Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Report finds most organizations have suffered financial impact of $500,000 or more from cyberattacks on cyber-physical systems over past year.

Noteworthy stories that might have slipped under the radar: students dox people with Meta’s Ray-Ban smart glasses, OT hunting guide for water systems, NVD backlog still significant. 

Google Cloud makes new confidential computing options generally available and expands attestation support.

Inside the collapse of IronNet: Some say the firm collapsed, in part, because it engaged in questionable business practices, produced subpar offerings, and could have been vulnerable to meddling by the Kremlin.

Roundup of the 37 cybersecurity-related merger and acquisition (M&A) deals announced in September 2024.

Pixel 9 comes with improved security hardening mitigations against common exploits on cellular basebands.

Russian authorities have arrested 96 individuals suspected of having ties to US-disrupted UAPS and Cryptex cryptocurrency exchanges.

According to a barebones Apple advisory, the new iOS 18.0.1 fixes two bugs that expose passwords and audio snippets to malicious hackers.

The coordinated action resulted in the seizure of more than 100 domains used for spear-phishing targets in the US, UK, and Europe.

CISO salaries are getting higher and experience counts. Average annual compensation for these cybersecurity leaders is more than $550K.

The hack of a police system that exposed contact details of all Dutch police officers was almost certainly carried out by hackers working for a foreign government, the justice minister said.

People on the Move

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

Solana co-founder Stephen Akridge has been appointed the CEO of data protection firm Cyber Grant.

Mario Duarte, formerly head of security at Snowflake, has joined Aembit as CISO.

Kevin Mandia has joined Expel’s board of directors and has been named chair of the board at SpecterOps.

More People On The Move
Fall of IronNet Fall of IronNet

Inside the collapse of IronNet: Some say the firm collapsed, in part, because it engaged in questionable business practices, produced subpar offerings, and could have been vulnerable to meddling by the Kremlin.

CISOs Salaries CISOs Salaries

CISO salaries are getting higher and experience counts. Average annual compensation for these cybersecurity leaders is more than $550K.

Rackspace Breach Rackspace Breach

A breach at Rackspace exposes the fragility of the software supply chain, triggering a blame game among vendors over an exploited zero-day.

Top Cybersecurity Headlines

Cloudflare recently mitigated another record-breaking DDoS attack, peaking at 3.8 Tbps and 2.14 billion Pps. 

Previously seized LockBit websites have been used to announce more arrests, charges and infrastructure disruptions.

That dream of a decentralized privacy-retaining identity system able to combat AI-driven bots and deepfakes may not be as elusive as feared – courtesy of Tools for Humanity (TfH) and Worldcoin.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization’s data security and resilience.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

Before there was concern over VM stall, there was that of VM sprawl.VM sprawl had organizations worrying that so many virtual machines would be spun up (thanks to the ease of deploying them) that not only would management become an issue, but so, too, would performance, security, and IT staffing.

Update: NetQin Mobile reached out to SecurityWeek to let us know that they had previously identified the same malware under the name AnserverBot on September 19th. Dr. XuXian Jiang, Chief Scientist at NetQin’s US Security Research Center, offers a detailed report on how the malware works. - Editor

According to a recent report from the Government Accountability Office, despite efforts to implement stronger cybersecurity controls, several federal agencies remain in a weakened state. Since 2006, security incident reports have risen over 650-percent.

New Release Helps Protect Sensitive Data, Brings Centralized Management of Enterprise Wide Database Security MeasuresOn Monday at Oracle Open World, Oracle’s giant customer conference taking place this week in San Francisco, Oracle unveiled new and improved database security features in Oracle Enterprise Manager 12c.

McAfee today announced that it has agreed to acquire NitroSecurity, a privately held provider of high-performance security information and event management (SIEM) solutions.The company’s founders and roots come from the U.S. Department of Energy’s Idaho National Laboratory, giving it extensive experience with critical infrastructures in the energy sector, creating a sweet spot for the Portsmouth, NH-based company in a sector that has come into the spotlight following Stuxnet and a general rise in concern over critical infrastructure security.

SIEM vendors are all jumping on the Security Intelligence tag line, but what does it really mean? The bad guys are getting more sophisticated and the quality and breadth of intelligence is crucial to early identification and thwarting attacks. Can SIEM bring the analog of human intelligence (aka, espionage) to cyber threats and the security visibility of business intelligence to the executive boardroom?Defining the threat landscape:

VASCO Data Security, parent of recently “hacked out of business” Certificate Authority (CA), DigiNotar, has shared additional information on the expected losses surrounding the recent cyber attack that forced the company into bankruptcy.

Organization Warns that Poor Governance over Geolocation can be DisastrousIn a recently released white paper, the ISACA has offered a general overview of the issues surrounding corporate and consumer privacy when it comes to mobile geolocation services. In addition, the organization has offered a simple mnemonic to consumers and employees to address privacy and safety concerns - aptly named ROUTE.

Danish security firm CSIS recently released the results of a three-month long study, backing a common line of thought in the security world. That is, third-party applications can lead to serious risk, especially when combined with a lack of patching.According to CSIS, five products are responsible for 99-percent of all malware infections. Many of the targeted applications are vulnerable due to a lack of patching, leaving the user and the network exposed.

Social media can be a useful tool for businesses, bringing substantial benefits to marketing and communications with customers and employees, when used properly. But as any IT security department knows, social networks such as Facebook, Twitter and LinkedIn pose a significant threat to users across the board as they blindly click links which often lead to spam, clickjacking attacks, or other malicious sites that could result in malware infection.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Application security and vulnerability management platform DefectDojo has raised $7 million in Series A funding.

ICS/OT

ICS/OT

Report finds most organizations have suffered financial impact of $500,000 or more from cyberattacks on cyber-physical systems over past year.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.