Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

According to a barebones Apple advisory, the new iOS 18.0.1 fixes two bugs that expose passwords and audio snippets to malicious hackers.

The coordinated action resulted in the seizure of more than 100 domains used for spear-phishing targets in the US, UK, and Europe.

CISO salaries are getting higher and experience counts. Average annual compensation for these cybersecurity leaders is more than $550K.

The hack of a police system that exposed contact details of all Dutch police officers was almost certainly carried out by hackers working for a foreign government, the justice minister said.

Jenkins has released patches for multiple high- and medium-severity vulnerabilities impacting the automation tool and several plugins.

An Ivanti EPM SQL injection vulnerability tracked as CVE-2024-29824 has been exploited to target some of the company’s customers.

A critical-severity vulnerability in Cisco NDFC could allow attackers to execute commands with elevated privileges.

Several e-filing and record management systems used in various US states were affected by serious vulnerabilities exposing sensitive data.

Over 4,000 Adobe Commerce and Magento stores unpatched against an exploited vulnerability have been compromised.

CISA director Jen Easterly says there is no chance a foreign adversary can change the results of the upcoming US election.

The latest Chrome and Firefox security updates address multiple high-severity vulnerabilities affecting the popular web browsers.

People on the Move

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

Mario Duarte, formerly head of security at Snowflake, has joined Aembit as CISO.

Kevin Mandia has joined Expel’s board of directors and has been named chair of the board at SpecterOps.

Adam Geller has joined Zscaler as Chief Product Officer.

More People On The Move
CISOs Salaries CISOs Salaries

CISO salaries are getting higher and experience counts. Average annual compensation for these cybersecurity leaders is more than $550K.

Rackspace Breach Rackspace Breach

A breach at Rackspace exposes the fragility of the software supply chain, triggering a blame game among vendors over an exploited zero-day.

DDoS attack DDoS attack

Cloudflare recently mitigated another record-breaking DDoS attack, peaking at 3.8 Tbps and 2.14 billion Pps. 

Top Cybersecurity Headlines

Previously seized LockBit websites have been used to announce more arrests, charges and infrastructure disruptions.

That dream of a decentralized privacy-retaining identity system able to combat AI-driven bots and deepfakes may not be as elusive as feared – courtesy of Tools for Humanity (TfH) and Worldcoin.

Gavin Newsom vetoed a landmark bill SB 1047 aimed at establishing first-in-the-nation safety measures for large artificial intelligence models.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization’s data security and resilience.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

Managing ever-growing volumes of data and being prepared for eDiscovery requests challenges many organizations. Email is no longer the primary source of records companies must produce when it comes to eDiscovery requests—at least according to a recent Symantec-sponsored survey of legal and IT personnel at 2,000 enterprises worldwide.

In a rare move, Oracle broke its normal procedures and issued an emergency patch due to concerns about the impact of a successful attack.The fix addresses a denial-of-service vulnerability in Oracle’s Apache Web server software. According to Oracle, the issue affects multiple versions of Oracle Fusion Middleware 11g Release 1, Oracle Application Server 10g Release 3 and Oracle Application Server 10g Release 2.

Since the discovery of Stuxnet in 2010, there has been a bit of a bull’s eye on the software used to run industrial control systems. Just recently, Italian security researcher Luigi Auriemma poked a new set of holes in Supervisory Control and Data Acquisition (SCADA) products from a number of vendors, including Progea, Rockwell Automation, Cogent and Measuresoft.

Mitsubishi Heavy Industries Ltd, Japan's largest defense contractor, has been a victim of a cyber attack, according to a report from the company. The company said attackers had gained access to company computer systems, with some reports saying the attacks targeted its submarine, missile and nuclear power plant component businesses.

Like any business decision, make a plan on what new technology you are going to use, then support that plan with enabling security controls to put it into reality.

McAfee announced new security technology this week that leverages Intel hardware and could be used to fight rootkits.Dubbed DeepSafe, the technology enables McAfee to develop hardware-assisted security products that take advantage of a “deeper security footprint,” according to the company. The technology sits below the operating system, which officials hope will allow McAfee to proactively block rootkits that bury themselves in the OS to avoid detection.

The SpyEye Trojan has a well-earned place of respect in cyber-underground as an adaptable and effective piece of malware. Those same traits have also made it a bane for countless victims and the security community, and new research by Trend Micro provides yet another reminder of why.

Security experts from Sourcefire talked up the company’s “Agile Security” strategy this week, emphasizing the need for informed, adaptive and automated security products to protect today's dynamic IT environments from constantly changing threats. The strategy comes down what the company calls four essential tenets:

Co3 Systems, a Cambridge, Massachusetts based startup, made its official debut as a company this week, and also launched its first offering—a SaaS-based data loss management solution.Looking to target an underserved aspect of breaches, Co3 says its solution can help businesses cut incident response process time by as much as half – significantly reducing the risk, expense and resources associated with data loss incidents.

The mobile industry needs to work together at pushing timely updates to Android users. The real question is motivation.With more and more mobile malware being directed at Android-based phones, you’d think the carriers and manufacturers would respond quickly to security and software updates to the underlying operating systems. According to a new survey that doesn't appear to be the case.

Patch Tuesday has arrived with a bevy of patches from Microsoft starring alongside patches from Adobe Systems.On Microsoft’s end, the company issued five security bulletins to plug a total of 15 vulnerabilities. Details of the bulletins were inadvertently made public briefly last week. All of the bulletins are rated ‘Important’, and none carry an exploitability rating higher than ‘2.’

Starting in January 2012, ICANN -- whose role is to oversee the huge and complex interconnected network of unique identifiers that allow computers on the Internet to find one another, including the Domain Name System (DNS) -- will allow applications from any company, city or organization in the world to manage their own generic top-level domain (gTLD). This new gTLD program will enable an unprecedented level of competition, and potential innovation, in the domain name market. But will this expansion...

The European Network and Information Security Agency (ENISA), Europe’s cyber security agency, published a new report this week that focuses on App-Store Security. The report, “Appstore security: 5 lines of defence against malware,” was published in response to the increasing number of attacks targeting mobile devices via app-stores.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Application security and vulnerability management platform DefectDojo has raised $7 million in Series A funding.

Cloud Security

Cloud Security

Credentials are still the most common entry point for bad actors, even as businesses deploy multi-factor authentication (MFA) to strengthen defenses.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.