Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

The US government will remove “unnecessary degree requirements” in favor of skills-based hiring to help fill 500,000 open cybersecurity jobs.

SonicWall is warning customers that the recently patched critical vulnerability CVE-2024-40766 may be exploited in the wild.

Noteworthy stories that might have slipped under the radar: US Special Forces can hack buildings, X is hiring cybersecurity staff, and FTC warns of Bitcoin ATM scams. 

The latest Apache OFBiz update patches CVE-2024-45195, a bypass of a recently disclosed remote code execution bug exploited in attacks.

Roundup of the three dozen cybersecurity-related merger and acquisition (M&A) deals announced in August 2024.

Veeam has released patches for critical-severity vulnerabilities in Backup & Replication, ONE, and Service Provider Console.

A vulnerability in the LiteSpeed Cache WordPress plugin leads to the exposure of sensitive information, including user cookies.

Researchers and the TSA have different views on the impact of vulnerabilities in an airport security application that could allegedly allow the bypass of certain airport security systems.

A secretive Russian military unit, previously linked to assassinations and destabilization in Europe, is blamed for destructive wiper malware attacks in Ukraine.

Planned Parenthood confirms “cybersecurity incident” as RansomHub ransomware gang threatens to leak 93 Gb of data stolen from the nonprofit last week.

GenAI users are uploading data to over eight apps every month – what are the security and privacy concerns?

People on the Move

Jill Popelka has been appointed CEO at Darktrace, after serving as COO for three months.

GitHub has appointed Alexis Wales as its new Chief Information Security Officer.

Cybersecurity and intelligence solutions provider Nightwing has appointed Christopher Jones as CTO and CDO.

AI-automated software testing firm Code Intelligence has appointed Eric Bruggemann as CEO.

High Wire Networks has named Edward Vasko as CEO and Mark Dallmeier as CRO of its Overwatch division.

More People On The Move
CISA CISA

Researchers and the TSA have different views on the impact of vulnerabilities in an airport security application that could allegedly allow the bypass of certain airport security systems.

Russian Hackers Russian Hackers

A secretive Russian military unit, previously linked to assassinations and destabilization in Europe, is blamed for destructive wiper malware attacks in Ukraine.

Russian hacking Russian hacking

The US has cracked down on an influence operation sponsored by the Russian government, announcing charges, sanctions and domain seizures.

Top Cybersecurity Headlines

Microsoft is experimenting with a major new security mitigation to block attacks targeting flaws in the Windows Common Log File System (CLFS).

Google has released Android security updates to patch an exploited local privilege escalation vulnerability.

Intel has shared some clarifications on claims made by a researcher regarding the hacking of its SGX security technology.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from cybersecurity experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

WatchGuard Technologies today introduced the most powerful security appliance the company has made to date, the WatchGuard XTM 2050. The new appliance is a next-generation firewall (NGFW) that provides enterprise-class security for large enterprises and data centers that require high-performance firewall, application control and intrusion prevention system (IPS).

Merchant security solutions provider SecurityMetrics, today announced SecurityMetrics Vision™, a network “threat sensor” designed to help smaller businesses secure their networks and comply with the Payment Card Industry Data Security Standard (PCI DSS).

While securing cloud systems is a top priority, if organizations can't satisfy auditors that regulated data is being managed in a way that is compliant – the move to the cloud may be a non-starter.

Microsoft will acquire Skype for $8.5 billion in cash, the companies announced this morning. Following much speculation, Microsoft officially announced it would acquire the Internet communications company from an investor group led by Silver Lake.

New Solution Helps Provide Visibility Into the Performance and Scalability of Virtualized Infrastructures Making the announcement surrounding the Interop conference taking place in Las Vegas this week, BreakingPoint today unveiled new capabilities, including the addition of a new "Data Center Resiliency Lab" to its offerings.

Most organizations aren’t prepared to prevent and respond to web infrastructure failures caused by distributed denial of service (DDoS) attacks and Domain Name System (DNS) failures. These conclusions came from two studies commissioned by VeriSign that show the urgent need for robust DDoS protection, reliable and secure DNS infrastructure, and advanced threat intelligence.

Mobile devices offer well-established benefits in terms of productivity and efficiency gains for employees and enhanced services for consumers. But there’s a catch: The ways smart phones, laptops and tablets interconnect work life and personal life raise serious security challenges for organizations—and the stakes are high.

McAfee has announced a new platform designed to help organizations take advantage of cloud computing in a safe, secure and efficient way.The McAfee Cloud Security Platform operates by securing all content and data traffic – including email, web and identity traffic – moving between an organization and cloud infrastructure.

Back on April 12, 2011, a report from independent security testing organization NSS Labs, warned of a vulnerability affecting industry-leading firewalls, including a sneak attack that could go unnoticed by most organizations. The dangerous vulnerability came in the form of a TCP Split Handshake Attack, an attack essentially being the TCP Equivalent of IP Spoofing.

While reading recent articles on the Sony breaches, I noticed many comments in the forums saying things like, “if you connect to the Internet, you should consider yourself breached.” Although I understand the sentiment, I can’t help but wonder, is it really that bad?

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

SaaS applications are so easy to use, the decision, and the deployment, is sometimes undertaken by the business unit user with little reference to,...

Cloud Security