Watch on Demand: Attack Surface Management Summit | All Sessions Now Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Sessions from SecurityWeek’s 2024 Attack Surface Management are now available to watch on demand.

CISA has laid out the FOCAL plan, which aligns the collective operational defense capabilities across federal agencies.

Iranian hackers sought to interest President Joe Biden’s campaign in information stolen from rival Donald Trump’s campaign.

Serial entrepreneur Sinan Eren is back with Opnova, a startup working on automating security workflows with limited human supervision.

CISA is warning organizations that two Oracle vulnerabilities tracked as CVE-2022-21445 and CVE-2020-14644 are being exploited in the wild. 

Attack simulation firm has raised $45 million in growth funding, bringing the total amount raised to $80 million.

Atlassian’s September 2024 monthly security bulletin details multiple high-severity vulnerabilities in four products.

Microsoft has observed the threat actor Vanilla Tempest targeting US healthcare organizations with INC ransomware.

The Port of Seattle, which owns and runs the airport, has decided not to pay, the official said.

Threats have become more complex as the threat surface has expanded and it is now about the evolution of protecting a business and its ecosystem.

The US government has announced the disruption of Raptor Train, a Flax Typhoon botnet powered by hacked consumer devices.

People on the Move

Bob Turner has been named CISO at Penn State University.

V2X has appointed Christopher Carter as CISO.

Andrew McLaughlin has been appointed Chief Operating Officer at SandboxAQ.

Credential management firm Axiad has appointed Brian Szeto as CFO and Lynne Boyd as VP of sales.

Secure infrastructure access firm Teleport has named a new CRO and CMO.

More People On The Move
Raptor Train botnet takedown Raptor Train botnet takedown

The US government has announced the disruption of Raptor Train, a Flax Typhoon botnet powered by hacked consumer devices.

How did Pagers explode in Lebanon? How did Pagers explode in Lebanon?

Between 3 to 5 grams of a highly explosive material were concealed inside pagers prior to their delivery to Hezbollah, and then remotely triggered simultaneously.

Deepfake AI Threat Deepfake AI Threat

When it comes to adversarial use of AI, the real question is whether the AI threat is a deep fake, or whether the deepfake is the AI threat.

Top Cybersecurity Headlines

Two recently patched Progress Software WhatsUp Gold vulnerabilities may have been exploited in the wild, possibly in ransomware attacks.

Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.

Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe. 

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization’s data security and resilience.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

Symantec this week published "A Window Into Mobile Device Security: Examining the security approaches employed in Apple's iOS and Google's Android", an in-depth, technical evaluation of Apple's iOS and Google's Android mobile platforms, to help organizations understand the security risks of deploying these devices in the enterprise.

The folks over at Veracode have analyzed the recent PlayStation Network Breach and turned it into the infographic featured below. The infographic highlights events from the initial DDoS attacks and first major breach, through the many subsequent discoveries that resulted in a drop in Sony's stock price from $36.36 at the beginning of the year, down to $24.28 on June 20th.

Following a massive breach in late March that exposed the personal information of millions of users, Epsilon, the world's largest permission based email marketing services company, today shared information on security enhancements that the company has implemented in response to the high profile security breach.

VeriSign today announced that the Internet Corporation for Assigned Names and Numbers (ICANN) renewed the company's contract to serve as the authoritative registry operator for the .net registry for another six years.More than half of the world’s domains rely on Verisign’s infrastructure, and the company has held management of the .com/.net infrastructure for over 12 years. VeriSign also manages two of the world's 13 Internet root servers, a.root-servers.net and j.root-servers.net, considered national IT assets by the U.S. Federal government.

The Payment Card Industry (PCI) Council’s Virtualization Special Interest Group has released new guidance pertaining to virtual environments. Any organization that accepts and manages credit cardholder data within a virtual environment must understand this guidance and act accordingly. It will influence how auditors assess virtual environments and whether these environments comply with PCI requirements.

Kaspersky Lab today announced its first security solution designed exclusively for Android tablets. The new solution, Kaspersky Tablet Security, helps protect tablet users with real-time protection against viruses, spyware, Trojans, bots, and more.

Cellcrypt, a provider of encrypted voice calling solutions for mobile phones, today announced that it has launched Cellcrypt Mobile™ for iPhone®, a version of its encrypted voice calling application that runs on Apple® devices running iOS and operates over Wi-Fi™, GSM, CDMA and satellite networks. Today’s announcement follows the release of the Android version which the company released back on June 14th.

The world is creating massive amounts of data. How much? According to the results of the EMC-sponsored IDC Digital Universe study released today, 1.8 zettabytes of data will be created and/or replicated in 2011, revealing that the world's information is more than doubling every two years—a rate faster than Moore's Law.

Universal Secure Registry LLC (USR), a mobile payment security technology and identity authentication company founded by Kenneth Weiss, the inventor of the technology behind the SecurID tokens now owned by RSA, today announced licensing availability of its patented electronic wallet technology to third parties including credit card companies, wireless carriers, banks, retailers and others.

Symantec today announced the latest version of its high availability solution for VMware virtual environments helps customers virtualize their business critical applications. The latest version of Symantec ApplicationHA extends the existing capabilities for disaster recovery with VMware vCenter Site Recovery Manager integration and provides a dashboard to monitor and manage hundreds of applications within VMware vCenter Server.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

RunSafe Security has raised $12 million in a Series B funding round for a solution designed to help companies develop secure software.

Cloud Security