was leaked online.

IoT cybersecurity company Exein has raised €15 million (~$16.3 million) in a Series B funding round led by 33N.

The massive AT&T breach has been linked to an American hacker living in Turkey and reports say the telecom giant paid a $370,000 ransom.

People on the Move

Craig Boundy has left Experian to join McAfee as President and CEO.

Forcepoint has promoted Ryan Windham from Chief Customer and Strategy Officer to Chief Executive Officer.

ICS and OT cybersecurity solutions provider TXOne Networks appointed Stephen Driggers as its new CRO.

Identity orchestration provider Strata Identity has appointed Aldo Pietropaolo as Field CTO.

Cybersecurity provider for the aviation industry Cyviation has appointed Eliran Almog as Chief Executive Officer.

More People On The Move
Kaspersky software ban Kaspersky software ban

Kaspersky is shutting down operations in the US and laying off employees following the recent Commerce Department ban.

AT&T Data Breach AT&T Data Breach

The massive AT&T breach has been linked to an American hacker living in Turkey and reports say the telecom giant paid a $370,000 ransom.

Google in Advanced Talks to Buy Wiz for $23B: WSJ Report

Google’s parent company Alphabet is reportedly in advanced talks to acquire the hotshot Israeli data security startup.

Top Cybersecurity Headlines

Data breach exposed records of call and text interactions for nearly all AT&T’s wireless customers and has been linked to the recent attacks targeting Snowflake customers.

Few people understand AI, nor how to use nor control it, nor where it is going. Yet politicians wish to regulate it.

Security vendor InkBridge Networks calls urgent attention to the discovery of a decades-old design flaw (CVE-2024-3596) in the popular RADIUS protocol.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s annual cloud security virtual summit returns with a deliberate focus on exposed attack surfaces and weaknesses in public cloud infrastructure and APIs.

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies.

Learn More

Vulnerabilities

Cybercrime

Facebook, Google, Twitter, AOL, IAB Unite to Protect Users From Malicious Ads With Creation of Ads Integrity AllianceA new alliance comprised of several large online companies and organizations on Friday, announced the launch of the “Ads Integrity Alliance,” an initiative with a mission to protect users from bad ads and maintain trust in the online advertising world.

Weichao Sun, a Trend Micro mobile threat researcher, has discovered a malicious library file within certain Android applications, which hides its routines within the dynamic library in order to make detection harder and avoid removal.The malicious library, libvadgo, was developed using a common Android development toolset. Once libvadgo is called via Java_com_airpuh_ad_UpdateCheck_DataInit, the phone is scanned for signs of being rooted. If so, then various commands are initiated and a separate file is run.

Earlier this week, an Industrial Control System (ICS) security assessment firm, DigitalBond, posted details on a Phishing attack that was targeting their company. Additional research into the attempt has linked the attackers to similar campaigns targeting defense contractors and universities.

US-CERT has issued a warning to organizations and systems providers focusing on a VM vulnerability, which if exploited, would allow the attacker to leave the guest environment; better known as a guest-to-host virtual machine escape.

On Tuesday, the exploit code needed in order to gain administrative rights on several F5 network appliances was added to the Metasploit framework. The addition comes one week after F5 warned customers about the issue, and advised them to take one of three recommended actions, such as upgrading to a non-vulnerable version.

On Tuesday, Microsoft patched over two dozen vulnerabilities across the Windows platform. At the same time, criminals started targeted a new vulnerability that has now become the topic of interest within the security-focused community, especially when Google announced that it is being actively exploited.

Imation, a company that focuses on data security and storage, announced this week that the latest version of its Stealth Zone mobile workspace (version 2.1) will include a fully functional version of Windows 7.

According to a recent study coming from Sophos, the idea of perimeter security translating into network security is dead. The research conducted by Vanson Bourne on behalf of Sophos shows that the SMBs are struggling to keep their infrastructure up to date with current working practices, and its feared that this disconnect will equate to larger security risks.  

Shortly after the public learned that some 6.5 million LinkedIn passwords were compromised, the media focused on two stories; one being the breach itself and the aftermath, the other being the various scams targeting LinkedIn users themselves. As it turns out, the second LinkedIn angle created an unintended consequence.

Microsoft patched more than two dozen security vulnerabilities across several of its products and rolled out a new update feature in response to the Flame attacks in a busy Patch Tuesday. This month's security update featured seven bulletins, including three that are rated 'Critical' and touch issues related to Internet Explorer, the .NET Framework and the Remote Desktop Protocol (RDP). The other four bulletins are rated 'important.'

A court in the U.K. sentenced six men for their roles in managing online forums that coached identity thieves in how to commit fraud. The men were: Jason Place, 42, of Gravesend, Kent; Mark Powell-Richards, 59, Bickley, Kent; Allen Stringer, 57, Crossgates, Leeds; Michael Daly, 68, Erith, Kent; Jaipal Singh, 31, Wednesbury, West Midlands and Arun Thear, 22, West Bromwich, West Midlands. Each received various sentences, with Place garnering the stiffest – six years and nine months.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

CISA says a SILENTSHIELD red team assessment found gaping holes in the security posture of a federal civilian executive branch organization.