Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Cisco Duo warns that breach exposed phone numbers, phone carriers, metadata and other logs that could lead to downstream social engineering attacks.

NightVision, an early stage startup in the application security testing space, has raised $5.4 million in seed funding.

The Dark Angels (Dunghill) ransomware group claims to have stolen 1 Tb of data from Nexperia, which is investigating the incident.

Juniper Networks patches dozens of vulnerabilities in Junos OS, Junos OS Evolved, and other products.

ICS malware Fuxnet allegedly used by Ukrainian Blackjack group to disrupt industrial sensors and other systems belonging to a Moscow infrastructure firm.

Authorities in Australia and the US have arrested and charged two individuals for developing and selling the Hive RAT.

Former security engineer Shakeeb Ahmed was sentenced to prison for hacking and defrauding cryptocurrency exchanges.

Palo Alto Networks has started releasing hotfixes for the firewall zero-day CVE-2024-3400, which some have linked to North Korea’s Lazarus. 

The bill was approved on a bipartisan basis, 273-147, though it will still have to clear the Senate to become law.

A state-sponsored threat actor has been exploiting a zero-day in Palo Alto Networks firewalls for the past two weeks.

Financial terms of the translation were not disclosed but reports out of Tel Aviv valued the deal in the range of $350 million.

People on the Move

Professional services company Slalom has appointed Christopher Burger as its first CISO.

Allied Universal announced that Deanna Steele has joined the company as CIO for North America.

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

Certificate lifecycle management firm Sectigo has hired Jason Scott as its CISO.

The State of Vermont has appointed John Toney as the state’s new CISO.

More People On The Move
Palo Alto Networks Palo Alto Networks

Palo Alto Networks has started releasing hotfixes for the firewall zero-day CVE-2024-3400, which some have linked to North Korea’s Lazarus. 

Microsoft breach Microsoft breach

The US government says Midnight Blizzard’s compromise of Microsoft corporate email accounts “presents a grave and unacceptable risk to federal agencies.”

How AWS disrupts DDoS attacks and is tackling IP Spoofing at the source How AWS disrupts DDoS attacks and is tackling IP Spoofing at the source

SecurityWeek speaks to Tom Scholl, VP and distinguished engineer at AWS, on how the organization tackles IP Spoofing and DDoS attacks.

Top Cybersecurity Headlines

Cisco Duo warns that breach exposed phone numbers, phone carriers, metadata and other logs that could lead to downstream social engineering attacks.

NightVision, an early stage startup in the application security testing space, has raised $5.4 million in seed funding.

The Dark Angels (Dunghill) ransomware group claims to have stolen 1 Tb of data from Nexperia, which is investigating the incident.

Juniper Networks patches dozens of vulnerabilities in Junos OS, Junos OS Evolved, and other products.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit dives into Threat hunting tools and frameworks, and explores the value of threat intelligence data in the defender’s security stack.

Learn More

Vulnerabilities

Cybercrime

Sovereign Bank said that fraudsters have been targeting its brand via automated phone calls coming from unauthorized parties claiming to be calling from Sovereign Bank. The bank said it is investigating reports that some customers as well as non-customers have randomly received fraudulent phone calls asking for financial information related to their debit cards.

Social media can be a useful tool in promoting a company name. Used properly, the potential for marketing and increasing business is substantial. But, what about employee access to social media sites? Every day, employees on their breaks or during working hours use social media sites like Facebook, Twitter, MySpace, ICQ, wikis and photo-and video-sharing services. These are among the Internet’s fastest growing sites – perhaps more popular than personal email.

Earlier this week, several news outlets reported that the 20-year-old son of Kaspersky Lab CEO, Eugene Kaspersky, had gone missing, with kidnappers reportedly demanding €3m (about US$4.4) for his release. Russian news outlets incorrectly reported on Friday that the younger Kaspersky was returned after a ransom was paid. It turns out that Ivan Kaspersky has been, in fact, been returned safely, but according to an official statement from Kaspersky, no ransom was paid.

Earlier this week, several news outlets reported that the 20-year-old son of Kaspersky Lab CEO, Eugene Kaspersky, had gone missing, with kidnappers said to be demanding €3m (about US$4.4) for his release.Today, several Russian news outlets are reporting that the kidnappers requested ransom had been paid and that his son, Ivan Kaspersky, has been returned safely.Eugene Kaspersky, who started Kaspersky Lab, was recently ranked high on Forbes' list of wealthiest people in Russia.

iOS and Android Continue to Dominate - Verizon iPhone Launch Pumps iPhone Enterprise Adoption Rate in Q1 2011A report out today coming from Good Technology, a provider of secure and managed enterprise mobility solutions, revealed that the trend of personal smartphones infiltrating the workplace, sometimes referred to as “consumerization”, continues to be led by both Apple's iOS and Google's Android smartphone platforms.

We all have compliance issues. Compliance with HIPAA. Compliance with HITECH. Compliance with PCI. These are all well-defined regulations and standards that we should be able to understand quite easily. Compliance is easy.Yeah, and I have a bridge I could sell you. Cheap.But, compliance is not really hard per se. It is, however, tedious, time-consuming, and expensive. There are plenty ways to describe compliance efforts. But what does compliance really require?

While mobile devices aren't yet direct targets for enterprise attacks, they are at least conduits, able to siphon vast amounts of data nonetheless, according to the 2011 Verizon Data Breach Investigation Report. Mobile devices used to commit data breaches increased significantly in cases closed in 2010. Leading the way were compromised POS terminals, pay-at-the-pump terminals, and ATMs.

Chicago based Trustwave Holdings, a provider of security and compliance solutions, is hoping to raise as much as $100 million in an IPO, according to a filing with the SEC yesterday. The prospectus provides a detailed look at the company’s finances and operations.

A Michigan woman pleaded guilty today to selling counterfeit computer software which reportedly earned her over $400,000. Jacinda Jones, 31, of Ypsilanti, Michigan pleaded guilty to one count of willful copyright infringement before a judge in Detroit. According to court documents, between July 2008 and January 2010, Jones sold more than 7,000 copies of pirated business software at discounted prices through the website cheapdl(dot)com. The software, published by several companies including Microsoft, Adobe, Intuit and Symantec had a retail value...

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Cloud Security

Cloud Security

Financial terms of the translation were not disclosed but reports out of Tel Aviv valued the deal in the range of $350 million.