Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Marriott agreed to pay $52 million and make changes to bolster its data security to resolve claims related to major data breaches that affected more than 300 million customers.

Palo Alto warns that attackers can access usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

A cyberattack continues to affect the largest regulated water and wastewater utility company in the US, renewing a focus on the importance of protecting critical infrastructure sites.

Google launches Global Signal Exchange (GSE), an initiative aimed at fostering the sharing of online fraud and scam intelligence.

CISA and the FBI have issued a warning on Iranian phishing attacks targeting national political organizations and campaigns.

New York anti-bot firm says new investment will drive adoption of AI techniques and expand into digital account protection and media security.

How simplifying complexity, enhancing visibility, and empowering analysis can address key challenges in modern cybersecurity operations and investigations.

Casio says a recent cyberattack has caused some system disruptions and it’s investigating whether a data breach has occurred. 

Online summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies.

CreditRiskMonitor says hackers may have accessed personal information of employees and independent contractors. 

The EU has set up a system for imposing sanctions against people accused of cyberattacks, information manipulation or acts of sabotage on behalf of Russia.

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn’s first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

Solana co-founder Stephen Akridge has been appointed the CEO of data protection firm Cyber Grant.

More People On The Move
Palo Alto Networks Palo Alto Networks

Palo Alto warns that attackers can access usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

Microsoft AI Microsoft AI

Patch Tuesday: Redmond warns that attackers are rigging Microsoft Saved Console (MSC) files to execute remote code on targeted Windows systems. 

Qualcomm zero-day Qualcomm zero-day

Google and Amnesty have seen evidence that a Qualcomm chipset vulnerability tracked as CVE-2024-43047 may be exploited in the wild.

Top Cybersecurity Headlines

The largest U.S. water utility disconnects customer portal and suspends billing services following a cyberattack.

The perfctl malware has been targeting vulnerabilities and misconfigurations in millions of Linux systems, likely infecting thousands.

The China-linked group Salt Typhoon hacked AT&T and Verizon, possibly compromising wiretap systems, according to WSJ.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization’s data security and resilience.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

Shawn Henry, the executive assistant director of the FBI’s Criminal, Cyber, Response, and Services Branch, told the Wall Street Journal that the government and private sector is outgunned, when it comes to the defending data and networks from cyber criminals.Henry told the Journal that he didn’t see anyway to come out of the current situation ahead, unless companies were willing to make major changes to their consistently vulnerable networks. 

Starting in May, eCommerce merchants will have a new tool at their disposal to help fight fraud in online transactions in real time, thanks to a new offering from MasterCard. The company today introduced “Expert Monitoring Fraud Scoring for Merchants,” a new that tool enhances merchants’ insight into card behavior beyond a website or a cardholder’s shopping cart.

In 2008, the Taidoor Trojan made its first appearance on the Web. It started by attacking government agencies, but the group behind it expanded their reach by targeting a wide range of victims. Now, based on research from Symantec, it appears that the group running Taidoor is interested in think tanks, especially those that are focused on Taiwan.

Web Application Firewalls: What Approach Should You Take To Evaluate WAF Solutions? In my previous column, I focused on various features you should check out when choosing a Web application firewall. Together, these features help improve the accuracy of a WAF.

While the Chinese-owned network vendor Huawei moves to soften its image in Australia, reports say that concerns over the company’s government ties led it to being banned from bidding on a contract to work on Australia’s National Broadband Network (NBN). As word of Australia’s block spread, lawmakers in New Zealand questioned the safety of their own network, and called for an investigation.

The Department of Energy (DOE), Department of Justice (DOJ), and the Department of Homeland Security (DHS) need to tighten procedures and controls when it comes to mitigating IT supply chain issues, a recently published GAO report says. The Department of Defense was the only agency to make any progress on the issue.

Wave Systems Gets U.S. Army Contract for Encryption Management for Vehicle-Based Mobile Computers Wave Systems, a Massachusetts-based provider of security, data protection, and encryption solutions, today announced that it has received a contract from the United States Army to provide labor, equipment and management to implement solutions for the Army's self-encrypting drives (SEDs).

Privacy advocates are largely giving the thumbs up to a report from the Federal Trade Commission (FTC) calling for Congress to enact privacy, data security and breach notification laws.The report, entitled “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations For Businesses and Policymakers,” also lays out best practices for businesses for protecting the privacy of American consumers. Building upon a report from December 2010, the updated report calls on corporations to enact the following recommendations:

Good Technology, a provider of mobile device security and management solutions for enterprises, today launched a secure browser for Android devices designed to provide secure access to enterprise resources via mobile devices.Dubbed Good Mobile Access (GMA) for Android, the Web browser is a feature of the company’s flagship Good for Enterprise offering, and enables secure mobile access to “behind-the-firewall applications”, company databases, resources and collaboration tools such as SharePoint data without needing a VPN connection.

They say history repeats itself, or perhaps this is the story of a community recovering from a catastrophe. Either way, the underground is returning to its former glory, and not just in how much business is being conducted – but how it is conducted. In 2006, the English-speaking part of the underground economy was a prosperous community, with several mega-bulletin boards competing for the business and the heart of fraudsters from all over the world.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Application security and vulnerability management platform DefectDojo has raised $7 million in Series A funding.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.