Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Saint Xavier University is notifying over 210,000 individuals of personal information compromise in a July 2023 data breach.

Kolade Akinwale Ojelade was sentenced to 26 years in prison in the US for compromising email accounts through phishing and stealing millions.

Google has showcased the capabilities of its Big Sleep LLM agent, which found a previously unknown exploitable memory safety issue in SQLite.

The FBI is asking for information on the Chinese threat actors targeting Sophos edge devices to compromise private and government entities.

The City of Columbus says the personal information of 500,000 people was stolen in a ransomware attack.

Siemens and Rockwell Automation are taking steps to improve cybersecurity in industrial organizations, but getting customers to install security systems and upgrade ICS can still be challenging. 

Barracuda has observed a large-scale OpenAI impersonation campaign whose goal is to phish for ChatGPT credentials.

Noma provides a platform to protect the data and lifecycle of emerging gen-AI applications, which introduces new threats not covered by existing security controls.

A stealthy network backdoor found on hacked Sophos XG firewall devices is programmed to work on a broader range of Linux-based devices.

GreyNoise Intelligence says an internal AI tool captured attempts to exploit critical vulnerabilities in commercial livestream IoT cameras.

Noteworthy stories that might have slipped under the radar: FBI conducted over 30 ransomware disruption operations this year, Windows Recall delayed until December, CrowdStrike responds to a Bloomberg article. 

People on the Move

Automated phishing protection and scam prevention company Bolster has appointed Rod Schultz as CEO.

Bugcrowd has appointed Trey Ford as Chief Information Security Officer for the Americas.

Tim McKnight has joined UnitedHealth Group as CISO following the Change Healthcare ransomware attack.

Zach Furness has joined MITRE as CISO.

Gregg R. Kendrick has been named CISO at Vanderbilt University.

More People On The Move
Siemens Rockwell cybersecurity Siemens Rockwell cybersecurity

Siemens and Rockwell Automation are taking steps to improve cybersecurity in industrial organizations, but getting customers to install security systems and upgrade ICS can still be challenging. 

Sophos CVE-2023-1671 exploited Sophos CVE-2023-1671 exploited

British EDR vendor Sophos details a years-long “cat-and-mouse” tussle with sophisticated Chinese government-backed hackers.

Prosecutors Seek a 17-Year Prison Term for Pentagon Secrets Leaker Jack Teixeira

Prosecutors want a Massachusetts Air National Guard member who leaked highly classified military documents to serve 17 years in prison.

Top Cybersecurity Headlines

Version 2.5 of WhiteRabbitNeo is designed to think like a seasoned red team expert, capable of identifying and exploiting vulnerabilities with remarkable speed and precision.

New jailbreak technique tricked ChatGPT into generating Python exploits and a malicious SQL injection tool.

Armis raised an additional $200 million in funding at valuation of $4.2 billion as the company aims for an IPO.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization’s data security and resilience.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

Initiative Will Focus on Creating Cyber Education Programs for K-12 through Career and Technical Education Levels.The National Cyber Security Alliance (NCSA), acting on behalf of the National Cybersecurity Education Council, has signed a memorandum of understanding with the US Dept. of Education (DOE), to establish cybersecurity related training programs in schools across the nation, grades K-12.

Balancing Risk and Reward in Information Security: Are you Willing to Spend X to Avoid Y?My daughters tell me that I am too careful and I over-think decisions. I research a car before buying, and build a spreadsheet that includes things like warranties and total cost of ownership for a year. I think, however, that I am just practical.

Red Hat today announced that it has joined Facebook’s Open Compute Project, a non-profit foundation with a simple, yet challenging goal – design the most efficient computing infrastructures at the lowest possible cost.With this goal in mind, Red Hat is now part of the ecosystem of engineers, architects and developers that are looking to redefine the next-generation datacenter. As the largest provider of open source software and services, this is a huge addition of support to the project.

What Do 4G/LTE Networks' Entirely New Infrastructure Mean for Security?By now, we’ve all seen the uncharacteristically techie ads for 4G/LTE phones and services. Even for those of us who don’t know that LTE stands for Long Term Evolution, the 4G postscript reassures us that we are going to get more, better, and faster. After all, the “Gs” have been part of our vernacular and consciousness for a while.

Microsoft has dismissed a lawsuit against a company it contended a month ago was at the heart of the now-defunct Kelihos botnet.In September, Microsoft named Dominique Piatti and his company dotFree Group SRO as controllers of the botnet. The move marked the first time Microsoft had named a defendant in one of its botnet-related civil suits.

What Can we Learn From Some of the Significant Hacks in 2011?As we round the corner to the last quarter of 2011 and move into the busy holiday season (for hackers too), it’s a good time to look back at some of the hacks that made headlines this year. And 2011 was a monumental year for hackers. Businesses as well as consumers felt the brunt of cybercrime by the millions, some of them a few times over. Here’s a look...

According to local Japanese media, defense information and nuclear power plant design and safety plans were taken during the attack on Mitsubishi Heavy Industries, which was discovered in August, and disclosed in September.Japan’s largest defense contractor said in August that it “would continue to strengthen” existing security measures, but believed that it had contained the cyber attack.

Spammers have turned to creating their own URL shortening services to better conceal links in their messages.Researchers at Symantec recently uncovered a spam gang with at least 80 URL shortening sites, all of which used a similar naming pattern as well as the .info top-level domain. According to the company, the spammers are using free, open source URL shortening scripts to operate these sites. After creating shortened URLs with their own service, the spammers then blast out their messages with...

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Willfully ignoring important security issues to make our lives easier is, unfortunately, something that does happen in the security field. 

ICS/OT

ICS/OT

Siemens and Rockwell Automation are taking steps to improve cybersecurity in industrial organizations, but getting customers to install security systems and upgrade ICS can...

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.