Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

A years-long espionage campaign has targeted telecoms companies in Asia with tools associated with Chinese groups.

Ilya Sutskever’s new company is focused on safely developing “superintelligence” – a reference to AI systems that are smarter than humans.

Pomerium raises $13.75 million in Series A funding for dynamic user identity verification and access management platform.

LockBit appears to once again be the most active ransomware group, but experts believe the hackers may just be inflating their numbers. 

Hundreds of PC and server models may be affected by CVE-2024-0762, a privilege escalation and code execution flaw in Phoenix SecureCore UEFI firmware.

AI model weights govern outputs from the system, but altered or ‘poisoned’, they can make the output erroneous and, in extremis, useless and dangerous.

Enterprise identity company raises new capital from JP Morgan and Hercules Capital as it prepares for an IPO exit.

A threat actor targeting Chinese-speaking victims has been using the SquidLoader malware loader in recent attacks.

Atlassian has released Confluence, Crucible, and Jira updates to address multiple high-severity vulnerabilities.

Post-quantum cryptography (PQC) company PQShield has raised $37 million in Series B funding for its quantum-safe cryptography solutions.

A statewide outage of the Massachusetts 911 system was the result of a firewall that blocked calls from reaching emergency responders.

People on the Move

Data security startup Reco adds Merritt Baer as CISO

Chris Pashley has been named CISO at Advanced Research Projects Agency for Health (ARPA-H).

Satellite cybersecurity company SpiderOak has named Kip Gering as its new Chief Revenue Officer.

Merlin Ventures has appointed cybersecurity executive Andrew Smeaton as the firm’s CISO-in-Residence.

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

More People On The Move
UEFI vulnerability UEFI vulnerability

Hundreds of PC and server models may be affected by CVE-2024-0762, a privilege escalation and code execution flaw in Phoenix SecureCore UEFI firmware.

AI Weights AI Weights

AI model weights govern outputs from the system, but altered or ‘poisoned’, they can make the output erroneous and, in extremis, useless and dangerous.

AMD hack AMD hack

AMD has launched an investigation after a notorious hacker announced selling sensitive data allegedly belonging to the company.

Top Cybersecurity Headlines

Researchers have targeted the MTE security feature in Arm CPUs and showed how attackers could bypass protections.

A British man has been arrested in Spain for allegedly being the ringleader of the notorious Scattered Spider cybercrime group.

Microsoft is not rolling out Recall with Copilot+ PCs as it’s seeking additional feedback and working on improving security.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn how you can transform your security strategy to build your organization’s resilience in the face of evolving threats.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s annual cloud security virtual summit returns with a deliberate focus on exposed attack surfaces and weaknesses in public cloud infrastructure and APIs.

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies.

Learn More

Vulnerabilities

Cybercrime

Smarsh, a provider of managed email archiving and compliance solutions, introduced text message archiving to its platform today. With the new feature, companies can capture, index, monitor, preserve and produce SMS text messages, BlackBerry PIN-to-PIN and BlackBerry Messenger content for regulatory audits, e-discovery requests and other corporate governance uses.

GFI Software, a provider of software infrastructure products for small and medium-sized businesses, announced today that it has acquired security software provider Sunbelt Software. GFI was specifically interested in Sunbelt’s VIPRE product line. The assets of Sunbelt’s software distribution business, which are separate from the technology side of the company, will be divested into a separate entity, which the company plans to sell off or explore other strategic partnerships.

Social Networking in the Workplace - Workplace Social Networking creating security issues for corporate networksThe use of social networks by workers on the job has increased again, with usage patterns that may create new security issues for corporate networks.

SafeNet Holding Corporation, parent company of information security giant, SafeNet, filed a registration statement (Form S-1) with the United States Securities and Exchange Commission relating to a proposed initial public offering of its common stock.

China is directing “the single largest, most intensive foreign intelligence gathering effort since the Cold War” against the United States, according to a report released yesterday by Medius Research.

Application Delivery Networking provider Blue Coat Systems, Inc. (Nasdaq: BCSI), this week announced the release of a software plug-in that will allows enterprises running its PackerShaper appliances to discover, monitor, assess and control Apple software updates.

A former senior database administrator for GEXA Energy in Houston was sentenced today to 12 months in prison for hacking into his former employer's computer network.Steven Jinwoo Kim, 40, of Houston pleaded guilty on Nov. 16, 2009, to one count of intentionally accessing a protected computer without authorization and recklessly causing damage. Kim was also ordered to pay $100,000 in restitution to GEXA Energy and to serve three years of supervised release following his prison term.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.

Cloud Security