Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

CrowdStrike on Saturday provided technical information and remediation guidance to help organizations impacted by the faulty software update that trigged massive IT outages across the globe on Friday.  

CrowdStrike says a routine sensor configuration update pushed to Windows OS triggered a logic error that blue-screened computers worldwide.

Judge dismissed SEC lawsuit charging SolarWinds and CISO Timothy Brown with hiding security problems before and after the SUNBURST supply chain compromise.

SonicWall warns that a simple GET request is enough to exploit a recent Splunk Enterprise vulnerability.

Over a dozen tech and cloud companies have created a new coalition for advancing security measures for AI.

Noteworthy stories that might have slipped under the radar: threats and risks to 2024 Summer Olympics, cybersecurity funding soars, Cellebrite hacked Trump shooter’s phone. 

The personal and health information of 12.9 million was stolen in a ransomware attack at Australian digital prescription services provider MediSecure.

SolarWinds has released patches for 13 vulnerabilities in Access Rights Manager, including eight critical bugs.

Organizations worldwide are reporting major outages due to Windows system crashes caused by a bad CrowdStrike update.

The Pwn2Own hacking competition is moving to Ireland and $300,000 is being offered for a zero-click exploit against WhatsApp. 

The risk of suffering a ransomware attack is high and organizations must take proactive steps to protect themselves and minimize the impact of a potential breach.

People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

CISA has appointed Jeff Greene as Executive Assistant Director for Cybersecurity and Trent Frazier as Assistant Director for Stakeholder Engagement.

David Chétrit has been appointed the CEO of Kudelski Security.

More People On The Move
CrowdStrike Remediation Information CrowdStrike Remediation Information

CrowdStrike on Saturday provided technical information and remediation guidance to help organizations impacted by the faulty software update that trigged massive IT outages across the globe on Friday.  

CrowdStrike Remediation Information CrowdStrike Remediation Information

CrowdStrike says a routine sensor configuration update pushed to Windows OS triggered a logic error that blue-screened computers worldwide.

CrowdStrike BSOD outage CrowdStrike BSOD outage

Organizations worldwide are reporting major outages due to Windows system crashes caused by a bad CrowdStrike update.

Top Cybersecurity Headlines

Teixeira, who was part of the 102nd Intelligence Wing at Otis Air National Guard Base in Massachusetts, worked as a cyber transport systems specialist.

Researchers show how the Port Shadow technique against VPNs can allow MitM attacks, enabling threat actors to intercept and redirect traffic. 

Pharmacy chain Rite Aid says 2.2 million people are impacted by a recent data breach for which the RansomHub group has taken credit.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s annual cloud security virtual summit returns with a deliberate focus on exposed attack surfaces and weaknesses in public cloud infrastructure and APIs.

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies.

Learn More

Vulnerabilities

Cybercrime

Microsoft patched more than two dozen security vulnerabilities across several of its products and rolled out a new update feature in response to the Flame attacks in a busy Patch Tuesday. This month's security update featured seven bulletins, including three that are rated 'Critical' and touch issues related to Internet Explorer, the .NET Framework and the Remote Desktop Protocol (RDP). The other four bulletins are rated 'important.'

A court in the U.K. sentenced six men for their roles in managing online forums that coached identity thieves in how to commit fraud. The men were: Jason Place, 42, of Gravesend, Kent; Mark Powell-Richards, 59, Bickley, Kent; Allen Stringer, 57, Crossgates, Leeds; Michael Daly, 68, Erith, Kent; Jaipal Singh, 31, Wednesbury, West Midlands and Arun Thear, 22, West Bromwich, West Midlands. Each received various sentences, with Place garnering the stiffest – six years and nine months.

Despite the increased deployment of DNS Security Extensions (DNSSEC), the global threats from phishing have continued to keep security professionals on their guard. The semi-annual “Global Phishing Survey” from the Anti-Phishing Working Group (APWG) provides powerful insight into what is happening in phishing worldwide.

Dell SecureWorks, the managed security services division of Dell, on Monday launched new managed security services for enterprises, including new managed third-party Security Information and Event Monitoring (SIEM) services and managed services for F5’ BIG-IP Application Security Manager (ASM) Web Application Firewall.

South Korean police arrested a man from Seoul last week in connection with a plot to use infected video games to launch cyber attacks on behalf of North Korea. According to Korea JoongAng Daily, police arrested the 39-year-old video game distributor, identified only by the surname Jo, was caught attempting to launch distributed denial-of-service (DDoS) attacks on Incheon International Airport.

WhiteHat Security, a Santa Clara, California based company best known for its Web application security testing solutions, today launched “Sentinel Source”, a new Static Application Security Testing (SAST) solution that helps developers and security teams with continuous concurrent code assessments.

Researchers are warning organizations that a recently-fixed authentication vulnerability in MySQL is simple to exploit.The authentication bypass, called "tragically comedic" by Rapid7's HD Moore, also affects MariaDB and was fixed in recent versions of both products.

Just one business day after announcing that it has filed an S-1 registration for its Initial Public Offering (IPO), Redwood City, California-based Qualys today introduced a private cloud version of its QualysGuard Cloud Platform that allows customers and partners to host and operate the security and compliance platform within their data centers.

Following the initial discovery of the Flame malware, researchers originally believed there was no significant similarity between its code and development methods and those of the Tilded platform, the development platform that Stuxnet and Duqu are based on.

McAfee today announced new enhancements to its Cloud Security Platform that bring enhanced security for cloud-based interactions through better product integration, context-based policy support and web protection for mobile workers.The McAfee Cloud Security Platform is designed to help organizations extend their security and policy enforcement into the Cloud by securing the three primary channels of traffic – email, web and identity.

After MyBios (Mebromi) became the first malware to successfully infect the Award BIOS and survive a reboot to own the system, BIOS-based rootkits became the toast of the malware research community. That was in 2011, and now, months after the initial discovery, McAfee has found another BIOS-based rootkit – BIOSkit.

The bot’s name is IP-Killer, also known as MP-DDoser. First documented earlier this year, IP-Killer is purely a DDoS bot, as it cannot capture passwords or deliver spam by the truckload. Active development since its inception in 2011 has turned this specialty code into what Arbor Networks calls a rapidly improving threat, including a revamped and working version of the famed Apache Killer technique.

Oracle has said that it would deliver 14 patches on Tuesday, in order to address serious security problems with the Java platform.“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Critical Patch Update fixes as soon as possible,” an advisory states.

Qualys IPO Could Raise Nearly $100 MillionCloud-based security and compliance solutions provider Qualys, Inc., on Friday filed an S-1 registration statement with the U.S. Securities and Exchange Commission, and is set to soon to go public in an IPO that could raise nearly $100 million.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

CISA says a SILENTSHIELD red team assessment found gaping holes in the security posture of a federal civilian executive branch organization.

Cloud Security

Cloud Security

Join us as we explore the latest trends in the world of SaaS security, cyberattacks against cloud infrastructure, data security posture management (DSPM), and...