Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.

Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe. 

Noteworthy stories that might have slipped under the radar: a possible Adobe Reader zero-day, researchers mistakenly hijack .mobi TLD, and an exploited WhatsApp View Once bypass.

Apple has released a patch for Vision Pro after researchers showed how an attacker can obtain passwords typed by looking at keys.

The recently observed Hadooken malware targeting Oracle WebLogic applications is linked to multiple ransomware families.

A joint report from the Committees on China and Homeland Security warns of the security risks posed by Chinese cranes in US ports.

The designation of UK data centers as Critical National Infrastructure strengthens cyber defenses, but a proposed £3.75B data center on protected Green Belt land sparks debate.

A 17-year-old from England has been arrested by the NCA over the recent cyberattack on Transport for London.

Doctor Web warns of the new Vo1d Android malware infecting roughly 1.3 million TV boxes running older OS versions.

GitLab has released security updates to resolve multiple vulnerabilities in GitLab CE/EE, including a critical-severity pipeline execution flaw.

Fortinet has confirmed suffering a data breach impacting customers after a hacker leaked files allegedly stolen from the company.

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

Exabeam has appointed Kish Dill as Chief Customer Success Officer.

Cloud networking firm Aviatrix has named John Qian as CISO.

More People On The Move
iPhone security iPhone security

Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.

CrowdStrike Microsoft CrowdStrike Microsoft

Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe. 

UK data centers UK data centers

The designation of UK data centers as Critical National Infrastructure strengthens cyber defenses, but a proposed £3.75B data center on protected Green Belt land sparks debate.

Top Cybersecurity Headlines

Fortinet has confirmed suffering a data breach impacting customers after a hacker leaked files allegedly stolen from the company.

Financial services giant Mastercard is acquiring Recorded Future from private equity firm Insight Partners for $2.6 billion.

Hackers believed to be operating on behalf of the Iranian government have deployed malware to Iraqi government networks. 

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from cybersecurity experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

According to recent survey findings coming from CyberSource, a Visa company, airlines lost an estimated $1.4 billion due to online payment fraud in 2010. But with so many security checks that come along with air travel, how is this possible? A typical fraud scenario in the airline industry plays out like this:

In February 2011, the clock finally ran out on IPv4, the trusty Internet Protocol that has been used to connect networked computers for the last 30 years. The Internet Assigned Numbers Authority (IANA), which manages the master pool of IP addresses, assigned its last five blocks of IPv4 space to the world's five Regional Internet Registries.

BeyondTrust today announced the acquisition of Lumigent Technologies, a Massachusetts-based provider of database security and activity monitoring solutions.As a result of the acquisition, BeyondTrust today announced PowerBroker Database, a solution that provides IT security departments with the ability to closely monitor database activity of privileged users, assess system configurations, and capture, alert, and report on changes to critical system configuration and business data.

Threats to our networks are faster, smarter, more prevalent, more targeted, and more elusive than ever before. At the same time, the number and types of operating systems, applications and services running on the network continue to grow. Gaining visibility into different user types – remote, mobile, third-parties, and by job function – and accommodating their unique requirements adds even greater complexity when it comes to protecting our IT infrastructure.

IT Security and data protection company Sophos today announced the availability of a number of new and enhanced mobile management and protection products for enterprises.

For nearly a year, 22 year-old Lucas Henderson of Texas has been creating and distributing fake coupons, resulting in hundreds of thousands of dollars lost by retailers and manufacturers. He surrendered in federal court last week.

A group of security and privacy researchers from the Institute of Media Informatics at Ulm University in Germany, is claiming to have discovered a serious security vulnerability in Google's ClientLogin protocol.In a recent analysis of the Android platform, the group discovered that when Android users are connected to an unencrypted open Wifi network, an attacker could both read transmitted synchronization data of Google Contacts, Calendar and Picasa Web Albums, and capture the authToken that’s user for authentication.

Autonomy Corporation, with dual headquarters in Cambridge, England and San Francisco, California, announced that it would acquire certain assets from Iron Mountain's digital division including archiving, eDiscovery, and online backup for $380 million in cash.The acquisition of assets will bring over six petabytes of data under management and more than 6,000 customers to Autonomy's customer base, bringing its private cloud data to over 25 petabytes and total customer base to over 25,000.

Over the weekend Sony began a phased restoration by region of PlayStation Network and Qriocity Services, but the company’s work is not done just yet.Following cyber attack on its data center in San Diego, California, Sony shut down the PlayStation Network and Qriocity services on April 20, to conduct an investigation and make enhancements to its security. Since then, the company has been working with several outside security firms, and says it has implemented new and additional security measures that...

Rogue antivirus (AV) attacks are showing no signs of slowing anytime soon. According to recent statistics coming from GFI Software, April saw a continued increase in the volume of detected malware, with 73,000 new variants of threats being released daily — a 26 percent increase over the same period last year.

During my high school years, in a time of dial-up modems and Windows 98, I was a huge computer geek (shocking, isn’t it?). One day, I received an e-mail from a friend, which had a small executable as an attachment. The e-mail contained a personal note from the sender, so I did not suspect it to be malicious. When I opened the executable, a small game of whack-a-mole opened up, with Bill Gates face in the role of the mole.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

SaaS applications are so easy to use, the decision, and the deployment, is sometimes undertaken by the business unit user with little reference to,...