Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

The US government’s CFPB sent an email with a simple directive: “Do NOT conduct CFPB work using mobile voice calls or text messages.”

Noteworthy stories that might have slipped under the radar: China’s Volt Typhoon hacked Singtel, GuLoader targets European industrial organizations, and US agency warns employees about phone use. 

Malwarebytes has acquired Sweden-based privacy-focused VPN provider AzireVPN to expand its product offerings.

ZDI discloses vulnerabilities in the infotainment system of multiple Mazda car models that could lead to code execution.

After the hacker IntelBroker leaked stolen source code, Nokia said the impact of the cybersecurity incident is limited.

A significant number of Nigerian cybercriminals have been sent to prison in recent months in the United States, and some of them received lengthy sentences.

Texas-based oilfield supplier Newpark Resources says a ransomware attack disrupted information systems and business applications.

HPE this week warned of two critical vulnerabilities in Aruba Networking access points that could lead to unauthenticated command injection.

CISA has added a Palo Alto Networks Expedition flaw tracked as CVE-2024-5910 to its Known Exploited Vulnerabilities Catalog.

North Korean cryptocurrency thieves caught targeting macOS with fake PDF applications, backdoors and new persistence tactics.

Essential steps such as security awareness training, MFA, and Zero Trust identity management help organizations reduce the human element and stay ahead in the cybersecurity curve.

People on the Move

Jared Bartel has been named CISO at Idaho State University.

Automated phishing protection and scam prevention company Bolster has appointed Rod Schultz as CEO.

Bugcrowd has appointed Trey Ford as CISO for the Americas.

Tim McKnight has joined UnitedHealth Group as CISO following the Change Healthcare ransomware attack.

Zach Furness has joined MITRE as CISO.

More People On The Move
Palo Alto Networks Palo Alto Networks

CISA has added a Palo Alto Networks Expedition flaw tracked as CVE-2024-5910 to its Known Exploited Vulnerabilities Catalog.

North Korea North Korea

North Korean cryptocurrency thieves caught targeting macOS with fake PDF applications, backdoors and new persistence tactics.

PLCHound finds internet-exposed PLC and ICS PLCHound finds internet-exposed PLC and ICS

Georgia Tech researchers have developed PLCHound, an algorithm that uses AI to improve the identification of internet-exposed ICS.

Top Cybersecurity Headlines

Google warns of the limited, targeted exploitation of two vulnerabilities resolved with the latest Android security update.

Siemens and Rockwell Automation are taking steps to improve cybersecurity in industrial organizations, but getting customers to install security systems and upgrade ICS can still be challenging. 

British EDR vendor Sophos details a years-long “cat-and-mouse” tussle with sophisticated Chinese government-backed hackers.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization’s data security and resilience.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

The IT world is quickly embracing Big Data. Huge data stores are the next big step in analyzing the massive amounts of data being collected in the name of analytics. For example, startups are using these systems to analyze trillions of DNA strips to gain an understanding of our genealogy. Well-established companies are adopting the technology to map and time transportation systems across the world to make our traveling cheaper and easier.

Simurgh, a privacy tool used in Iran and Syria to bypass Internet censorship and governmental monitoring, is being circulated with a backdoor. The compromised version has been offered on P2P networks and via web searches. Research conducted by CitizenLab.org has shown that malicious version isn’t available form the original software source, only through third-party access, so it appears that Simurgh has been repackaged.

McAfee Finds Nearly One in Every Six PC's Have Zero ProtectionAccording to a global study by McAfee, Intel’s security operation, one-in-six computers globally are running without any sort of cyber threat protection. The study ranks systems that were either running with no anti-virus, or those with anti-virus applications that were disabled.

Wave Systems has signed a 15-year software license and distribution agreement with Samsung, enabling Samsung to bundle Wave’s EMBASSY Security Center (ESC) and TCG Software Stack (TSS) technology with devices that include a Trusted Platform Module (TPM), an industry standard security chip embedded in the motherboard of a computer or other electronic device.

Continuing the series of protests conducted in an effort to support students in Quebec, where Anonymous targeted 13 government and police websites, the associative group has stated that they will wreck the FIA as they turn their sights on Formula 1’s Montreal Grand Prix.

Hacker Faces Charges After Hacking Point-of-Sale Systems at More Than 150 Subway RestaurantsLast year, four Romanian nationals were charged for their role in an alleged scheme to hack point-of-sale (POS) systems and compromise credit and debit card transaction data. On Tuesday, one of the four men was finally extradited to the U.S. so that he could appear before a judge.

Metasploit is a powerful and popular tool for penetration testers and security experts. However, it’s also a goldmine for the darker side of the hacking community. Recently, Rapid 7 published a list of most popular Metasploit modules, offering an interesting look at the vulnerabilities that earned the most attention last month.

Access control vendor Centrify announced the availability today of a new product for to help manage mobile devices.Leveraging the new Centrify Cloud Service, Centrify DirectControl for Mobile is meant to address concerns related to the bring-your-own-device approach. The technology allows organizations to manage smartphones and tablets, including Apple iPads and Google Android devices, using existing Active Directory infrastructure, skill sets and processes.

Security Information and Event Management (SIEM) solutions have been put under the microscope and are often criticized by some in the industry as being outdated and “reactive” security solutions that don’t always help organizations defend against cyber attacks, but rather help respond after a damaging attack. While SIEM solutions may be taking some heat, they still play an important role in an organization’s overall security strategy, and new research from McAfee shows that SIEM is still top of mind for...

Some Say China Falsely Accused Over Backdoor Discovered on FPGA Chip Used by U.S. MilitaryOver the holiday weekend, news that Cambridge University researchers discovered a backdoor on a field-programmable gate array (FPGA) chip used by the U.S military spread like wildfire, but there are some doubts that the story is worth the hype.

On Friday, the University of Nebraska said it was investigating a cyber attack that resulted in a security breach of an information system that houses sensitive data on students and alumni dating back to 1985.The breach hit the Nebraska Student Information System (NeSIS), the electronic database that contains personal records for students, alumni and applicants of the university’s four campuses.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Willfully ignoring important security issues to make our lives easier is, unfortunately, something that does happen in the security field. 

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.