CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Noteworthy stories that might have slipped under the radar: ENISA and NCSC release cybersecurity reports, abuse of Cloudflare services, FBI warns of gen-AI enabling fraud. 

Data privacy solutions provider Ethyca has raised $10 million in a funding round led by Aspenwood Ventures and AVP.

SonicWall has released patches for multiple high-severity flaws in the SMA100 SSL-VPN secure access gateway.

Atrium Health has notified the HHS of a data breach impacting 585,000 individuals, and the incident may be related to online tracking.

Google has announced the open source availability of Vanir, a patch validation tool for Android platform developers.

WatchTowr has published proof-of-concept (PoC) code for an unpatched vulnerability in the Mitel MiCollab enterprise collaboration platform.

A California teen suspected of being a Scattered Spider member left a long trail of evidence and even used an FBI service to launder money.

A critical directory traversal vulnerability in the SailPoint IdentityIQ IAM platform exposes restricted files to attackers.

Japanese device maker confirms zero-day router exploitation and warn that full patches won’t be available for a few weeks.

SecurityWeek’s Cyber AI & Automation Summit took place on December 4th, as an online event.

The newly discovered DroidBot Android trojan targets 77 banks, cryptocurrency exchanges, and national organizations.

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

Video platform Vimeo has appointed Ryan Weeks as Chief Information Security Officer.

LPL Financial has welcomed Renana Friedlich as Chief Information Security Officer.

More People On The Move
China Telecom Hack China Telecom Hack

A top White House official said at least eight U.S. telecom firms and dozens of nations have been impacted by a Chinese hacking campaign.

Russian APT zero-day Russian APT zero-day

Russia’s Turla hackers hijacked 33 command servers operated by Pakistani hackers who had themselves breached Afghanistan and Indian targets.

Solana Web3 supply chain attack Solana Web3 supply chain attack

Supply chain attack leads to decentralized application developers downloading backdoored versions of the Solana Web3.js library.

Top Cybersecurity Headlines

McInerney’s path to becoming a hacker is subtly different to many other hackers. He started as a 22-year old psychology graduate rather than a computer-obsessed 9-year old kid.

The ‘Bootkitty’ prototype UEFI bootkit contains an exploit for LogoFAIL and was created in a South Korea university program.

Russian authorities have reportedly arrested Mikhail Matveev, who is wanted by the US for ransomware attacks against critical infrastructure.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack Demonstration to learn how hackers operate and gain knowledge to strengthen your defenses against deepfake and BEC fraud.

Register

Learn how to develop a holistic solution that provides you and your team the power to mitigate cyber threats effectively within your OT environment.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 2025, Stay Tuned]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

Huddle with your peers to measure the costs, benefits, and risks of deploying machine learning and predictive AI tools in the enterprise, the threat from adversarial AI and deepfakes, and preparation for the inevitable compliance and regulations. (December 4, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

Constant demand for advanced malware, paired with a co-opetition model, this ecosystem directly impacts how quickly and efficiently new threats can spread.As malware gets progressively more complex, it’s important to understand how the major players in the malware industry fit together and how these relationships affect the ways that malware is developed, distributed and ultimately used in attacks.

Around this time last year you may have read my SecurityWeek article, The Optimist's Cybercrime Predictions for 2011. Now that the year is drawing to an end, I thought it would be an interesting opportunity to look back to my 2011 predictions and see how each of them panned out.

While the move is far from a total change of stance, it looks as if the Pentagon has started to open its heart and mind to something other than BlackBerry. According to the latest Security Technical Implementation Guide (STIG) overview, the Defense Department is open to the idea of devices running Android 2.2, but so far only one device has made the cut.

McAfee has come forward with its list of 2012 threat predictions, part of a longstanding tradition in the InfoSec community, which outline what it sees as the largest obstacles to personal and organizational security in the coming year.

The National Cyber Security Alliance (NCSA) and McAfee have produced a report examining the growing false sense of security displayed by mobile users, and how it could impact the nation overall.The research found that 70-percent of smartphone owners say they feel their device is safe from various types of cybercrime. Further, the same percentage said that they have never installed any form of security protection on their mobile device, and that they feel their device is safe from data theft...

Siemens has announced plans to patch a number of critical vulnerabilities in its SCADA software after a researcher accused the company of trying to brush the issue under the rug.In response to claims by security researcher Billy Rios that the company was dismissing reports of vulnerabilities, Siemens issued a statement noting that the company planned to patch a number of issues found by Rios and fellow researcher Terry McCorke next month.

In late November, news surfaced that researchers from Columbia University had discovered vulnerabilities in upgradeable firmware in HP laser printers that could be compromised and modified by an attacker, enabling them to do anything from overheating the printer, to compromising a network, with some saying that the devices could even be set up in flames.

Strategic Forecasting Inc. (Stratfor), a Texas-based intelligence firm that delivers paid briefings on a wide range of topics, suffered a pre-Christmas breach at the hands of those supporting the current incarnation of the AntiSec movement. The fallout has been devastating thus far, but according to comments from those familiar with the breach, this is only the beginning.

Instead of passively waiting for an intruder to trigger a trap you set, consider adding a truly proactive component to your SIEM strategy.Aren't IDS and Log Collectors great? Not so long ago, the problem that most security professionals had was a lack of information. Not any more! Now, many of us have more information than you can throw SQL queries at.

Next year you'll be able to do all your holiday shopping without ever opening a physical wallet—or so Google hopes. The previously announced Google Wallet is comfortably into beta. Google is betting that by 2014 half of all smart phones will ship with compatible NFC chips installed. They hope that Google Wallet will be on most if not all of them.

Cyber-Ark Software, a provider of enterprise security solutions that help companies secure and manage accounts, sessions, critical applications and data, this week announced that it has signed an agreement for a $40 million investment round led by Goldman Sachs and Jerusalem Venture Partners (JVP).

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Google has announced the open source availability of Vanir, a patch validation tool for Android platform developers.

Cloud Security

Cloud Security

Veeam releases patches for two vulnerabilities in Service Provider Console, including a critical-severity remote code execution bug.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.