Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.

Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe. 

Noteworthy stories that might have slipped under the radar: a possible Adobe Reader zero-day, researchers mistakenly hijack .mobi TLD, and an exploited WhatsApp View Once bypass.

Apple has released a patch for Vision Pro after researchers showed how an attacker can obtain passwords typed by looking at keys.

The recently observed Hadooken malware targeting Oracle WebLogic applications is linked to multiple ransomware families.

A joint report from the Committees on China and Homeland Security warns of the security risks posed by Chinese cranes in US ports.

The designation of UK data centers as Critical National Infrastructure strengthens cyber defenses, but a proposed £3.75B data center on protected Green Belt land sparks debate.

A 17-year-old from England has been arrested by the NCA over the recent cyberattack on Transport for London.

Doctor Web warns of the new Vo1d Android malware infecting roughly 1.3 million TV boxes running older OS versions.

GitLab has released security updates to resolve multiple vulnerabilities in GitLab CE/EE, including a critical-severity pipeline execution flaw.

Fortinet has confirmed suffering a data breach impacting customers after a hacker leaked files allegedly stolen from the company.

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

Exabeam has appointed Kish Dill as Chief Customer Success Officer.

Cloud networking firm Aviatrix has named John Qian as CISO.

More People On The Move
iPhone security iPhone security

Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.

CrowdStrike Microsoft CrowdStrike Microsoft

Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe. 

UK data centers UK data centers

The designation of UK data centers as Critical National Infrastructure strengthens cyber defenses, but a proposed £3.75B data center on protected Green Belt land sparks debate.

Top Cybersecurity Headlines

Fortinet has confirmed suffering a data breach impacting customers after a hacker leaked files allegedly stolen from the company.

Financial services giant Mastercard is acquiring Recorded Future from private equity firm Insight Partners for $2.6 billion.

Hackers believed to be operating on behalf of the Iranian government have deployed malware to Iraqi government networks. 

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from cybersecurity experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

“A chain is no stronger than its weakest link, and life is after all a chain” -William JamesI was reminded when talking to a friend and colleague this week that security is, fundamentally, about people. It is basically a social activity for all that we focus so intently on the technology and on the minutiae of events. And while there isn’t always a traitor to point to, there is always a uniquely Human dimension to security.

Zenprise, a provider of mobile device management solutions, today announced the availability of Zenprise Secure Mobile Gateway™, a new offering that provides multilayer protection against malicious or blacklisted applications. With Zenprise Secure Mobile Gateway, IT administrators can provide employees the freedom to download and install applications on personal devices, while helping to protect enterprise resources from security breaches and rogue applications.

Symantec’s May 2011 MessageLabs Intelligence Report revealed a new trend in spammers establishing their own fake URL-shortening services to perform URL redirection. Symantec attributes this month's 2.9 percentage point increase in spam to the new spamming activity, a rise that was expected following the Rustock botnet takedown in March.

Application Whitelisting and Change Policy Management Ensure that Data and Applications are Protected Today’s cyberspace is often compared to the Wild West, with good reason. Criminal gangs roam around a vast, untamed wilderness. Cattle rustling has been replaced by identity theft. And, sometimes, just for kicks, today’s cyberscum deny services or destroy infrastructure—the modern-day equivalent of getting drunk and shooting up the town.

Report Finds Serious Disconnect Between Businesses and Mobile Users. Half of Lost or Stolen Devices Contain Business Critical DataIn collaboration with Carnegie Mellon University, McAfee today released “Mobility and Security: Dazzling Opportunities, Profound Challenges”, a report focusing on the consumerization of IT and its impact on security.

A former Bank of America (BOA) computer programmer was sentenced to 27 months in federal prison, after he installed malware on Bank of America ATMs that allowed him to suck out large amounts of cash from the machines. He pleaded guilty on April 13, 2011 and was sentenced this week.

In Boston, an employee of an MBTA subcontractor has been arrested in connection with an alleged scheme to produce millions of dollars’ worth of fake MBTA monthly passes and sell them directly to riders.Andres Townes, age 27, of Revere, MA, was arrested and charged with Larceny over $250 and Conspiracy to Commit Larceny over $250.

Security standards exist because someone recognized a need. HIPAA, for example, was created to protect sensitive healthcare data. All information security regulations were created for a reason. Healthcare organizations are required to comply with HIPAA and HITECH. HIPAA and HITECH define a standard that should be placed on certain healthcare data. While they might give us a sense of security, do HIPAA and HITECH really make us more secure?

NetIQ Corporation, a business unit of The Attachmate Group, this week announced it will take over the complete portfolio of identity and security solutions from sister company Novell. (Both are units of Attachmate) In addition, certain Novell data center solutions will be added to the NetIQ business unit solution portfolio.Novell product lines now operating under the Houston, Texas based NetIQ business unit include:

A joint study released this week by ThreatMetrix and the Ponemon Institute, looks at the increase in mobile commerce activity, and how this trend plays a role in the prominence of fraudulent mobile transactions. The study examined how comfortable consumers are with sharing their mobile location with a company. More than half of respondents said they would be willing to share this information if it meant protecting against online fraud.

In early May, the Michaels art supply chain reported that 90 PIN pads within some of its 995 stores nationwide had been compromised, with victims reporting fraudulent withdrawals of up to $500 made from ATMs on the West Coast against their credit and debit card accounts. While 90 units represents less than 1 percent of the total, Michaels took the extraordinary precaution of removing the approximately 7,200 comparable PIN pads from all its US stores. The company was also monitoring...

Red Hat today announced the availability of Red Hat Enterprise Linux 6.1, the first update to the platform since the delivery of Red Hat Enterprise Linux 6 in November 2010. With Red Hat Enterprise Linux 6.1, Red Hat continues to set the standard in flexibility, performance and quality that customers around the world rely on for their open source enterprise environments, spanning physical, virtual and cloud deployments.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

SaaS applications are so easy to use, the decision, and the deployment, is sometimes undertaken by the business unit user with little reference to,...