Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Google’s adoption of memory safe programming languages now includes the deployment of Rust in legacy low-level firmware codebases.

Avis Car Rental is notifying roughly 300,000 individuals that their personal information was stolen in an August 2024 data breach.

A Kazakhstani and a Russian national were indicted in the US for operating dark web sites facilitating PII, card, and banking information trading.

An academic researcher has devised a new method of exfiltrating data from air-gapped systems using radio signals from memory buses.

A recently patched SonicWall vulnerability tracked as CVE-2024-40766 may have been exploited in ransomware attacks.

Recorded Future observes renewed Predator spyware activity on fresh infrastructure after a drop caused by US sanctions.

Kaspersky’s customers in the US are being acquired by cybersecurity firm Pango and will be offered UltraAV antimalware software.

The US government will remove “unnecessary degree requirements” in favor of skills-based hiring to help fill 500,000 open cybersecurity jobs.

SonicWall is warning customers that the recently patched critical vulnerability CVE-2024-40766 may be exploited in the wild.

Noteworthy stories that might have slipped under the radar: US Special Forces can hack buildings, X is hiring cybersecurity staff, and FTC warns of Bitcoin ATM scams. 

The latest Apache OFBiz update patches CVE-2024-45195, a bypass of a recently disclosed remote code execution bug exploited in attacks.

People on the Move

Jill Popelka has been appointed CEO at Darktrace, after serving as COO for three months.

GitHub has appointed Alexis Wales as its new Chief Information Security Officer.

Cybersecurity and intelligence solutions provider Nightwing has appointed Christopher Jones as CTO and CDO.

AI-automated software testing firm Code Intelligence has appointed Eric Bruggemann as CEO.

High Wire Networks has named Edward Vasko as CEO and Mark Dallmeier as CRO of its Overwatch division.

More People On The Move
Kaspersky software ban Kaspersky software ban

Kaspersky’s customers in the US are being acquired by cybersecurity firm Pango and will be offered UltraAV antimalware software.

CISA CISA

Researchers and the TSA have different views on the impact of vulnerabilities in an airport security application that could allegedly allow the bypass of certain airport security systems.

Russian Hackers Russian Hackers

A secretive Russian military unit, previously linked to assassinations and destabilization in Europe, is blamed for destructive wiper malware attacks in Ukraine.

Top Cybersecurity Headlines

The US has cracked down on an influence operation sponsored by the Russian government, announcing charges, sanctions and domain seizures.

Microsoft is experimenting with a major new security mitigation to block attacks targeting flaws in the Windows Common Log File System (CLFS).

Google has released Android security updates to patch an exploited local privilege escalation vulnerability.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from cybersecurity experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

Yahoo has since released an updated extension to address the issue, which was discovered by a security researcher shortly after Yahoo announced Axis. When Yahoo released its new Axis extension for Google's Chrome browser Wednesday, the company accidentally disclosed a private signing key that could be abused by an attacker.

Protegrity, a provider of data security solutions, on Wednesday announced Protegrity Vaultless Tokenization, an offering designed to help payment processors and gateways cost-effectively provide tokenization services to their clients.That company says it can now support the largest companies in the payments industry with a lightweight tokenization solution that can scale to thousands of merchants, quickly, without the cost and complexity of backend database infrastructure.

The National Centers of Academic Excellence in Cyber Operations Program, an initiative of the National Security Agency, aims to increase the amount of professionals with expertise in this area. The program is designed to identify institutions that offer a deeply technical, interdisciplinary curriculum centered on fields such as computer science, computer engineering, and electrical engineering. In addition, it supports the government's work to better protect cyberspace.

Polytechnic Institute of New York University (NYU-Poly) is introducing a management track to its master’s degree in cyber security. The first classes begin this summer."We created the management track in response to calls from industry for highly qualified executives with strong technical knowledge," said NYU-Poly Computer Science and Engineering Professor Nasir Memon."It will prepare graduates to manage a team of cyber-security personnel as well as a command of the business acumen to secure information in line with company objectives."

Intel has released a single sign-on application that will enable enterprises to use Salesforce.com credentials on all of the Force.com applications, in addition to scores of others across the Web. More over, Intel’s Cloud SSO service offers two-factor authentication options and has detailed reporting implemented from the start.

ICSA Labs this week launched a testing program designed to help determine whether smartphones and tables meet the latest security standards for connecting with Virtual Private Networks (VPNs).Generically named “Mobile Device VPN Security”, the new program is available immediately for wireless carriers and mobile device manufacturers. According to ICSA Labs, Verizon Wireless is the program's first customer—not surprising since ICSA Labs is a division of Verizon.

Revelations about a recent breach of confidential data in Utah highlights how configuration errors can end up being costly.A recent data breach that exposed personal information for nearly 800,000 people in Utah also exposed how lethal configuration mistakes and policy failures can be in the world of security.

For those purists within the auditing and network exploration community, there is good news this week – Nmap version 6.0 has been released to the public. Nmap is the standard for security audits and exploration, and the latest version has some useful improvements.Version 6 includes improvements to the Nmap Scripting Engine (NSE), which includes a bump in script count. Nmap 5 included a script count of 59, where version 6 has grown to 348, and each one has been documented and...

The popularity of the Android platform, combined with the openness that it represents, has created model that allows developers of all shapes and sizes to create unique works. Yet, this same openness has allowed criminals to create works with malicious intent. Thus, a North Carolina State University researcher has sat out to map the Android Malware Genome in an effort to spread information and combat the malicious side of Android development.

Building on their previous initiative to warn users who display symptoms of infections, Google said on Tuesday that they would start notifying users who are impacted by DNSChanger malware.

SAP Acquires Ariba for $4.3 BillionSAP AG (NYSE: SAP) today said it would acquire cloud-based business commerce solutions provider, Ariba, Inc. for approximately $4.3 billion.The German software giant said that its subsidiary, SAP America, Inc., has entered into an agreement to acquire Ariba for $45.00 per share.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

SaaS applications are so easy to use, the decision, and the deployment, is sometimes undertaken by the business unit user with little reference to,...

Cloud Security