Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

The Pwn2Own hacking competition is moving to Ireland and $300,000 is being offered for a zero-click exploit against WhatsApp. 

The risk of suffering a ransomware attack is high and organizations must take proactive steps to protect themselves and minimize the impact of a potential breach.

The tools are being positioned as crucial to help business customers meet requirements for regulations like FINRA, HIPAA, and GDPR.

Chinese government-backed hacking team caught breaking into organizations in shipping, logistics and automotive sectors in Europe and Asia.

Join us as we explore the latest trends in the world of SaaS security, cyberattacks against cloud infrastructure, data security posture management (DSPM), and the hype and promise of AI and LLM technologies.

SAP patches AI Core vulnerabilities allowing attackers to access customer data and take over the service.

Adobe and CISA warn that a recent Adobe Commerce vulnerability has been exploited in the wild.

Boat dealer MarineMax said the data breach caused by a recent ransomware attack impacts over 123,000 individuals.

Ctera has received $80 million in primary and secondary funding from private equity firm PSG Equity.

Teixeira, who was part of the 102nd Intelligence Wing at Otis Air National Guard Base in Massachusetts, worked as a cyber transport systems specialist.

Researchers show how the Port Shadow technique against VPNs can allow MitM attacks, enabling threat actors to intercept and redirect traffic. 

People on the Move

SaaS security company AppOmni has hired Joel Wallenstrom as its General Manager.

FTI Consulting has appointed Brett Callow as Managing Director in its Cybersecurity & Data Privacy Communications practice.

Mobile security firm Zimperium has welcomed David Natker as its VP of Global Partners and Alliances.

CISA has appointed Jeff Greene as Executive Assistant Director for Cybersecurity and Trent Frazier as Assistant Director for Stakeholder Engagement.

David Chétrit has been appointed the CEO of Kudelski Security.

More People On The Move
Pentagon Leaker Jack Teixeira to Face Military Court-Martial, Air Force Says

Teixeira, who was part of the 102nd Intelligence Wing at Otis Air National Guard Base in Massachusetts, worked as a cyber transport systems specialist.

VPN attack VPN attack

Researchers show how the Port Shadow technique against VPNs can allow MitM attacks, enabling threat actors to intercept and redirect traffic. 

Rite Aid ransomware data breach Rite Aid ransomware data breach

Pharmacy chain Rite Aid says 2.2 million people are impacted by a recent data breach for which the RansomHub group has taken credit.

Top Cybersecurity Headlines

Kaspersky is shutting down operations in the US and laying off employees following the recent Commerce Department ban.

The massive AT&T breach has been linked to an American hacker living in Turkey and reports say the telecom giant paid a $370,000 ransom.

Google’s parent company Alphabet is reportedly in advanced talks to acquire the hotshot Israeli data security startup.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

SecurityWeek’s annual cloud security virtual summit returns with a deliberate focus on exposed attack surfaces and weaknesses in public cloud infrastructure and APIs.

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies.

Learn More

Vulnerabilities

Cybercrime

App Genome Project Enables Rapid Identification of Bad Applications San Francisco based Smartphone security company, Lookout, today unveiled plans for an initiative to map and study mobile applications in order to identify security threats and provide insight into how applications are tapping into personal data and accessing other phone resources.

Imperva, a California based data security company, this week announced a research initiative focused on providing deeper insight on how cybercriminals conduct large scale cyber attacks as well as shedding light on the evolution of the underground business of cybercrime.

Fifty-six percent of companies that have deployed interactive Web 2.0 applications have taken steps to prevent hacking, and the other 46 percent should, according to a new report released yesterday by InformationWeek Analytics. To make its point, the research firm deployed a sample Web 2.0 employee management application on its web site. The report’s author, Tivo security director Adam Ely, easily hacked it.

Several of the world’s largest ISPs, along with major enterprises, realize the need for a centralized clearing-house capable of alerting the world about major DNS problems

Last week Dell notified customers that certain Dell PowerEdge Server replacement motherboards had been infected with malware. The W32.Spybot worm (originally discovered in 2003) was found in flash storage (NOT firmware) on the motherboard during Dell testing.This issue does not affect systems as shipped from Dell and is limited to replacement motherboards in four servers - Dell PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410.

In a trend that mirrors the invasion of the corporate world in the 1980’s by personal computers, today’s employees are beginning to use consumer-oriented technology like the iPhone and Facebook to do business – and this means stress and trouble for IT security professionals.

IT security firm Sophos this week issued new guidance on a Windows Zero Day vulnerability that is already being used to target critical infrastructure systems, including power grids. Exploit code for what Sophos terms the "CPLINK" vulnerability is widely available. In response to the situation, the SANS Institute has taken the uncommon step of raising its industry Infocon vulnerability alert level.

Microsoft today announced the availability of Forefront Endpoint Protection 2010 (FEP) public beta which now available to customers.The successor of Forefront Client Security, FEP 2010 is built on System Center Configuration Manager (SCCM) 2007 R2, allowing customers to use their existing client management infrastructure to deploy and manage endpoint protection.

Malware prevention provider FireEye and network forensics company Solera have announced a technology partnership to deliver an integrated security solution that will not only block an attack, but also help IT security professionals figure out exactly what happened after the fact.

The anti-malware industry sometimes sees more complicated problems than you might imagine, and they can’t all be fixed by tweaking detection algorithms or giving the marketing team a productivity bonus.

Virtualization Security Risks - Government Agencies Worrying LessWorries about the security risks of virtualization – the number two barrier to adoption for Federal IT organizations last year – have fallen to seventh place, far behind more mundane concerns such as lack of staff and budget. According to a survey conducted by CDW Government LLC, state and local IT groups ranked even lower, in eighth place.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

CISA says a SILENTSHIELD red team assessment found gaping holes in the security posture of a federal civilian executive branch organization.

Cloud Security

Cloud Security

Join us as we explore the latest trends in the world of SaaS security, cyberattacks against cloud infrastructure, data security posture management (DSPM), and...