Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Very small explosive devices may have been built into the pagers prior to their delivery to Hezbollah, and then all remotely triggered simultaneously.

VMware warned that an attacker with network access could send a specially crafted packet to execute remote code. CVSS severity score 9.8/10.

Intezer is looking to tap into booming market for AI-powered tooling to address the severe shortage of skilled cybersecurity professionals. 

C/side has raised $6 million in a seed-stage funding round to help organizations protect against malicious browser third-party scripts.

A Hezbollah official speculated that malware may have caused the pagers to heat up and explode, wounding 2,750 people — 200 of them critically.

RunSafe Security has raised $12 million in a Series B funding round for a solution designed to help companies develop secure software.

When it comes to adversarial use of AI, the real question is whether the AI threat is a deep fake, or whether the deepfake is the AI threat.

D-Link has released patches for critical vulnerabilities that could allow attackers to execute arbitrary code and commands on routers.

Hydden has raised $4.4 million in seed funding for a solution designed to provide deep visibility into identities, accounts and privileges.

Tenable shares details on a dependency confusion attack that led to the execution of code on Google’s internal servers.

BlackCloak has raised $17 million in Series B funding to protect high-profile individuals from sophisticated cyberattacks.

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

Exabeam has appointed Kish Dill as Chief Customer Success Officer.

Cloud networking firm Aviatrix has named John Qian as CISO.

More People On The Move
How did Pagers explode in Lebanon? How did Pagers explode in Lebanon?

Very small explosive devices may have been built into the pagers prior to their delivery to Hezbollah, and then all remotely triggered simultaneously.

Deepfake AI Threat Deepfake AI Threat

When it comes to adversarial use of AI, the real question is whether the AI threat is a deep fake, or whether the deepfake is the AI threat.

WhatsUp Gold vulnerability exploited WhatsUp Gold vulnerability exploited

Two recently patched Progress Software WhatsUp Gold vulnerabilities may have been exploited in the wild, possibly in ransomware attacks.

Top Cybersecurity Headlines

Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.

Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe. 

The designation of UK data centers as Critical National Infrastructure strengthens cyber defenses, but a proposed £3.75B data center on protected Green Belt land sparks debate.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from cybersecurity experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

HP has won the heated bidding war for storage company 3Par, but Dell will take home $72 million from a break-up fee upon the termination of its merger agreement.Dell announced today that it will not increase its most recent proposal to acquire 3PAR, and that Dell has ended its discussions regarding a potential acquisition.

Heartland Payment Systems quietly issued a press release late Wednesday afternoon, announcing a settlement agreement with Discover Financial Services related to a 2008 data breach.Heartland will pay Discover $5 million as part of the settlement and the case is officially closed.On January 20, 2009 Heartland announced that a security breach had occurred in 2008, involving malicious software that compromised data within Heartland's network.

Verizon and VMware to Launch Enterprise-Class Hybrid Cloud Solution Verizon Business and VMware have announced a new enterprise-class hybrid cloud solution which the two claim will enable enterprises with vCloud-based infrastructure to move their applications to the cloud using existing IT configurations and applications, with no compromise in security or performance.

Fortinet released its August 2010 Threat Landscape report showing some interesting changes and shifts from previous months, with an interesting trend in “Do-It-Yourself” Botnet Kits gaining momentum and becoming a serious threat.

QualysGuard PCI 5.0 - New Dashboard and Interactive Workflows to Support New Approved Scanning Vendor Requirements Qualys upgraded its PCI compliance suite today with the release of QualysGuard PCI 5.0. The upgraded solution provides customers a simplified way to meet the latest Payment Card Industry Data Security Standard (PCI DSS) compliance requirements.

Snoop Dogg and Norton Announce 'Hack is Wack' Video Contest To Raise Cybercrime Awareness Think you can bust out some silly fresh rhymes on the subjects of hacking, identity theft and computer viruses?

Wyse Technology today announced an expanded strategy involving thin and zero client computing, desktop virtualization, unified communications, and mobile access to virtual environments. Wyse will work with key partners including Citrix, IBM, Microsoft, VMware and others, along with its resellers, to deploy what the company characterizes as “a broader set of options for government, business and education.”

HP Launches CloudStart to Fast Track Customers to Private Clouds HP wants to take customers on a flight to the private cloud – and get them there quickly. HP says that with its HP CloudStart solution, it can deploy an open and flexible private cloud environment within 30 days.

.LNK Exploits - Shortcuts to InsecurityThe vulnerability in Windows Shell’s parsing of .LNK (shortcut) files presents some interesting and novel features in terms of its media lifecycle as well as its evolution from zero-day to patched vulnerability. For most of us, the vulnerability first came to light in the context of Win32/Stuxnet, malware that in itself presents some notable quirks.

Fake TweetDeck Updates Being Spread via Hacked Twitter AccountsCybercriminals are using hacked/compromised Twitter accounts to spread malicious links pointing to a fake update to TweetDeck, a popular client used to access Twitter.Some of the messages (tweets) that users may see include ones such as:• Hurry up for tweetdeck update!• Update TweetDeck! Bank Holiday• Critical tweetdeck update Bank Holiday• Sorry for offtopic, but it is a critical TweetDeck update. It won't work tomorrow!

Enterprise Data Loss Continues at Alarming RateA plethora of social media tools, increasing adoption of mobile devices being used for business, and the economic downturn are posing serious challenges for organizations looking to keep confidential company and customer data within company walls.Email leads the way as the number one method confidential company information is leaked in large enterprises, while social media tools and mobile devices are becoming a major threat, according to a recent study.

NETGEAR today announced the introduction of a new Unified Threat Management appliance that integrates with Microsoft Active Directory to provide single sign-on. While focused on businesses with fewer than 100 employees, the new appliance, dubbed the ProSecure® UTM50, has been optimized for larger businesses and built with scalability in mind.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

RunSafe Security has raised $12 million in a Series B funding round for a solution designed to help companies develop secure software.

Cloud Security