Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

CrowdStrike on Saturday provided technical information and remediation guidance to help organizations impacted by the faulty software update that trigged massive IT outages across the globe on Friday.  

CrowdStrike says a routine sensor configuration update pushed to Windows OS triggered a logic error that blue-screened computers worldwide.

Judge dismissed SEC lawsuit charging SolarWinds and CISO Timothy Brown with hiding security problems before and after the SUNBURST supply chain compromise.

SonicWall warns that a simple GET request is enough to exploit a recent Splunk Enterprise vulnerability.

Over a dozen tech and cloud companies have created a new coalition for advancing security measures for AI.

Noteworthy stories that might have slipped under the radar: threats and risks to 2024 Summer Olympics, cybersecurity funding soars, Cellebrite hacked Trump shooter’s phone. 

The personal and health information of 12.9 million was stolen in a ransomware attack at Australian digital prescription services provider MediSecure.

SolarWinds has released patches for 13 vulnerabilities in Access Rights Manager, including eight critical bugs.

Organizations worldwide are reporting major outages due to Windows system crashes caused by a bad CrowdStrike update.

The Pwn2Own hacking competition is moving to Ireland and $300,000 is being offered for a zero-click exploit against WhatsApp. 

The risk of suffering a ransomware attack is high and organizations must take proactive steps to protect themselves and minimize the impact of a potential breach.

People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

CISA has appointed Jeff Greene as Executive Assistant Director for Cybersecurity and Trent Frazier as Assistant Director for Stakeholder Engagement.

David Chétrit has been appointed the CEO of Kudelski Security.

More People On The Move
CrowdStrike Remediation Information CrowdStrike Remediation Information

CrowdStrike on Saturday provided technical information and remediation guidance to help organizations impacted by the faulty software update that trigged massive IT outages across the globe on Friday.  

CrowdStrike Remediation Information CrowdStrike Remediation Information

CrowdStrike says a routine sensor configuration update pushed to Windows OS triggered a logic error that blue-screened computers worldwide.

CrowdStrike BSOD outage CrowdStrike BSOD outage

Organizations worldwide are reporting major outages due to Windows system crashes caused by a bad CrowdStrike update.

Top Cybersecurity Headlines

Teixeira, who was part of the 102nd Intelligence Wing at Otis Air National Guard Base in Massachusetts, worked as a cyber transport systems specialist.

Researchers show how the Port Shadow technique against VPNs can allow MitM attacks, enabling threat actors to intercept and redirect traffic. 

Pharmacy chain Rite Aid says 2.2 million people are impacted by a recent data breach for which the RansomHub group has taken credit.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s annual cloud security virtual summit returns with a deliberate focus on exposed attack surfaces and weaknesses in public cloud infrastructure and APIs.

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies.

Learn More

Vulnerabilities

Cybercrime

Automatic Transfer System Circumvents Banking Security Measures, Uses "Man in the Browser" Attack to Automate Bank FraudTrend Micro today released a new report that identifies an Automatic Transfer System (ATS) that enables cybercriminals to circumvent many bank security measures and drain victims' bank accounts without leaving visible signs of malicious activity.

The HoneyNet project has launched a new tool dubbed Ghost, developed by a German student, which aims to combat USB-based malware. The researcher from Bonn University, Sebastian Peoplau, developed his tool as part of his bachelor thesis, but it may end up being a go to resource for prevention on standalone and critical systems.

Vladislav Anatolievich Khorokhorin, better known in some circles as ‘Badb’ – has been extradited from France to the United States in order to face charges for credit card trafficking.Badb, according to the U.S. Department of Justice, is the world’s most prolific sellers of stolen credit cards. He made his first appearance before a U.S. judge last week in Washington, D.C., where he was arraigned and ordered detained pending trial.

Facebook, Google, Twitter, AOL, IAB Unite to Protect Users From Malicious Ads With Creation of Ads Integrity AllianceA new alliance comprised of several large online companies and organizations on Friday, announced the launch of the “Ads Integrity Alliance,” an initiative with a mission to protect users from bad ads and maintain trust in the online advertising world.

Weichao Sun, a Trend Micro mobile threat researcher, has discovered a malicious library file within certain Android applications, which hides its routines within the dynamic library in order to make detection harder and avoid removal.The malicious library, libvadgo, was developed using a common Android development toolset. Once libvadgo is called via Java_com_airpuh_ad_UpdateCheck_DataInit, the phone is scanned for signs of being rooted. If so, then various commands are initiated and a separate file is run.

Earlier this week, an Industrial Control System (ICS) security assessment firm, DigitalBond, posted details on a Phishing attack that was targeting their company. Additional research into the attempt has linked the attackers to similar campaigns targeting defense contractors and universities.

US-CERT has issued a warning to organizations and systems providers focusing on a VM vulnerability, which if exploited, would allow the attacker to leave the guest environment; better known as a guest-to-host virtual machine escape.

On Tuesday, the exploit code needed in order to gain administrative rights on several F5 network appliances was added to the Metasploit framework. The addition comes one week after F5 warned customers about the issue, and advised them to take one of three recommended actions, such as upgrading to a non-vulnerable version.

On Tuesday, Microsoft patched over two dozen vulnerabilities across the Windows platform. At the same time, criminals started targeted a new vulnerability that has now become the topic of interest within the security-focused community, especially when Google announced that it is being actively exploited.

Imation, a company that focuses on data security and storage, announced this week that the latest version of its Stealth Zone mobile workspace (version 2.1) will include a fully functional version of Windows 7.

According to a recent study coming from Sophos, the idea of perimeter security translating into network security is dead. The research conducted by Vanson Bourne on behalf of Sophos shows that the SMBs are struggling to keep their infrastructure up to date with current working practices, and its feared that this disconnect will equate to larger security risks.  

Shortly after the public learned that some 6.5 million LinkedIn passwords were compromised, the media focused on two stories; one being the breach itself and the aftermath, the other being the various scams targeting LinkedIn users themselves. As it turns out, the second LinkedIn angle created an unintended consequence.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

CISA says a SILENTSHIELD red team assessment found gaping holes in the security posture of a federal civilian executive branch organization.

Cloud Security

Cloud Security

Join us as we explore the latest trends in the world of SaaS security, cyberattacks against cloud infrastructure, data security posture management (DSPM), and...