Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

The Municipal Water Authority of Aliquippa was just one of multiple organizations breached in the U.S. by Iran-linked “Cyber Av3ngers” hackers

Members of Congress asked the U.S. Justice Department to investigate how foreign hackers breached a water authority near Pittsburgh, prompting CISA to warn other water and sewage-treatment utilities that they may be vulnerable.

Office supply retail giant confirms security incident disrupted online orders, communications channels and customer service lines.

Noteworthy stories that might have slipped under the radar: Utilities in US and Europe targeted in attacks, aerospace hacks, and Killnet leader unmasked.

New Turtle macOS ransomware is not sophisticated but shows that cybercriminals continue to target Apple devices.

The US has announced sanctions against North Korean cyberespionage group Kimsuky over its intelligence gathering activities. 

Researchers found that a ‘silly’ attack method could have been used to trick ChatGPT into handing over training data.

Apple’s security response team warns that flaws CVE-2023-42916 and CVE-2023-42917 were already exploited against versions of iOS before iOS 16.7.1.

Zyxel patches at least 15 security flaws that expose users to authentication bypass, command injection and denial-of-service attacks.

Meta removed three foreign influence operations from the Facebook platform during Q3, 2023. Two were Chinese in origin, and one was Russian, the company says. 

Qlik Sense vulnerabilities CVE-2023-41266, CVE-2023-41265 and CVE-2023-48365 exploited for initial access in Cactus ransomware attacks. 

The Black Basta ransomware group has infected over 300 victims and received more than $100 million in ransom payments.

US Treasury sanctions Sinbad, saying the cryptocurrency mixer is laundering funds for North Korean hacking group Lazarus.

Palo Alto Networks has launched a new rugged firewall for industrial environments and announced several OT security improvements.

ZeroedIn says personal information of 2 million individuals was compromised in an August 2023 data breach that impacts customers such as Dollar Tree.

Cyber Av3ngers hackers Cyber Av3ngers hackers

The Municipal Water Authority of Aliquippa was just one of multiple organizations breached in the U.S. by Iran-linked “Cyber Av3ngers” hackers

Unitronics PLC hacked Unitronics PLC hacked

Members of Congress asked the U.S. Justice Department to investigate how foreign hackers breached a water authority near Pittsburgh, prompting CISA to warn other water and sewage-treatment utilities that they may be vulnerable.

North Korea Kimsuky sanctioned North Korea Kimsuky sanctioned

The US has announced sanctions against North Korean cyberespionage group Kimsuky over its intelligence gathering activities. 

Top Cybersecurity Headlines

The Municipal Water Authority of Aliquippa was just one of multiple organizations breached in the U.S. by Iran-linked “Cyber Av3ngers” hackers

Members of Congress asked the U.S. Justice Department to investigate how foreign hackers breached a water authority near Pittsburgh, prompting CISA to warn other…

Office supply retail giant confirms security incident disrupted online orders, communications channels and customer service lines.

Noteworthy stories that might have slipped under the radar: Utilities in US and Europe targeted in attacks, aerospace hacks, and Killnet leader unmasked.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.

Register

Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.

Watch Now

Upcoming Virtual Events

CISOs and risk management leaders must understand clearly the role of cyber insurance in a robust security program, ongoing changes to premiums and policy pricing, the errors that could deny coverage and how it all fits into global incident response planning.

Learn More
Cyber AI & Automation Summit

SecurityWeek’s inaugural Cyber AI & Automation Summit pushes the boundaries of security discussions by exploring the implications and applications of predictive AI, machine learning, and automation in modern cybersecurity programs.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place in 2023 as a virtual event. (June 13-14, 2023)

Learn More

As CISOs and corporate defenders grapple with the intricacies of securing sensitive data passing through multi-cloud deployments and APIs, the importance of frameworks, tools, controls and design models have surfaced to the front burner. (July 19, 2023)

Learn More

Vulnerabilities

Cybercrime

Report Reveals the Riskiest Web Domains to VisitWeb risk climbed to a record 6.2% of more than 27 million live domains evaluated for the 2010 Mapping the Mal Web report released today by McAfee. According to the report, the world’s most heavily trafficked web domain, .COM, is now the riskiest, with fifty-six percent of all risky sites discovered ending in .COM.

Smaller botnets are cheaper and easier to build out and operate, and criminals have already realized that large-scale botnets attract unwanted attention

Cloud Service SLA Survival Tips - What should you be asking your cloud provider?So you’ve decided to test the waters of cloud computing, but you have some concerns. You don’t know what you don’t know. Let’s start with a few tips you may want to consider when defining your SLA with the Cloud Provider.

Danish private equity firm Dansk Kapitalanlæg has acquired a 31 percent stake in Copenhagen based IT security company, Secunia.Secunia provides on vulnerability intelligence and vulnerability management tools to help companies secure applications and networks.

Worldwide revenue for mobile security client software grew 16% between the first and second quarter of 2010, according to Infonetics Research, a market research firm.Infonetics' Security Client Software report provides regional and worldwide market size, select market share, forecasts through 2014, and analysis for security client software for consumer and enterprise desktops/laptops, and for mobile security clients, including data protection clients for smartphones.Some excerpts from its updated 2010 report:

WhiteHat Security, a provider of website risk management solutions, unveiled its Threat Research Center (TRC) this week. The company has assembled a team of website security gurus to operate as an extension of an organization's information security team.

HP’s acquisition of ArcSight has been completed and ArcSight is now officially a subsidiary of HP. HP paid approximately $1.5 billion for the company, shelling out $43.50 per share in cash.

BAE Systems has named Paul Falkler to lead its Cyber Security Solutions business area. Falkler comes to BAE from SAIC, where he served as vice president of Strategic Development. At SAIC, he led the development of a portfolio of cyber security services while also overseeing cyber-related acquisitions.

Pennsylvania’s Chief Information Officer Brenda Orth will resign, effective October 31, according to an announcement made today.The commonwealth's chief technology officer, Tony Encinias, will serve as interim chief information officer while retaining his current position. Brenda Orth was appointed in January 2008. She previously served as chief technology officer for the commonwealth.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Aikido Security has raised €5 million (~$5.4 million) in seed funding for an all-in-one application security platform.

Cloud Security