Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Noise generated by the pixels on a screen can be leveraged to exfiltrate data from air-gapped computers in what is called a PIXHELL attack.

Microsoft has started introducing support for post-quantum algorithms in SymCrypt, its main cryptographic library.

Ivanti has released patches for multiple vulnerabilities in Endpoint Manager, Cloud Service Appliance, and Workspace Control.

Golf course management company KemperSports has disclosed a cyberattack and data breach impacting over 62,000 individuals. 

Google has released a Chrome 128 security update to resolve high-severity memory safety vulnerabilities.

Two dozen ICS Patch Tuesday advisories have been published by Siemens, Schneider Electric, CISA and ABB.

Patch Tuesday: Microsoft raises an alarm for in-the-wild exploitation of a critical flaw in Windows Update.

Patch Tuesday: Adobe releases patches for 28 security vulnerabilities and warned of code execution risks on Windows and macOS platforms.

Large language models (LLMs) are trained on vast amounts of data to learn patterns and recognize relationships in language usage. But they can’t discern fact from fiction.

The excessive use of remote access tools in OT environments can increase the attack surface, complicate identity management, and hinder visibility.

San Francisco secure cloud access startup gets backing from SYN Ventures, Zscaler, and Lightspeed Venture Partners.

People on the Move

Cloud networking firm Aviatrix has named John Qian as CISO.

CrowdStrike has appointed Kartik Shahani as vice president of India and SAARC.

Jill Popelka has been appointed CEO at Darktrace, after serving as COO for three months.

GitHub has appointed Alexis Wales as its new Chief Information Security Officer.

Cybersecurity and intelligence solutions provider Nightwing has appointed Christopher Jones as CTO and CDO.

More People On The Move
Windows Downgrade Attack Windows Downgrade Attack

Patch Tuesday: Microsoft raises an alarm for in-the-wild exploitation of a critical flaw in Windows Update.

AI Convention AI Convention

Signed on September 5, 2024, the AI Convention is a laudable intent but suffers from the usual exclusions and exemptions necessary to satisfy multiple nations.

New RAMBO Attack Allows Air-Gapped Data Theft via RAM Radio Signals

An academic researcher has devised a new method of exfiltrating data from air-gapped systems using radio signals from memory buses.

Top Cybersecurity Headlines

Kaspersky’s customers in the US are being acquired by cybersecurity firm Pango and will be offered UltraAV antimalware software.

Researchers and the TSA have different views on the impact of vulnerabilities in an airport security application that could allegedly allow the bypass of certain airport security systems.

A secretive Russian military unit, previously linked to assassinations and destabilization in Europe, is blamed for destructive wiper malware attacks in Ukraine.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from cybersecurity experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

Social media can be a useful tool for businesses, bringing substantial benefits to marketing and communications with customers and employees, when used properly. But as any IT security department knows, social networks such as Facebook, Twitter and LinkedIn pose a significant threat to users across the board as they blindly click links which often lead to spam, clickjacking attacks, or other malicious sites that could result in malware infection.

Considerations That can Help Enterprises Protect Themselves Against MalwareThus far 2011 has had the ignominious distinction of being the year of the breach, and modern malware has been one of the key transformative technologies that have enabled hackers to become far more intelligent and persistent in their attacks.

McAfee today said that it has appointed Jean-Claude Broido as president of McAfee Japan.Broido brings over 30 years of sales and marketing leadership experience in the US, Europe, Asia and Japan, most recently as senior vice president of International Sales at EMC’s Information Intelligence Group. Prior to EMC, Broido was executive vice president and general manager of EMEA for Documentum.

We’re not talking about plain old rules, but rather mandated rules as defined in a federally enacted legislation. As someone with a career in information security, my first answer is “yes, regulation is good for security.” Regulation helps make sure that people and companies are protecting the security of their systems, networks, and information, even minimally. If you are faced with regulatory compliance, you are faced with a legal issue. And, if you are not compliant, you are essentially breaking...

In 2009, Vivek Kundra was named as the country's first CIO and was charged with improving efficiency while also making government data more available to the public. Part of his plan was to transform federal IT management with a cloud-first policy and get away from wasteful spending on IT infrastructure. We’re slowly seeing a shift take place, and today an announcement was made on another set government IT assets moving to the cloud.

TRICARE Breach Potentially Puts 4.9 Million Individuals at RiskA massive data breach that could potentially affect 4.9 million individuals who received services from TRICARE, a provider of health care services to active and retired military personnel, was disclosed this week.

IT security talent is in high demand across government agencies and private companies, with a shortage of resources among the federal agencies that is creating a challenge in managing successful cybersecurity operations. Last year, the U.S. Cyber Command, which was scheduled to be “fully operational” by October 1st, missed its deadline, primarily due to the challenge of finding qualified personnel.

Juniper Networks today announced new enhancements to its Junos Pulse Mobile Security Suite, bringing new mobile device management and security controls, as well as an API to allow service providers and OEMs to integrate with the platform.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

SaaS applications are so easy to use, the decision, and the deployment, is sometimes undertaken by the business unit user with little reference to,...