Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Google’s adoption of memory safe programming languages now includes the deployment of Rust in legacy low-level firmware codebases.

Avis Car Rental is notifying roughly 300,000 individuals that their personal information was stolen in an August 2024 data breach.

A Kazakhstani and a Russian national were indicted in the US for operating dark web sites facilitating PII, card, and banking information trading.

An academic researcher has devised a new method of exfiltrating data from air-gapped systems using radio signals from memory buses.

A recently patched SonicWall vulnerability tracked as CVE-2024-40766 may have been exploited in ransomware attacks.

Recorded Future observes renewed Predator spyware activity on fresh infrastructure after a drop caused by US sanctions.

Kaspersky’s customers in the US are being acquired by cybersecurity firm Pango and will be offered UltraAV antimalware software.

The US government will remove “unnecessary degree requirements” in favor of skills-based hiring to help fill 500,000 open cybersecurity jobs.

SonicWall is warning customers that the recently patched critical vulnerability CVE-2024-40766 may be exploited in the wild.

Noteworthy stories that might have slipped under the radar: US Special Forces can hack buildings, X is hiring cybersecurity staff, and FTC warns of Bitcoin ATM scams. 

The latest Apache OFBiz update patches CVE-2024-45195, a bypass of a recently disclosed remote code execution bug exploited in attacks.

People on the Move

Jill Popelka has been appointed CEO at Darktrace, after serving as COO for three months.

GitHub has appointed Alexis Wales as its new Chief Information Security Officer.

Cybersecurity and intelligence solutions provider Nightwing has appointed Christopher Jones as CTO and CDO.

AI-automated software testing firm Code Intelligence has appointed Eric Bruggemann as CEO.

High Wire Networks has named Edward Vasko as CEO and Mark Dallmeier as CRO of its Overwatch division.

More People On The Move
Kaspersky software ban Kaspersky software ban

Kaspersky’s customers in the US are being acquired by cybersecurity firm Pango and will be offered UltraAV antimalware software.

CISA CISA

Researchers and the TSA have different views on the impact of vulnerabilities in an airport security application that could allegedly allow the bypass of certain airport security systems.

Russian Hackers Russian Hackers

A secretive Russian military unit, previously linked to assassinations and destabilization in Europe, is blamed for destructive wiper malware attacks in Ukraine.

Top Cybersecurity Headlines

The US has cracked down on an influence operation sponsored by the Russian government, announcing charges, sanctions and domain seizures.

Microsoft is experimenting with a major new security mitigation to block attacks targeting flaws in the Windows Common Log File System (CLFS).

Google has released Android security updates to patch an exploited local privilege escalation vulnerability.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from cybersecurity experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

BlackBerry maker Research In Motion (RIM) on Thursday announced that CESG, the National Technical Authority for Information Assurance in the UK, has given the BlackBerry 7 operating system its stamp of approval for government use, providing public sector workers the option to utilize several late model BlackBerry smartphones.

Hacktivist "Groups" Have Different Motives Behind Their Attacks, But Most Use The Same Tools That Penetration Testers and Other Security Professionals Use or Sell to Others.

Using data collected from DShield, a community based log correlation system that collects data from sensors covering more than 500,000 IP addresses in over 50 countries, the NCC Group has mapped out its latest report on the origination of computer hacking attempts for the first quarter of 2012.For the first time, the UK made an appearance in the top ten, while percentage of hacking attempts coming from Russia and the Netherlands also jumped.

For most of this week, The Pirate Bay (TPB) and Wikileaks have suffered under the pressure of a sustained DDoS attack from unknown sources. For TPB outages occur frequently, but direct attacks (other than court ordered censorship) are rare. Likewise, Wikileaks sometimes suffers outages or slow connections, but they too rarely see a direct attack.

In December of 2009, after months of waiting, the Obama Administration named Howard Schmidt as the White House Cybersecurity Coordinator. After more than forty years in the IT community, the former head of the Information Security Forum and the nation’s first cyber czar will retire at the end of the month.

ICS-CERT, the section of U.S. CERT that deals with Industrial Control Systems, is issuing an advisory after a researcher exposed four separate flaws within Pro-face Pro-server, a popular data management server that offers real-time reporting of automated manufacturing and production environments. Each of the flaws can be targeted remotely to trigger DoS conditions, or code execution.

Neustar Reports Shows DDoS Attacks Can Cost Retailers More Than $100k Per-hourAccording to NeuStar, a provider of information, infrastructure and security solutions, the effects a DDoS attack can be devastating to an organization's brand and operations. A majority (three-quarters) of the IT professionals that spoke with NeuStar for a study on the issue said that they fear negative brand impact or customer experiences because of such an attack.

Wikimedia, the foundation responsible for information hub Wikipedia, is warning users that if they see ads on the encyclopedia’s webpage, their system might be infected with malware. The ads in question are not the ones asking for donations that show up once a year, but for-profit related adverts.

Stephen Fletcher, the executive director of Utah’s Dept. of Technology Services (DTS), has resigned following the aftermath of a massive data breach earlier this year that exposed nearly one million people, including children. The staffing changes come after preliminary investigations exposed serious flaws within the state’s IT practices, including storing information that shouldn’t have been kept at all.

In an apparent act of cyber espionage, as the acts are being called by Shadowserver researchers Steven Adair and Ned Moran, persons unknown have staged a series of strategic web compromises in order to spread malware. The attackers hijacked several websites related to matters of government and foreign policy, and used them to deliver malicious payloads to visitors by leveraging unpatched software flaws.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

SaaS applications are so easy to use, the decision, and the deployment, is sometimes undertaken by the business unit user with little reference to,...

Cloud Security