Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Google’s adoption of memory safe programming languages now includes the deployment of Rust in legacy low-level firmware codebases.

Avis Car Rental is notifying roughly 300,000 individuals that their personal information was stolen in an August 2024 data breach.

A Kazakhstani and a Russian national were indicted in the US for operating dark web sites facilitating PII, card, and banking information trading.

An academic researcher has devised a new method of exfiltrating data from air-gapped systems using radio signals from memory buses.

A recently patched SonicWall vulnerability tracked as CVE-2024-40766 may have been exploited in ransomware attacks.

Recorded Future observes renewed Predator spyware activity on fresh infrastructure after a drop caused by US sanctions.

Kaspersky’s customers in the US are being acquired by cybersecurity firm Pango and will be offered UltraAV antimalware software.

The US government will remove “unnecessary degree requirements” in favor of skills-based hiring to help fill 500,000 open cybersecurity jobs.

SonicWall is warning customers that the recently patched critical vulnerability CVE-2024-40766 may be exploited in the wild.

Noteworthy stories that might have slipped under the radar: US Special Forces can hack buildings, X is hiring cybersecurity staff, and FTC warns of Bitcoin ATM scams. 

The latest Apache OFBiz update patches CVE-2024-45195, a bypass of a recently disclosed remote code execution bug exploited in attacks.

People on the Move

Jill Popelka has been appointed CEO at Darktrace, after serving as COO for three months.

GitHub has appointed Alexis Wales as its new Chief Information Security Officer.

Cybersecurity and intelligence solutions provider Nightwing has appointed Christopher Jones as CTO and CDO.

AI-automated software testing firm Code Intelligence has appointed Eric Bruggemann as CEO.

High Wire Networks has named Edward Vasko as CEO and Mark Dallmeier as CRO of its Overwatch division.

More People On The Move
Kaspersky software ban Kaspersky software ban

Kaspersky’s customers in the US are being acquired by cybersecurity firm Pango and will be offered UltraAV antimalware software.

CISA CISA

Researchers and the TSA have different views on the impact of vulnerabilities in an airport security application that could allegedly allow the bypass of certain airport security systems.

Russian Hackers Russian Hackers

A secretive Russian military unit, previously linked to assassinations and destabilization in Europe, is blamed for destructive wiper malware attacks in Ukraine.

Top Cybersecurity Headlines

The US has cracked down on an influence operation sponsored by the Russian government, announcing charges, sanctions and domain seizures.

Microsoft is experimenting with a major new security mitigation to block attacks targeting flaws in the Windows Common Log File System (CLFS).

Google has released Android security updates to patch an exploited local privilege escalation vulnerability.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from cybersecurity experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

Jared Wein, a Software Engineer at Mozilla, has come up with a rather clever security feature for Web browser plugins such as Flash – manual activation. The feature is currently only available in the nightly build of Firefox, but Wein expects it to be ready for Firefox 14.The manual activation is called “click-to-play” and once it is enabled, plugins will require an additional click – or manual activation – before rendering Web content. For example, videos on YouTube will require...

On Friday, security researcher David Emery reported the discovery of a problem within Mac OS X 10.7.3, which results in a user’s password being recorded to a log file in plain text.Emery explained that a debug switch in the current release of Lion was activated sometime before its release, resulting in the user’s legacy Filevault password being written to a log file in plain text. This log will remain on the system for several weeks, and anyone with read access...

Jericho Botnet Analysis: Infection, Persistence and Malicious FunctionsWe’ve talked a lot about modern malware as a concept, but I’d like to use this week’s column to call out one particular sample of malware that I’ve had my eye on for the last several weeks – a new banking botnet that has been referred to as the Jericho Botnet.

CVE-2012-0779 Used in Targeted Attacks Aimed At Manufacturers of Products Used by Defense IndustryOn Friday, Adobe issued a security bulletin to address a recently discovered critical vulnerability in its Flash Player, that according to reports, is being used in targeted attacks.

On Wednesday, a remote code execution vulnerability in PHP was accidentally exposed to the Web, prompting fears that it may be used to target vulnerable websites on a massive scale. The bug itself was traced back to 2004, and came to light during a recent CTF competition.The group that discovered the bug was waiting for a patch to be published before they released any information. However, on Wednesday details were leaked to Reddit prompting the group (Eindbazen) disclose what they...

During what can only be classified as a partial drive-by download attack, visitors to arriving at a compromised domain using an Android device may be subjected to malware that automatically downloads. However, unlike established drive-by attacks, the malware will require user permission to install.The attack was initially reported by a user on Reddit, and the malware family involved has been around since late 2011.

Microsoft is planning to release seven security bulletins – three of which are rated 'critical' – as part of this month's Patch Tuesday update.The fixes span a number of different products, with the critical bulletins covering issues in Microsoft Windows, Silverlight, Microsoft Office and the .NET Framework. All totaled, 23 security vulnerabilities are on tap to be patched.

The Vulnerability Discovery Team at Carnegie Mellon University’s Software Engineering Institute CERT Program has released two new software testing tools designed to help developers find vulnerabilities across major operating systems including Microsoft Windows, Mac OS X, and Linux.The new tools, all available for free, include CERT Failure Observation Engine and the CERT Linux Triage Tools, as well enhancements to its CERT Basic Fuzzing Framework tool.

There is a class of complex vulnerabilities that are difficult to test for, are exploited in clever, stealthy attacks and can cost enterprises millions of dollars in losses. Think zero-day bugs are being described? Think again.Business logic attacks are the topic of the description above, as well as a new whitepaper from Web application security vendor NT OBJECTives. In the report, the company details 10 of the most common business logic attack vectors and offers advice to developers on closing...

CISO Role Shifting From Technology-focused to Strategic Business Leadership Role A new study coming from IBM’s Center for Applied Insights looked to tap into the minds of Chief Information Security Officers (CISOs) in order to get their take on the challenges they currently face and their thoughts on what they expect to see in the near future.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

SaaS applications are so easy to use, the decision, and the deployment, is sometimes undertaken by the business unit user with little reference to,...

Cloud Security