Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

The bill was approved on a bipartisan basis, 273-147, though it will still have to clear the Senate to become law.

A state-sponsored threat actor has been exploiting a zero-day in Palo Alto Networks firewalls for the past two weeks.

Financial terms of the translation were not disclosed but reports out of Tel Aviv valued the deal in the range of $350 million.

Operational for at least ten years, RubyCarp has its own botnet, its own tools, and its own community of users that concentrate on cryptomining and credential phishing.

Noteworthy stories that might have slipped under the radar: Moscow sewage system hacked, a new women in cybersecurity report, PasteHub domain seized by law enforcement. 

Military planners envision a scenario in which hundreds, even thousands of AI-powered machines engage in coordinated battle.

Second identifier, CVE-2024-3272, assigned to unpatched D-Link NAS device vulnerabilities, just as exploitation attempts soar. 

Speaker Mike Johnson is expected to bring forward a Plan B that would reform and extend Section 702 of the Foreign Intelligence Surveillance Act for a shortened period of two years.

Palo Alto Networks warns of limited exploitation of a critical command injection vulnerability leading to code execution on firewalls.

Checkmarx warns of a new attack relying on GitHub search manipulation to deliver malicious code.

A critical vulnerability in multiple programming languages allows attackers to inject commands in Windows applications.

People on the Move

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

Certificate lifecycle management firm Sectigo has hired Jason Scott as its CISO.

The State of Vermont has appointed John Toney as the state’s new CISO.

The National Security Agency (NSA) appointed Dave Luber as its new cybersecurity director, after Rob Joyce retired from the agency on March 31.

Enterprise AI security firm TrojAI announced the appointment of Lee Weiner as CEO.

More People On The Move
Palo Alto Networks Palo Alto Networks

A state-sponsored threat actor has been exploiting a zero-day in Palo Alto Networks firewalls for the past two weeks.

Microsoft breach Microsoft breach

The US government says Midnight Blizzard’s compromise of Microsoft corporate email accounts “presents a grave and unacceptable risk to federal agencies.”

How AWS disrupts DDoS attacks and is tackling IP Spoofing at the source How AWS disrupts DDoS attacks and is tackling IP Spoofing at the source

SecurityWeek speaks to Tom Scholl, VP and distinguished engineer at AWS, on how the organization tackles IP Spoofing and DDoS attacks.

Top Cybersecurity Headlines

The bill was approved on a bipartisan basis, 273-147, though it will still have to clear the Senate to become law.

A state-sponsored threat actor has been exploiting a zero-day in Palo Alto Networks firewalls for the past two weeks.

Financial terms of the translation were not disclosed but reports out of Tel Aviv valued the deal in the range of $350 million.

Operational for at least ten years, RubyCarp has its own botnet, its own tools, and its own community of users that concentrate on cryptomining…

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s Threat Detection and Incident Response (TDIR) Summit dives into Threat hunting tools and frameworks, and explores the value of threat intelligence data in the defender’s security stack.

Learn More

Vulnerabilities

Cybercrime

According to recent statistics coming from Dasient, a firm that helps discover and combat Web-based malware, “malvertising,” a growing method used to distribute malware via advertising tags served through an unsuspecting publisher’s Web site, saw a significant spike in Q4 2010. Dasient estimated that in the last quarter of 2010 there was a 25% increase in malvertising [ad] impressions based on the same set of networks the company monitored in Q3.

Today, Symantec and the Ponemon Institute released the 2010 Annual Study: U.S. Cost of a Data Breach, showing the rising cost of data breaches over the last five years. The average organizational cost of a data breach increased to $7.2 million. The study also found that for the second straight year organizations' need to respond rapidly to data breaches drove the associated costs higher. The sixth annual Ponemon Cost of a Data Breach report is based on the actual data...

Rapid7 today announced upgrades to its Metasploit Pro penetration testing solution. The latest version (v3.6) adds an enhanced command-line feature set and detailed PCI reports with pass/fail information to provide users with a comprehensive view of compliance posture with PCI regulations.

Statistics show Trojan.Win32.Generic!BT Holding as Number One Detection for FebruaryGFI Software has announced the top 10 most prevalent malware threats for the month of February 2011 as detected by scans performed by its anti-malware solution, VIPRE Antivirus, and its antispyware tool, CounterSpy.

SaaS Providers -  A Roadmap of What NOT to do to Your Customers I’ve gone on and on about how cloud providers offer services as soon as said services are available. Security isn’t the priority. Feature set is driven by monetary momentum. Development dollars swirl around new features for new money. That’s just part of the joy of capitalism. Cloud providers, this one is for you. I present to you a list of “What Not to Do to Your Customers.”

Google has acquired Zynamics, a small company based in Germany that provides software analysis tools to help with malware analysis using reverse engineering. Though an official announcement has not been made, Google did acknowledge the acquisition. "We’re delighted to have the zynamics team aboard and hope their tools and skills in fighting malware will help us better protect Google’s users," a Google spokesperson told SecurityWeek this afternoon.

How has the economy impacted compliance and ethics in the last few years? And what’s in store for 2011? According to an annual survey conducted by the Society of Corporate Compliance and Ethics (SCCE) and the Health Care Compliance Association (HCCA), despite the hurting economy, a greater number of compliance professionals report an increase in compliance staff and budgets along with greater of job security in 2010.

Guardian Analytics, a Los Altos, California based provider of fraud prevention solutions, today announced that it has raised $11 million in Series D funding. As part of the round, Split Rock Partners joins existing investors including Foundation Capital and Sutter Hill Ventures which made additional investments as part of the round.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Cloud Security

Cloud Security

Financial terms of the translation were not disclosed but reports out of Tel Aviv valued the deal in the range of $350 million.