Watch on Demand: Attack Surface Management Summit | All Sessions Now Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Sessions from SecurityWeek’s 2024 Attack Surface Management are now available to watch on demand.

CISA has laid out the FOCAL plan, which aligns the collective operational defense capabilities across federal agencies.

Iranian hackers sought to interest President Joe Biden’s campaign in information stolen from rival Donald Trump’s campaign.

Serial entrepreneur Sinan Eren is back with Opnova, a startup working on automating security workflows with limited human supervision.

CISA is warning organizations that two Oracle vulnerabilities tracked as CVE-2022-21445 and CVE-2020-14644 are being exploited in the wild. 

Attack simulation firm has raised $45 million in growth funding, bringing the total amount raised to $80 million.

Atlassian’s September 2024 monthly security bulletin details multiple high-severity vulnerabilities in four products.

Microsoft has observed the threat actor Vanilla Tempest targeting US healthcare organizations with INC ransomware.

The Port of Seattle, which owns and runs the airport, has decided not to pay, the official said.

Threats have become more complex as the threat surface has expanded and it is now about the evolution of protecting a business and its ecosystem.

The US government has announced the disruption of Raptor Train, a Flax Typhoon botnet powered by hacked consumer devices.

People on the Move

Bob Turner has been named CISO at Penn State University.

V2X has appointed Christopher Carter as CISO.

Andrew McLaughlin has been appointed Chief Operating Officer at SandboxAQ.

Credential management firm Axiad has appointed Brian Szeto as CFO and Lynne Boyd as VP of sales.

Secure infrastructure access firm Teleport has named a new CRO and CMO.

More People On The Move
Raptor Train botnet takedown Raptor Train botnet takedown

The US government has announced the disruption of Raptor Train, a Flax Typhoon botnet powered by hacked consumer devices.

How did Pagers explode in Lebanon? How did Pagers explode in Lebanon?

Between 3 to 5 grams of a highly explosive material were concealed inside pagers prior to their delivery to Hezbollah, and then remotely triggered simultaneously.

Deepfake AI Threat Deepfake AI Threat

When it comes to adversarial use of AI, the real question is whether the AI threat is a deep fake, or whether the deepfake is the AI threat.

Top Cybersecurity Headlines

Two recently patched Progress Software WhatsUp Gold vulnerabilities may have been exploited in the wild, possibly in ransomware attacks.

Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.

Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe. 

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization’s data security and resilience.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

The Waledec botnet, which was taken down in 2010 by Microsoft, was responsible for more spam delivery than any other botnet in its class with a reach of about 1.5 billion emails a day. Earlier this month, researchers at Palo Alto Networks discovered a third variant of the botnet, and it was serving up more than just spam.According to Palo Alto Networks, this new version “includes the ability to sniff user credentials for FTP, POP3, SMTP, and steal .dat files...

CloudCracker, a new service from security researcher Moxie Marlinspike, which expands on the platform developed for WPACracker, offers penetration testers and network auditors a way to run hundreds of millions of words against a given password to test its strength.

Microsoft released fixes for 21 security vulnerabilities as part of this month’s Patch Tuesday.The vulnerabilities are covered in nine separate bulletins, including four that are rated ‘Critical.’ The most serious of the updates is MS12-010, opined Jim Walter, manager of the McAfee Threat Intelligence Service at McAfee Labs. Aimed at Internet Explorer, the update fixes four privately reported vulnerabilities.

If you are part of a security team that spends time carefully piecing together and reviewing corporate IT security policies, this may hurt your feelings: According to a new survey jointly commissioned by Xerox and McAfee, more than half of workers don’t always follow or are unaware of their company’s security policies.

Symantec today shared some details on Symantec Control Compliance Suite 11, the next generation of its enterprise-class IT governance, risk and compliance (GRC) solution. The upcoming release features a new Control Compliance Suite Risk Manager module which enables security and risk management teams to better understand and communicate risks to the business environment from their IT infrastructure.

Reports of yet another significant incident of international corporate espionage surfaced this morning, with the Wall Street Journal reporting that for nearly a decade, hackers had widespread access to the corporate computer network of former telecom giant Nortel Networks Ltd.According to the Wall Street Journal, using just seven passwords taken from Nortel executives, including that of their CEO, the hackers penetrated Nortel's systems at least as far back as 2000. 

Blue Coat Systems, a provider of Web security and WAN optimization solutions, on Monday said that its shareholders voted to approve the acquisition entered into in December 2011 between Blue Coat and an investor group led by private equity investment firm Thoma Bravo, LLC.

In response to the rapid adoption of virtualization technology by organizations from around the globe, Kaspersky Lab today announced a solution built from the ground-up to protect evolving corporate IT infrastructures from the ever-growing threat of malware.

Late Sunday reports emerged that Microsoft’s online store in India had been hacked, defaced and user information exposed including unencrypted passwords. It turns out these claims are true and while Microsoft isn’t saying much on the subject, they did comment on the issue.

Whistleblower site Cryptome has been hacked and infected by the Blackhole exploit kit.Just how the breach occurred has not been said. Cryptome co-founder John Young however told SecurityWeek that the site is in the process of cleaning everything up, and that process should be finished by the end of the day.“It appears every HTML page was infected so we are replacing all the pages to be sure,” he said.

In November 2011, the Steam gaming platform, in addition to user forums where gaming fans gather to discuss various gaming topics, said that intruders obtained access to its Steam database in addition to the defacing the forums.

ADT Business Solutions today announced the next generation of its Anti-Skim™ ATM Security solution to help protect banks and their customers from the rising threat of ATM skimming. ADT’s new anti-skimming technology offers multilayered security to help protect ATM customers from this blend of electronic crime and cyber-fraud.Installed inside the ATM, the company says the enhanced Anti-Skim ATM Security kit features technology that works on all major ATM makes and models.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

RunSafe Security has raised $12 million in a Series B funding round for a solution designed to help companies develop secure software.

Cloud Security