Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.

Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe. 

Noteworthy stories that might have slipped under the radar: a possible Adobe Reader zero-day, researchers mistakenly hijack .mobi TLD, and an exploited WhatsApp View Once bypass.

Apple has released a patch for Vision Pro after researchers showed how an attacker can obtain passwords typed by looking at keys.

The recently observed Hadooken malware targeting Oracle WebLogic applications is linked to multiple ransomware families.

A joint report from the Committees on China and Homeland Security warns of the security risks posed by Chinese cranes in US ports.

The designation of UK data centers as Critical National Infrastructure strengthens cyber defenses, but a proposed £3.75B data center on protected Green Belt land sparks debate.

A 17-year-old from England has been arrested by the NCA over the recent cyberattack on Transport for London.

Doctor Web warns of the new Vo1d Android malware infecting roughly 1.3 million TV boxes running older OS versions.

GitLab has released security updates to resolve multiple vulnerabilities in GitLab CE/EE, including a critical-severity pipeline execution flaw.

Fortinet has confirmed suffering a data breach impacting customers after a hacker leaked files allegedly stolen from the company.

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

Exabeam has appointed Kish Dill as Chief Customer Success Officer.

Cloud networking firm Aviatrix has named John Qian as CISO.

More People On The Move
iPhone security iPhone security

Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.

CrowdStrike Microsoft CrowdStrike Microsoft

Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe. 

UK data centers UK data centers

The designation of UK data centers as Critical National Infrastructure strengthens cyber defenses, but a proposed £3.75B data center on protected Green Belt land sparks debate.

Top Cybersecurity Headlines

Fortinet has confirmed suffering a data breach impacting customers after a hacker leaked files allegedly stolen from the company.

Financial services giant Mastercard is acquiring Recorded Future from private equity firm Insight Partners for $2.6 billion.

Hackers believed to be operating on behalf of the Iranian government have deployed malware to Iraqi government networks. 

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from cybersecurity experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

Patch Tuesday has arrived with a bevy of patches from Microsoft starring alongside patches from Adobe Systems.On Microsoft’s end, the company issued five security bulletins to plug a total of 15 vulnerabilities. Details of the bulletins were inadvertently made public briefly last week. All of the bulletins are rated ‘Important’, and none carry an exploitability rating higher than ‘2.’

Starting in January 2012, ICANN -- whose role is to oversee the huge and complex interconnected network of unique identifiers that allow computers on the Internet to find one another, including the Domain Name System (DNS) -- will allow applications from any company, city or organization in the world to manage their own generic top-level domain (gTLD). This new gTLD program will enable an unprecedented level of competition, and potential innovation, in the domain name market. But will this expansion...

The European Network and Information Security Agency (ENISA), Europe’s cyber security agency, published a new report this week that focuses on App-Store Security. The report, “Appstore security: 5 lines of defence against malware,” was published in response to the increasing number of attacks targeting mobile devices via app-stores.

Symantec today announced Symantec Certificate Intelligence Center, a cloud-based service for enterprises with large numbers of certificates used for business authentication and data encryption on servers.The solution, powered by VeriSign, discovers, centralizes, and provides reports to help enable organizations to proactively manage certificates from any Certificate Authority (CA). For the first time, enterprises have total visibility and control over their certificates, enabling them to reduce risk, costs and operational inefficiencies.

If Patch Tuesday is a party, this would be the IT security version of pre-gaming.On Aug. 9, Microsoft accidentally released information on the five security updates it is planning to release tomorrow as part of this month’s Patch Tuesday. The information, which has since been taken down, represents a rare procedural slip-up in the company’s Patch process. Normally, Microsoft publishes an advanced notification the Thursday before Patch Tuesday – the second Tuesday of every month – and then posts no...

Oculis Labs, a developer of data privacy software that protects mobile and desktop computers from visual eavesdroppers, today announced a partnership agreement with In-Q-Tel (IQT), the not-for-profit, venture capital arm of the CIA. The company said In-Q-Tel’s relationship and investment would help it accelerate Oculis Labs’ success in both government and commercial markets.

GlobalSign Acknowledges Breach of Web Server - Investigation ContinuesGlobalSign, one of the longest established Certification Authorities (CA), acknowledged late Friday that it found evidence of a breach to a web server hosting its Web site.

Watching Anonymous in action is far better than most of the programming on television. Anonymous seems to be in a never-ending battle against the “evils” that surround mere mortals. Recent past battles have been waged against PayPal, Master Card, Visa and the Church of Scientology. Now Facebook appears to be squarely in Anonymous’ sights.

Microsoft has a relatively light Patch Tuesday planned for next week with no critical patches.According to the company’s pre-patch advisory, Microsoft plans to release five security updates rated ‘Important.’ The bulletins cover issues in Windows, Microsoft Office and Microsoft Server Software such as SharePoint Server and Office Groove Data Bridge Server.

Statistics show an increase in Android devices infected with crimeware that is actively communicating with multiple criminal C&C servers Google Android devices are being caught in a Web of botnet activity at an unprecedented rate, according to new research by security firm Damballa.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

SaaS applications are so easy to use, the decision, and the deployment, is sometimes undertaken by the business unit user with little reference to,...