Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Lehigh Valley Health Network has agreed to pay a $65 million settlement in a class-action suit filed over a 2023 data breach.

Ireland’s Data Protection Commission said it has opened an inquiry into Google’s Pathways Language Model 2, also known as PaLM2.

“It’s critical to not only back up your critical workloads, but also to secure those backups against subsequent modification and deletion.”

SplxAI has raised $2 million in pre-seed funding to help organizations identify vulnerabilities in AI chat applications.

The Tel Aviv company attracts $15 million in a Series A investment to build an AI-powered compliance and risk management platform.

Intel on Tuesday published advisories covering more than 20 vulnerabilities affecting processors and other products.

Five reasons why “Ambulance Chasing” and mocking harm the security profession and are never a good idea.

Noise generated by the pixels on a screen can be leveraged to exfiltrate data from air-gapped computers in what is called a PIXHELL attack.

Microsoft has started introducing support for post-quantum algorithms in SymCrypt, its main cryptographic library.

Ivanti has released patches for multiple vulnerabilities in Endpoint Manager, Cloud Service Appliance, and Workspace Control.

Golf course management company KemperSports has disclosed a cyberattack and data breach impacting over 62,000 individuals. 

People on the Move

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

Exabeam has appointed Kish Dill as Chief Customer Success Officer.

Cloud networking firm Aviatrix has named John Qian as CISO.

CrowdStrike has appointed Kartik Shahani as vice president of India and SAARC.

More People On The Move
Intel CPU attack Intel CPU attack

Intel on Tuesday published advisories covering more than 20 vulnerabilities affecting processors and other products.

Windows Downgrade Attack Windows Downgrade Attack

Patch Tuesday: Microsoft raises an alarm for in-the-wild exploitation of a critical flaw in Windows Update.

AI Convention AI Convention

Signed on September 5, 2024, the AI Convention is a laudable intent but suffers from the usual exclusions and exemptions necessary to satisfy multiple nations.

Top Cybersecurity Headlines

An academic researcher has devised a new method of exfiltrating data from air-gapped systems using radio signals from memory buses.

Kaspersky’s customers in the US are being acquired by cybersecurity firm Pango and will be offered UltraAV antimalware software.

Researchers and the TSA have different views on the impact of vulnerabilities in an airport security application that could allegedly allow the bypass of certain airport security systems.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from cybersecurity experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

The folks over at Veracode have analyzed the recent PlayStation Network Breach and turned it into the infographic featured below. The infographic highlights events from the initial DDoS attacks and first major breach, through the many subsequent discoveries that resulted in a drop in Sony's stock price from $36.36 at the beginning of the year, down to $24.28 on June 20th.

Following a massive breach in late March that exposed the personal information of millions of users, Epsilon, the world's largest permission based email marketing services company, today shared information on security enhancements that the company has implemented in response to the high profile security breach.

VeriSign today announced that the Internet Corporation for Assigned Names and Numbers (ICANN) renewed the company's contract to serve as the authoritative registry operator for the .net registry for another six years.More than half of the world’s domains rely on Verisign’s infrastructure, and the company has held management of the .com/.net infrastructure for over 12 years. VeriSign also manages two of the world's 13 Internet root servers, a.root-servers.net and j.root-servers.net, considered national IT assets by the U.S. Federal government.

The Payment Card Industry (PCI) Council’s Virtualization Special Interest Group has released new guidance pertaining to virtual environments. Any organization that accepts and manages credit cardholder data within a virtual environment must understand this guidance and act accordingly. It will influence how auditors assess virtual environments and whether these environments comply with PCI requirements.

Kaspersky Lab today announced its first security solution designed exclusively for Android tablets. The new solution, Kaspersky Tablet Security, helps protect tablet users with real-time protection against viruses, spyware, Trojans, bots, and more.

Cellcrypt, a provider of encrypted voice calling solutions for mobile phones, today announced that it has launched Cellcrypt Mobile™ for iPhone®, a version of its encrypted voice calling application that runs on Apple® devices running iOS and operates over Wi-Fi™, GSM, CDMA and satellite networks. Today’s announcement follows the release of the Android version which the company released back on June 14th.

The world is creating massive amounts of data. How much? According to the results of the EMC-sponsored IDC Digital Universe study released today, 1.8 zettabytes of data will be created and/or replicated in 2011, revealing that the world's information is more than doubling every two years—a rate faster than Moore's Law.

Universal Secure Registry LLC (USR), a mobile payment security technology and identity authentication company founded by Kenneth Weiss, the inventor of the technology behind the SecurID tokens now owned by RSA, today announced licensing availability of its patented electronic wallet technology to third parties including credit card companies, wireless carriers, banks, retailers and others.

Symantec today announced the latest version of its high availability solution for VMware virtual environments helps customers virtualize their business critical applications. The latest version of Symantec ApplicationHA extends the existing capabilities for disaster recovery with VMware vCenter Site Recovery Manager integration and provides a dashboard to monitor and manage hundreds of applications within VMware vCenter Server.

Lulzsec, the hacking group that quickly rose to fame over the past two months after hacking and exposing many corporations, governments, and individuals, says it’s calling it quits. In a post today, the group wrote, “Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind - we hope - inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love.”

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

SaaS applications are so easy to use, the decision, and the deployment, is sometimes undertaken by the business unit user with little reference to,...