Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

The US government’s CFPB sent an email with a simple directive: “Do NOT conduct CFPB work using mobile voice calls or text messages.”

Noteworthy stories that might have slipped under the radar: China’s Volt Typhoon hacked Singtel, GuLoader targets European industrial organizations, and US agency warns employees about phone use. 

Malwarebytes has acquired Sweden-based privacy-focused VPN provider AzireVPN to expand its product offerings.

ZDI discloses vulnerabilities in the infotainment system of multiple Mazda car models that could lead to code execution.

After the hacker IntelBroker leaked stolen source code, Nokia said the impact of the cybersecurity incident is limited.

A significant number of Nigerian cybercriminals have been sent to prison in recent months in the United States, and some of them received lengthy sentences.

Texas-based oilfield supplier Newpark Resources says a ransomware attack disrupted information systems and business applications.

HPE this week warned of two critical vulnerabilities in Aruba Networking access points that could lead to unauthenticated command injection.

CISA has added a Palo Alto Networks Expedition flaw tracked as CVE-2024-5910 to its Known Exploited Vulnerabilities Catalog.

North Korean cryptocurrency thieves caught targeting macOS with fake PDF applications, backdoors and new persistence tactics.

Essential steps such as security awareness training, MFA, and Zero Trust identity management help organizations reduce the human element and stay ahead in the cybersecurity curve.

People on the Move

Jared Bartel has been named CISO at Idaho State University.

Automated phishing protection and scam prevention company Bolster has appointed Rod Schultz as CEO.

Bugcrowd has appointed Trey Ford as CISO for the Americas.

Tim McKnight has joined UnitedHealth Group as CISO following the Change Healthcare ransomware attack.

Zach Furness has joined MITRE as CISO.

More People On The Move
Palo Alto Networks Palo Alto Networks

CISA has added a Palo Alto Networks Expedition flaw tracked as CVE-2024-5910 to its Known Exploited Vulnerabilities Catalog.

North Korea North Korea

North Korean cryptocurrency thieves caught targeting macOS with fake PDF applications, backdoors and new persistence tactics.

PLCHound finds internet-exposed PLC and ICS PLCHound finds internet-exposed PLC and ICS

Georgia Tech researchers have developed PLCHound, an algorithm that uses AI to improve the identification of internet-exposed ICS.

Top Cybersecurity Headlines

Google warns of the limited, targeted exploitation of two vulnerabilities resolved with the latest Android security update.

Siemens and Rockwell Automation are taking steps to improve cybersecurity in industrial organizations, but getting customers to install security systems and upgrade ICS can still be challenging. 

British EDR vendor Sophos details a years-long “cat-and-mouse” tussle with sophisticated Chinese government-backed hackers.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization’s data security and resilience.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

Security researchers are reporting the emergence of another variant of the Flashback Trojan targeting Mac machines. According to Intego, the new variant continues to use a patched Java vulnerability to infect users. No password is required for it to install, and it places files in the victim’s home folder at the following concerns:• ~/Library/LaunchAgents/com.java.update.plist• ~/.jupdate

Network security vendor Fortinet today introduced a series of dedicated appliances designed to help organizations defend against DDoS attacks.Designed for enterprises, hosting providers, and cloud service providers, the new FortiDDoS family of appliances takes advantage of custom ASICs (custom chips designed for a particular use) that the company says are capable of mitigating DDoS attacks while maintaining latency less than 26 microseconds.

Nissan Motor Co. has come forward with news that malicious attackers had successfully breached its networks recently, but that the company believes the hackers did not get away with what they wanted.Andy Palmer, Executive Vice President of Nissan Motor Co., did say, however, that the hackers managed to plant malware inside the organization and likely got their hands on user IDs and hashed passwords in an incident that occurred on April 13, 2012.Palmer provided the following statement on the incident:

Vormetric, a provider of encryption and key management solutions, today introduced the latest version of its encryption solution which the company says can significantly reduce the cost and application impact associated with encrypting data across the enterprise.

Symantec announced this week that it is combining the VeriSign checkmark, which it inherited as a result of its acquisition of VeriSign’s Authentication Services business in 2010, with its Norton brand to create a single seal dubbed the “Norton Secured Seal.”

After celebrating the one-year mark for its Web bug bounty program back in February of this year, along with the announcement that, at the time, the search giant had paid out more than $400,000 in rewards to researchers, Google how has upped the ante in hopes that security researchers will further work to find and disclose more critical vulnerabilities on its systems in hopes of making the Google world more secure.

Mobile security firm, NQ Mobile, today announced that Gavin Kim has joined the company as Chief Product Officer. In the created newly position, Kim will lead the company’s product, solutions and strategic partnerships, providing new opportunities for customer and business growth in the United States and global markets.

According to new research from Bit9, 61% of IT security professionals are concerned about attacks from Anonymous or other hacktivists. The data comes from questions given to nearly 2,000 IT security experts in order to discover what keeps them awake at night.

Hackers Allegedly Compromised, Liquidated Brokerage Accounts in $1 Million Trading Account Hacking, Securities Fraud Scheme A Russian national living in New York has been charged with hacking into retail brokerage accounts and using his access to steal nearly a million dollars by executing sham trades.

After more than 20 years with the FBI, the nation’s top cyber cop has made a move to the private sector. Shawn Henry will join two former McAfee executives as President of CrowdStrike Services, a subsidiary of security startup CrowdStrike that will focus on helping organizations protect intellectual property and national security information.

In its latest operation dubbed "#OpBahrain", Anonymous supporters launched a series of DDoS attacks against web sites connected to the wildly popular Formula 1 Racing series. Included in the attacks were domains associated with the official F1 Web site, Formula1.com along with f1.com, both of which resolve to the IP address 195.219.144.30.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Willfully ignoring important security issues to make our lives easier is, unfortunately, something that does happen in the security field. 

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.