Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.

Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe. 

Noteworthy stories that might have slipped under the radar: a possible Adobe Reader zero-day, researchers mistakenly hijack .mobi TLD, and an exploited WhatsApp View Once bypass.

Apple has released a patch for Vision Pro after researchers showed how an attacker can obtain passwords typed by looking at keys.

The recently observed Hadooken malware targeting Oracle WebLogic applications is linked to multiple ransomware families.

A joint report from the Committees on China and Homeland Security warns of the security risks posed by Chinese cranes in US ports.

The designation of UK data centers as Critical National Infrastructure strengthens cyber defenses, but a proposed £3.75B data center on protected Green Belt land sparks debate.

A 17-year-old from England has been arrested by the NCA over the recent cyberattack on Transport for London.

Doctor Web warns of the new Vo1d Android malware infecting roughly 1.3 million TV boxes running older OS versions.

GitLab has released security updates to resolve multiple vulnerabilities in GitLab CE/EE, including a critical-severity pipeline execution flaw.

Fortinet has confirmed suffering a data breach impacting customers after a hacker leaked files allegedly stolen from the company.

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

Exabeam has appointed Kish Dill as Chief Customer Success Officer.

Cloud networking firm Aviatrix has named John Qian as CISO.

More People On The Move
iPhone security iPhone security

Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.

CrowdStrike Microsoft CrowdStrike Microsoft

Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe. 

UK data centers UK data centers

The designation of UK data centers as Critical National Infrastructure strengthens cyber defenses, but a proposed £3.75B data center on protected Green Belt land sparks debate.

Top Cybersecurity Headlines

Fortinet has confirmed suffering a data breach impacting customers after a hacker leaked files allegedly stolen from the company.

Financial services giant Mastercard is acquiring Recorded Future from private equity firm Insight Partners for $2.6 billion.

Hackers believed to be operating on behalf of the Iranian government have deployed malware to Iraqi government networks. 

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from cybersecurity experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

New York State Electric & Gas (NYSEG) and Rochester Gas and Electric (RG&E) today disclosed that they have suffered from a data breach, including unauthorized access to customer records which include customer names, Social Security numbers, dates of birth and, in some cases, financial institution account numbers.

The European Commission stated that on January 25, it will propose several changes to the data protection and privacy rules put into place over 15-years ago. The changes, the commission said, focus on reinforcing individuals’ rights, strengthening the EU market, and ensuring a high level of data protection.The proposed changes will streamline the existing policies and rules currently used by the 27 countries that make up the European Union. While there is plenty of overlap in the EU, there are...

The U.S. Air Force says it knows what caused an RQ-170 drone to crash in Iran, but will not release specific details. What’s certain, Air Force Chief of Staff General Norton Schwartz told Reuters, is that Iran had nothing to do with it.

Research In Motion Names Thorsten Heins as President & CEOBlackBerry maker Research In Motion on Sunday announced that it has named Thorsten Heins as President and Chief Executive Officer of the struggling mobile device maker.

On Thursday, Rapid7 announced that a new Metasploit module, designed to target the GE D20 PLC, was ready for use. The SCADA focused addition is part of Project Basecamp, which seeks to prove the flexibility of the Metasploit framework.

I am a millionaire. Actually, I’m a multi-millionaire. Or rather I could be if I helped the honorable Mr. Nagumba get his money out of Nigeria, or helped Barbara get her money out of Brazil, or picked up my unclaimed lottery winnings, or helped another half dozen people in the last month.

Anonymous Launches #OpMegaupload, Launches Massive DDoS Attacks Against Multiple Targets in Retaliation for Action Against Megaupload.ComThe Anonymous collective moved swiftly today, in response to actions taken by the Justice Department against operators of Megaupload.com, a wildly popular file sharing and online storage service.

Software-as-a-Service (SaaS) security and compliance solutions provider Qualys, this week launched an updated version of its FreeScan service aimed at helping small and medium businesses (SMBs) perform a scan on company web sites or publicly facing IP addresses, and letting them know where they may be at risk.

General Dynamics opened a new Cyber Intelligence and Solutions Center located in Annapolis Junction, Maryland today.The 28,000 square foot facility will house experts working cyber threat detection and mitigation solutions.

An Endpoint Protection Best Practices survey from Symantec, which was conducted last October by Applied Research, shows that organizations following best practices for protecting endpoints are doing a better job protecting critical assets and information. However, when those protections fail, it’s still a costly situation. In short, Symantec is proving that nothing is truly secure.

Klocwork, a company known for its Insight software that performs source code analysis on-the-fly, has released a new version of its flagship product that offers C/C++ developers the same tools that web application developers have been using for some time.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

SaaS applications are so easy to use, the decision, and the deployment, is sometimes undertaken by the business unit user with little reference to,...