Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

YesWeHack has raised more than $52 million to date to build and market a crowdsourced vulnerability reporting platform.

Pyte has raised $5 million for its secure computation platform, bringing the total investment in the company to $12 million. 

Protect AI warns of a dozen critical vulnerabilities in open source AI/ML tools reported via its bug bounty program.

SecurityWeek host its AI Risk Summit + CISO Forum Summer Summit on June 25-26, 2024, at the Ritz-Carlton, Half Moon Bay.

AWS announced passkey MFA for IAM and root users, IAM Access Analyzer updates, and Amazon GuardDuty Malware Protection for S3.

Without tuning your approach to fit your sector, amongst other variables, you’ll be faced with an unmanageable amount of noise.

Life360 says hackers attempted to extort it after stealing personal information from a Tile customer support platform.

Analysis and insights on the prevalence and impact of password exposure vulnerabilities in ICS and other OT products.

The City of Cleveland says emergency services, utilities, and airport are unaffected by a recent cyberattack.

The zero-day is tagged as CVE-2024-32896 and described as an elevation of privilege issue in Pixel Firmware.

Microsoft’s June 2024 Patch Tuesday updates resolve a zero-click Outlook vulnerability leading to remote code execution.

People on the Move

Jill Passalacqua has been appointed Chief Legal Officer at autonomous security solutions provider Horizon3.ai.

Cisco has appointed Sean Duca as CISO and Practice Leader for the APJC region.

Megan Samford named Chief Security Officer of Schneider Electric’s US National Security Agreements & US Federal Business.

Timothy Yost has been named Chief Financial Officer at BlueVoyant.

Amir Gabrieli has been named the new Vice President of Product at Mitiga.

More People On The Move
ICS vulnerabilities ICS vulnerabilities

Analysis and insights on the prevalence and impact of password exposure vulnerabilities in ICS and other OT products.

Microsoft Patches Zero-Click Outlook Vulnerability That Could Soon Be Exploited

Microsoft’s June 2024 Patch Tuesday updates resolve a zero-click Outlook vulnerability leading to remote code execution.

PHP vulnerability exploited PHP vulnerability exploited

The TellYouThePass ransomware gang started exploiting a recent code execution flaw in PHP days after public disclosure.

Top Cybersecurity Headlines

Apple has released a visionOS update that patches CVE-2024-27812, which may be the first flaw specific to the VR headset.

Arm warns that CVE-2024-4610, a Mali GPU kernel driver vulnerability addressed two years ago, is exploited in attacks.

Mandiant says a financially motivated threat actor has compromised hundreds of Snowflake instances using customer credentials stolen via infostealer malware that infected non-Snowflake owned systems.

Fortinet announces plans to acquire Lacework, a late-stage cloud security startup that was once listed as a “unicorn” company valued north of $1 billion.

Auction house Christie’s says the data breach caused by the recent ransomware attack impacts the information of 45,000 individuals.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn how you can transform your security strategy to build your organization’s resilience in the face of evolving threats.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit dives into Threat hunting tools and frameworks, and explores the value of threat intelligence data in the defender’s security stack.

Learn More

Vulnerabilities

Cybercrime

NetQin Mobile, a China-based provider of consumer-focused mobile security software, has undergone a name change. The company is now rolling with the name "NQ Mobile", the brand that it will use to conduct all of its international business. Officially, the company will change its corporate name from NetQin Mobile, Inc. to NQ Mobile, Inc.

We have been thinking about information security for thousands of years. But as the world continues to evolve, Information Security must evolve to keep up with it.

A group of hackers claim to have stolen source code for Symantec’s Norton Antivirus software.Update: 01/06/12 12:20AM EST - Symantec has confirmed with SecurityWeek that hackers have accessed source code related to Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2.

Microsoft is starting the 2012 Patch Tuesday cycle off with a bang.According to Microsoft’s advanced notification, the January security update will include seven bulletins addressing eight vulnerabilities across Windows and Microsoft developer tools and software. Just one of the bulletins is rated ‘critical.’ The other six are rated ‘important.’

Second in a Series on Evaluating New Firewalls: Why Scalability is Important to Sustain Protections through Network Growth and Scale.I realize it may sound a little odd to put firewall scalability ahead of security. After all firewalls are, at their core, access control devices – the ultimate Internet traffic police.

Once again, Veracode has crafted up an infographic, this time comparing how Android and iOS stack up against each other when it comes to mobile security.Veracode, which provides static and dynamic application security testing solutions, noted that greater adoption of smartphones has led to greater security concerns and increased awareness of related vulnerabilities.

Check Point said on Wednesday that its line of secure gateways is now available to organizations using Amazon’s Web Services. The move allows organizations to extend their network security to the cloud, by leveraging virtual appliances such as Check Point’s IPS, App Control, URL Filtering, and Firewall.

In Information Security, you must first define your goals. These goals have to be realistic and inline with the resources at your disposal. One of the questions I like to ask security professionals is, “What is your security strategy?" Amazingly, the response often contains phrases like “We have firewalls and IDS’s on the perimeter”, or “We do vulnerability management using vendor xyz”.

China based NetQin Mobile, a provider of consumer focused mobile security solutions, and Motorola Mobility have inked a deal in which NetQin Mobile Security will be pre-installed on Motorola Android smartphones in China, giving consumers instant access to mobile security out of the box.

Acquisition of EasyLobby Strengthens Portfolio for Physical Access Control, Secure Issuance and Managed Services Markets HID Global, a provider of secure identity and physical access security solutions, today announced that it has acquired EasyLobby, a company that helps manage security of on-site visitors.

AirTight Networks, a provider of wireless security solutions, today announced that SpectraGuard Enterprise, the company’s flagship wireless intrusion prevention solution, has achieved FIPS 140-2 validation, making it certified for deployment within U.S. federal government agencies, including the Department of Defense.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.

Cloud Security