Watch on Demand: Attack Surface Management Summit | All Sessions Now Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Sessions from SecurityWeek’s 2024 Attack Surface Management are now available to watch on demand.

CISA has laid out the FOCAL plan, which aligns the collective operational defense capabilities across federal agencies.

Iranian hackers sought to interest President Joe Biden’s campaign in information stolen from rival Donald Trump’s campaign.

Serial entrepreneur Sinan Eren is back with Opnova, a startup working on automating security workflows with limited human supervision.

CISA is warning organizations that two Oracle vulnerabilities tracked as CVE-2022-21445 and CVE-2020-14644 are being exploited in the wild. 

Attack simulation firm has raised $45 million in growth funding, bringing the total amount raised to $80 million.

Atlassian’s September 2024 monthly security bulletin details multiple high-severity vulnerabilities in four products.

Microsoft has observed the threat actor Vanilla Tempest targeting US healthcare organizations with INC ransomware.

The Port of Seattle, which owns and runs the airport, has decided not to pay, the official said.

Threats have become more complex as the threat surface has expanded and it is now about the evolution of protecting a business and its ecosystem.

The US government has announced the disruption of Raptor Train, a Flax Typhoon botnet powered by hacked consumer devices.

People on the Move

Bob Turner has been named CISO at Penn State University.

V2X has appointed Christopher Carter as CISO.

Andrew McLaughlin has been appointed Chief Operating Officer at SandboxAQ.

Credential management firm Axiad has appointed Brian Szeto as CFO and Lynne Boyd as VP of sales.

Secure infrastructure access firm Teleport has named a new CRO and CMO.

More People On The Move
Raptor Train botnet takedown Raptor Train botnet takedown

The US government has announced the disruption of Raptor Train, a Flax Typhoon botnet powered by hacked consumer devices.

How did Pagers explode in Lebanon? How did Pagers explode in Lebanon?

Between 3 to 5 grams of a highly explosive material were concealed inside pagers prior to their delivery to Hezbollah, and then remotely triggered simultaneously.

Deepfake AI Threat Deepfake AI Threat

When it comes to adversarial use of AI, the real question is whether the AI threat is a deep fake, or whether the deepfake is the AI threat.

Top Cybersecurity Headlines

Two recently patched Progress Software WhatsUp Gold vulnerabilities may have been exploited in the wild, possibly in ransomware attacks.

Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.

Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe. 

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization’s data security and resilience.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

Russia’s political season is heating up. Here in America, we have Super PACs, skewed election coverage, and scandals. As it turns out, Russia has some of that too -- perhaps politics and fighting among party lines is somewhat universal. The difference however, is that we’re not seeing the types of Internet-based activism in America that exists in Russia. Furthermore, when political powers enforce their might in America, it’s a bit more subtle.

Earlier this month, Trustwave had a change of heart and reversed a decision to issue subordinate certificates that allowed a private company the ability to impersonate virtually any domain on the Web. Those actions have led Mozilla to clarify its stance on the issue, and offer one final warning to any company seeking to offer the same business services that Trustwave walked away from.

Defendant Allegedly Sought to be Associated with an Armed Extremist Group, Believed He Would Take Part in al-Qaeda AttackOn Friday, the Department of Justice said that FBI agents had arrested a man for allegedly attempting to detonate a bomb in a planned suicide attack on the U.S. Capitol Building.

In college, I took a required Computer Science class called “Systems Principles”. My professor started the class by listing out the seven key components in a successful system/program development process:1. Requirements2. Specifications3. Design

The Federal Trade Commission and the Bureau of Consumer Protection were attacked by AntiSec Thursday and into Friday, in response to their support and participation in ACTA, the Anti-Counterfeiting Trade Agreement, and issues with Google’s recent privacy policy changes.

Researchers at Panda Security have uncovered a botnet that not only swipes financial information, but also goes after rival malware.PandaLabs, the company’s research arm, recently detected a new bot called Ainslot.L targeting Windows machines. The malware’s primary job is to log user activities, download additional malware to take control of the system and steal log-in information related to online banking sites. But as a side bonus, the malware goes on a seek-and-destroy mission targeting other bots, including Zeus and DarkComet.

Trend Micro today announced that is has open sourced the code to its popular free security tool, HijackThis. The tool scans systems to find settings that may have been modified by spyware, malware or other programs that have wiggled their way onto a system and caused problems.

Researchers at Symantec have uncovered a fake app store for Google Android that is hosting malware designed to bilk users out of big bucks.According to Symantec, mobile malware scammers have created the fake market to host various applications that are actually Trojans used for SMS fraud.

In response to the increase in attacks on industrial control systems that power utilities, industries and critical infrastructure systems, Norway-based Norman ASA is launching a product designed to protect SCADA (supervisory control and data acquisition) systems against cyber attacks from malware such as trojans, worms and viruses—ones like stuxnet.

FishNet Security today launched a new cloud-based threat monitoring and response service aimed at helping businesses log information security events across multiple sources, reduce data leakage, and proactively respond to emerging threats and meet regulatory requirements.

Both the BATS and NASDAQ exchanges were under constant assault early this week, thanks to a flood of packets sent their way by an unknown group or person. These recent attacks are just the latest in a string of attacks that have hit the UN, CIA, and others.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

RunSafe Security has raised $12 million in a Series B funding round for a solution designed to help companies develop secure software.

Cloud Security