Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Google’s adoption of memory safe programming languages now includes the deployment of Rust in legacy low-level firmware codebases.

Avis Car Rental is notifying roughly 300,000 individuals that their personal information was stolen in an August 2024 data breach.

A Kazakhstani and a Russian national were indicted in the US for operating dark web sites facilitating PII, card, and banking information trading.

An academic researcher has devised a new method of exfiltrating data from air-gapped systems using radio signals from memory buses.

A recently patched SonicWall vulnerability tracked as CVE-2024-40766 may have been exploited in ransomware attacks.

Recorded Future observes renewed Predator spyware activity on fresh infrastructure after a drop caused by US sanctions.

Kaspersky’s customers in the US are being acquired by cybersecurity firm Pango and will be offered UltraAV antimalware software.

The US government will remove “unnecessary degree requirements” in favor of skills-based hiring to help fill 500,000 open cybersecurity jobs.

SonicWall is warning customers that the recently patched critical vulnerability CVE-2024-40766 may be exploited in the wild.

Noteworthy stories that might have slipped under the radar: US Special Forces can hack buildings, X is hiring cybersecurity staff, and FTC warns of Bitcoin ATM scams. 

The latest Apache OFBiz update patches CVE-2024-45195, a bypass of a recently disclosed remote code execution bug exploited in attacks.

People on the Move

Jill Popelka has been appointed CEO at Darktrace, after serving as COO for three months.

GitHub has appointed Alexis Wales as its new Chief Information Security Officer.

Cybersecurity and intelligence solutions provider Nightwing has appointed Christopher Jones as CTO and CDO.

AI-automated software testing firm Code Intelligence has appointed Eric Bruggemann as CEO.

High Wire Networks has named Edward Vasko as CEO and Mark Dallmeier as CRO of its Overwatch division.

More People On The Move
Kaspersky software ban Kaspersky software ban

Kaspersky’s customers in the US are being acquired by cybersecurity firm Pango and will be offered UltraAV antimalware software.

CISA CISA

Researchers and the TSA have different views on the impact of vulnerabilities in an airport security application that could allegedly allow the bypass of certain airport security systems.

Russian Hackers Russian Hackers

A secretive Russian military unit, previously linked to assassinations and destabilization in Europe, is blamed for destructive wiper malware attacks in Ukraine.

Top Cybersecurity Headlines

The US has cracked down on an influence operation sponsored by the Russian government, announcing charges, sanctions and domain seizures.

Microsoft is experimenting with a major new security mitigation to block attacks targeting flaws in the Windows Common Log File System (CLFS).

Google has released Android security updates to patch an exploited local privilege escalation vulnerability.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from cybersecurity experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

A California woman was sentenced Monday to five years in federal prison for her role in an international phishing operation that tried to defraud banks of more than $1 million.Nichole Michelle Merzi, 26, of Oceanside, was sentenced following a six-week trial in 2011 that ended with her being convicted of bank and wire fraud conspiracy, aggravated identity theft, computer fraud conspiracy and money laundering conspiracy charges.

You decide to eat at a restaurant that not only gets good reviews, but is highly recommended by a few of your friends. The menu is extensive and you and your lovely spouse or date pick out an entree that you can almost smell just by reading the description. The server--or sommelier if the restaurant has one--recommends the perfect wine pairing, a South African Sauvignon Blanc that brings some minerality to the party, complementing the shrimp with a coconut lemon...

McAfee and parent company Intel have developed what they’re calling a “reference implementation” to provide situational awareness and multi-zone protection to segments of the nation’s critical infrastructure.

Researchers at Trusteer have discovered a variant of Zeus with a P2P component that is targeting high profile sites such as Facebook, Google, Hotmail, and Yahoo in order to compromise debit and credit card data.The attacks being carried out by the P2P version of Zeus use a basic form of social engineering. Depending on the service being targeted at the time, users are presented with offers for additional security measures and rebates.

Microsoft says their new research on cloud computing shows that security may not be the impediment many perceive it to be.In a survey of 94 small to midsized businesses (SMBs) in the U.S. using the cloud and 93 that do not, it was revealed that of those who do:- 35 percent believe their business was more secure- 38 percent said they spent less time managing security

Vaultive, a provider of cloud data encryption solutions, today launched Vaultive for Hosted Exchange, an enterprise-class cloud data encryption solution that encrypts data-at-rest and data-in-use within Hosted Microsoft Exchange environments, while letting enterprise IT retain control of the encryption keys.

A start-up in Russia, backed by Microsoft, says they have developed technology that can stop BitTorrent-based filesharing. The Pirate Pay came into existence due to the growth of copyright infringement in Russia, and the mounting international pressure to stop it.One of the first companies to back Pirate Pay was Microsoft, who granted them $100,000 in seed money. Microsoft was soon followed by Walt Disney Studios and Sony Pictures in Russia, who hired the firm to protect the film, Vysotsky. Thanks...

You've heard it a thousand times before: information is power. The more data you have, the more insight and knowledge you possess. But what happens when your data stores grow so large that securing and managing them effectively is no longer in the cards? What happens when every new security control that's put in place to protect data is just another administrative burden—increasing the security event data that must be monitored, logged, shared between security components, analyzed, and reported on.How...

Backdoor Found In ZTE Android SmartphoneZTE, a handset manufacturer in China, has shipped Android smartphones to the U.S. with a fully enabled backdoor. The news of the backdoor came by way of an anonymous post to Pastebin, but was later confirmed by other researchers.[Updated 05/17 to Add ZTE Working On Patch for Backdoor Vulnerability]

Why are people talking about the Cyber Intelligence Sharing and Protection Act (CISPA) as really protecting the United States from cyber threats? The bill claims its goal is to share intelligence on Internet traffic to help “ensure the protection of our national networks against cyber threats.”

Adobe’s Photoshop is a key application within the marketing, advertising, sales, publishing and graphic design markets. Businesses that rely on images to move product use Adobe’s costly flagship product. So when code execution vulnerabilities were discovered in Photoshop 12 (CS5) it’s easy to think that a patch would not only be released, but that it would be free. Those thoughts couldn’t be further from the truth.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

SaaS applications are so easy to use, the decision, and the deployment, is sometimes undertaken by the business unit user with little reference to,...

Cloud Security