Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.

Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe. 

Noteworthy stories that might have slipped under the radar: a possible Adobe Reader zero-day, researchers mistakenly hijack .mobi TLD, and an exploited WhatsApp View Once bypass.

Apple has released a patch for Vision Pro after researchers showed how an attacker can obtain passwords typed by looking at keys.

The recently observed Hadooken malware targeting Oracle WebLogic applications is linked to multiple ransomware families.

A joint report from the Committees on China and Homeland Security warns of the security risks posed by Chinese cranes in US ports.

The designation of UK data centers as Critical National Infrastructure strengthens cyber defenses, but a proposed £3.75B data center on protected Green Belt land sparks debate.

A 17-year-old from England has been arrested by the NCA over the recent cyberattack on Transport for London.

Doctor Web warns of the new Vo1d Android malware infecting roughly 1.3 million TV boxes running older OS versions.

GitLab has released security updates to resolve multiple vulnerabilities in GitLab CE/EE, including a critical-severity pipeline execution flaw.

Fortinet has confirmed suffering a data breach impacting customers after a hacker leaked files allegedly stolen from the company.

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

Exabeam has appointed Kish Dill as Chief Customer Success Officer.

Cloud networking firm Aviatrix has named John Qian as CISO.

More People On The Move
iPhone security iPhone security

Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.

CrowdStrike Microsoft CrowdStrike Microsoft

Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe. 

UK data centers UK data centers

The designation of UK data centers as Critical National Infrastructure strengthens cyber defenses, but a proposed £3.75B data center on protected Green Belt land sparks debate.

Top Cybersecurity Headlines

Fortinet has confirmed suffering a data breach impacting customers after a hacker leaked files allegedly stolen from the company.

Financial services giant Mastercard is acquiring Recorded Future from private equity firm Insight Partners for $2.6 billion.

Hackers believed to be operating on behalf of the Iranian government have deployed malware to Iraqi government networks. 

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from cybersecurity experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

Kaspersky Lab, in its most recent spam report for May 2011, revealed that across its user base, Russia has taken the number one position in terms of the quantity of malware detected in emails by antivirus software. According to Kaspersky’s data, Russia overtook the United States, where the quantity of malware infected emails received fell by 3.5 percent. The most widespread malware distributed via email was the Trojan-Spy program Trojan-Spy.HTML.Fraud.gen.

Symantec this week published "A Window Into Mobile Device Security: Examining the security approaches employed in Apple's iOS and Google's Android", an in-depth, technical evaluation of Apple's iOS and Google's Android mobile platforms, to help organizations understand the security risks of deploying these devices in the enterprise.

The folks over at Veracode have analyzed the recent PlayStation Network Breach and turned it into the infographic featured below. The infographic highlights events from the initial DDoS attacks and first major breach, through the many subsequent discoveries that resulted in a drop in Sony's stock price from $36.36 at the beginning of the year, down to $24.28 on June 20th.

Following a massive breach in late March that exposed the personal information of millions of users, Epsilon, the world's largest permission based email marketing services company, today shared information on security enhancements that the company has implemented in response to the high profile security breach.

VeriSign today announced that the Internet Corporation for Assigned Names and Numbers (ICANN) renewed the company's contract to serve as the authoritative registry operator for the .net registry for another six years.More than half of the world’s domains rely on Verisign’s infrastructure, and the company has held management of the .com/.net infrastructure for over 12 years. VeriSign also manages two of the world's 13 Internet root servers, a.root-servers.net and j.root-servers.net, considered national IT assets by the U.S. Federal government.

The Payment Card Industry (PCI) Council’s Virtualization Special Interest Group has released new guidance pertaining to virtual environments. Any organization that accepts and manages credit cardholder data within a virtual environment must understand this guidance and act accordingly. It will influence how auditors assess virtual environments and whether these environments comply with PCI requirements.

Kaspersky Lab today announced its first security solution designed exclusively for Android tablets. The new solution, Kaspersky Tablet Security, helps protect tablet users with real-time protection against viruses, spyware, Trojans, bots, and more.

Cellcrypt, a provider of encrypted voice calling solutions for mobile phones, today announced that it has launched Cellcrypt Mobile™ for iPhone®, a version of its encrypted voice calling application that runs on Apple® devices running iOS and operates over Wi-Fi™, GSM, CDMA and satellite networks. Today’s announcement follows the release of the Android version which the company released back on June 14th.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

SaaS applications are so easy to use, the decision, and the deployment, is sometimes undertaken by the business unit user with little reference to,...