Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Marriott agreed to pay $52 million and make changes to bolster its data security to resolve claims related to major data breaches that affected more than 300 million customers.

Palo Alto warns that attackers can access usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

A cyberattack continues to affect the largest regulated water and wastewater utility company in the US, renewing a focus on the importance of protecting critical infrastructure sites.

Google launches Global Signal Exchange (GSE), an initiative aimed at fostering the sharing of online fraud and scam intelligence.

CISA and the FBI have issued a warning on Iranian phishing attacks targeting national political organizations and campaigns.

New York anti-bot firm says new investment will drive adoption of AI techniques and expand into digital account protection and media security.

How simplifying complexity, enhancing visibility, and empowering analysis can address key challenges in modern cybersecurity operations and investigations.

Casio says a recent cyberattack has caused some system disruptions and it’s investigating whether a data breach has occurred. 

Online summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies.

CreditRiskMonitor says hackers may have accessed personal information of employees and independent contractors. 

The EU has set up a system for imposing sanctions against people accused of cyberattacks, information manipulation or acts of sabotage on behalf of Russia.

People on the Move

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn’s first Distinguised Security Engineer

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

Solana co-founder Stephen Akridge has been appointed the CEO of data protection firm Cyber Grant.

More People On The Move
Palo Alto Networks Palo Alto Networks

Palo Alto warns that attackers can access usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.

Microsoft AI Microsoft AI

Patch Tuesday: Redmond warns that attackers are rigging Microsoft Saved Console (MSC) files to execute remote code on targeted Windows systems. 

Qualcomm zero-day Qualcomm zero-day

Google and Amnesty have seen evidence that a Qualcomm chipset vulnerability tracked as CVE-2024-43047 may be exploited in the wild.

Top Cybersecurity Headlines

The largest U.S. water utility disconnects customer portal and suspends billing services following a cyberattack.

The perfctl malware has been targeting vulnerabilities and misconfigurations in millions of Linux systems, likely infecting thousands.

The China-linked group Salt Typhoon hacked AT&T and Verizon, possibly compromising wiretap systems, according to WSJ.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization’s data security and resilience.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

Apple has included a new – and admittedly interesting – security function in the upcoming version of Mac OS Mountain Lion (OS X 10.8). Called Gatekeeper, the function will restrict the installation of downloaded applications based on their source. Think of it as a step-up on Microsoft’s Authenticode. Yet, is it more control for the user, or more control over the user? Also, will it really prevent malicious applications from being installed?

Google has had a rough week so far, and it’s only Wednesday. The problems started last Friday, when the Wall Street Journal reported on the findings of Stanford researcher Jonathan Mayer, who discovered the search giant was circumventing Apple’s privacy settings in Safari. Days later, Microsoft accused Google of cheating protections on its own browser, but is Redmond crying wolf?

Total Malware Samples Surpassed 75 Million in 2011. Malicious Sites Nearly Double, while Mobile Malware Continues to Grow.McAfee today released its Threat Report for the Fourth Quarter of 2011 which indicated that while malware continues to be created at a wild pace, overall growth of PC-based malware actually declined during the quarter.McAfee also said that it has reached a new milestone in terms of total malware captured to-date which has now surpassed 75 million samples.

Securing Critical Infrastructure: Utilities Must Assess The Risks of Their Business Operations and Harden all Devices Attached to the NetworkSixty or seventy years ago when utility infrastructures were first built, they were not interconnected or accessed by third parties. The systems were so isolated, no one outside the organization—including potential attackers—knew what vulnerabilities existed.

In my previous column I touched on the point of implementing Web Application Firewalls (WAFs) as part of a measure to prevent clickjacking. I thought I would expand on the benefits of WAFs, and why they can make all the difference between a safe organization and one that’s been compromised. Many IT managers and CIOs still grapple with WAFs because they are expensive and a bear to maintain.

A threat to target the Internet’s root Domain Name System (DNS) servers and knock the Internet offline may be more difficult than the hackers think. Hackers reputedly associated with Anonymous made the threat to launch what they dubbed “Operation Global Blackout” March 31 in response to actions by Wall Street, the Stop Online Piracy Act (SOPA) and “irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs.”

Russia’s political season is heating up. Here in America, we have Super PACs, skewed election coverage, and scandals. As it turns out, Russia has some of that too -- perhaps politics and fighting among party lines is somewhat universal. The difference however, is that we’re not seeing the types of Internet-based activism in America that exists in Russia. Furthermore, when political powers enforce their might in America, it’s a bit more subtle.

Earlier this month, Trustwave had a change of heart and reversed a decision to issue subordinate certificates that allowed a private company the ability to impersonate virtually any domain on the Web. Those actions have led Mozilla to clarify its stance on the issue, and offer one final warning to any company seeking to offer the same business services that Trustwave walked away from.

Defendant Allegedly Sought to be Associated with an Armed Extremist Group, Believed He Would Take Part in al-Qaeda AttackOn Friday, the Department of Justice said that FBI agents had arrested a man for allegedly attempting to detonate a bomb in a planned suicide attack on the U.S. Capitol Building.

In college, I took a required Computer Science class called “Systems Principles”. My professor started the class by listing out the seven key components in a successful system/program development process:1. Requirements2. Specifications3. Design

The Federal Trade Commission and the Bureau of Consumer Protection were attacked by AntiSec Thursday and into Friday, in response to their support and participation in ACTA, the Anti-Counterfeiting Trade Agreement, and issues with Google’s recent privacy policy changes.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Application security and vulnerability management platform DefectDojo has raised $7 million in Series A funding.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.