CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Noteworthy stories that might have slipped under the radar: ENISA and NCSC release cybersecurity reports, abuse of Cloudflare services, FBI warns of gen-AI enabling fraud. 

Data privacy solutions provider Ethyca has raised $10 million in a funding round led by Aspenwood Ventures and AVP.

SonicWall has released patches for multiple high-severity flaws in the SMA100 SSL-VPN secure access gateway.

Atrium Health has notified the HHS of a data breach impacting 585,000 individuals, and the incident may be related to online tracking.

Google has announced the open source availability of Vanir, a patch validation tool for Android platform developers.

WatchTowr has published proof-of-concept (PoC) code for an unpatched vulnerability in the Mitel MiCollab enterprise collaboration platform.

A California teen suspected of being a Scattered Spider member left a long trail of evidence and even used an FBI service to launder money.

A critical directory traversal vulnerability in the SailPoint IdentityIQ IAM platform exposes restricted files to attackers.

Japanese device maker confirms zero-day router exploitation and warn that full patches won’t be available for a few weeks.

SecurityWeek’s Cyber AI & Automation Summit took place on December 4th, as an online event.

The newly discovered DroidBot Android trojan targets 77 banks, cryptocurrency exchanges, and national organizations.

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

Video platform Vimeo has appointed Ryan Weeks as Chief Information Security Officer.

LPL Financial has welcomed Renana Friedlich as Chief Information Security Officer.

More People On The Move
China Telecom Hack China Telecom Hack

A top White House official said at least eight U.S. telecom firms and dozens of nations have been impacted by a Chinese hacking campaign.

Russian APT zero-day Russian APT zero-day

Russia’s Turla hackers hijacked 33 command servers operated by Pakistani hackers who had themselves breached Afghanistan and Indian targets.

Solana Web3 supply chain attack Solana Web3 supply chain attack

Supply chain attack leads to decentralized application developers downloading backdoored versions of the Solana Web3.js library.

Top Cybersecurity Headlines

McInerney’s path to becoming a hacker is subtly different to many other hackers. He started as a 22-year old psychology graduate rather than a computer-obsessed 9-year old kid.

The ‘Bootkitty’ prototype UEFI bootkit contains an exploit for LogoFAIL and was created in a South Korea university program.

Russian authorities have reportedly arrested Mikhail Matveev, who is wanted by the US for ransomware attacks against critical infrastructure.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack Demonstration to learn how hackers operate and gain knowledge to strengthen your defenses against deepfake and BEC fraud.

Register

Learn how to develop a holistic solution that provides you and your team the power to mitigate cyber threats effectively within your OT environment.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 2025, Stay Tuned]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

Huddle with your peers to measure the costs, benefits, and risks of deploying machine learning and predictive AI tools in the enterprise, the threat from adversarial AI and deepfakes, and preparation for the inevitable compliance and regulations. (December 4, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

Blue Coat Systems, a provider of Web security and WAN optimization solutions, on Monday said that its shareholders voted to approve the acquisition entered into in December 2011 between Blue Coat and an investor group led by private equity investment firm Thoma Bravo, LLC.

In response to the rapid adoption of virtualization technology by organizations from around the globe, Kaspersky Lab today announced a solution built from the ground-up to protect evolving corporate IT infrastructures from the ever-growing threat of malware.

Late Sunday reports emerged that Microsoft’s online store in India had been hacked, defaced and user information exposed including unencrypted passwords. It turns out these claims are true and while Microsoft isn’t saying much on the subject, they did comment on the issue.

Whistleblower site Cryptome has been hacked and infected by the Blackhole exploit kit.Just how the breach occurred has not been said. Cryptome co-founder John Young however told SecurityWeek that the site is in the process of cleaning everything up, and that process should be finished by the end of the day.“It appears every HTML page was infected so we are replacing all the pages to be sure,” he said.

In November 2011, the Steam gaming platform, in addition to user forums where gaming fans gather to discuss various gaming topics, said that intruders obtained access to its Steam database in addition to the defacing the forums.

ADT Business Solutions today announced the next generation of its Anti-Skim™ ATM Security solution to help protect banks and their customers from the rising threat of ATM skimming. ADT’s new anti-skimming technology offers multilayered security to help protect ATM customers from this blend of electronic crime and cyber-fraud.Installed inside the ATM, the company says the enhanced Anti-Skim ATM Security kit features technology that works on all major ATM makes and models.

There are Tons of Applications and Code out there that are not Overtly Malicious, yet do Spyware-like Things Without the user’s Knowledge and Reduce the Security Posture of the Client Machine. 

Google has passed the one-year mark for its Web bug bounty program, including the announcement that they have paid out more than $400,000 in rewards to researchers.Last week, Google took a nostalgic look back at the state of its bug bounty program, which was launched in November 2010. Since that time they’ve experienced some ups and downs, but the search giant remains positive about the state of things and looks forward to future growth.

One-hundred and eleven Mexican websites, some of them related to Mexico’s mining industry – others related to Mexico’s Senate and Ministry of Interior, Alabama’s state website, the UN, and even the CIA, were targeted this weekend by various supporters of Anonymous. The reasons for the attacks are as diverse as those who carried them out.

CANCUN, MEXICO -- Kaspersky Lab Cyber Conference 2012 – Kaspersky Lab, the Russian security software company co-founded in 1997 by Eugene Kaspersky revealed some of its 2011 financial details at its Cyber Conference that took place this week in Cancun, Mexico.

Microsoft is prepping nine security bulletins to patch 21 vulnerabilities next week as part of Patch Tuesday.This month’s update features fixes for Microsoft Windows, Office, Internet Explorer and .NET/Silverlight. Four of the bulletins are rated ‘Critical.’ In particular, these bulletins affect Windows, the .NET Framework, Silverlight and Internet Explorer. The remaining bulletins are all rated ‘Important.’

Trustwave captured the public’s attention over the weekend, when its policy regarding subordinate root certificates led to the discovery that one of its customers used them to monitor their employee’s SSL communications. Reacting to the public’s ire, Trustwave explained the incident on its company blog, and promised to end the practice moving forward.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Google has announced the open source availability of Vanir, a patch validation tool for Android platform developers.

Cloud Security

Cloud Security

Veeam releases patches for two vulnerabilities in Service Provider Console, including a critical-severity remote code execution bug.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.