Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Very small explosive devices may have been built into the pagers prior to their delivery to Hezbollah, and then all remotely triggered simultaneously.

VMware warned that an attacker with network access could send a specially crafted packet to execute remote code. CVSS severity score 9.8/10.

Intezer is looking to tap into booming market for AI-powered tooling to address the severe shortage of skilled cybersecurity professionals. 

C/side has raised $6 million in a seed-stage funding round to help organizations protect against malicious browser third-party scripts.

A Hezbollah official speculated that malware may have caused the pagers to heat up and explode, wounding 2,750 people — 200 of them critically.

RunSafe Security has raised $12 million in a Series B funding round for a solution designed to help companies develop secure software.

When it comes to adversarial use of AI, the real question is whether the AI threat is a deep fake, or whether the deepfake is the AI threat.

D-Link has released patches for critical vulnerabilities that could allow attackers to execute arbitrary code and commands on routers.

Hydden has raised $4.4 million in seed funding for a solution designed to provide deep visibility into identities, accounts and privileges.

Tenable shares details on a dependency confusion attack that led to the execution of code on Google’s internal servers.

BlackCloak has raised $17 million in Series B funding to protect high-profile individuals from sophisticated cyberattacks.

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

Exabeam has appointed Kish Dill as Chief Customer Success Officer.

Cloud networking firm Aviatrix has named John Qian as CISO.

More People On The Move
How did Pagers explode in Lebanon? How did Pagers explode in Lebanon?

Very small explosive devices may have been built into the pagers prior to their delivery to Hezbollah, and then all remotely triggered simultaneously.

Deepfake AI Threat Deepfake AI Threat

When it comes to adversarial use of AI, the real question is whether the AI threat is a deep fake, or whether the deepfake is the AI threat.

WhatsUp Gold vulnerability exploited WhatsUp Gold vulnerability exploited

Two recently patched Progress Software WhatsUp Gold vulnerabilities may have been exploited in the wild, possibly in ransomware attacks.

Top Cybersecurity Headlines

Apple said there’s “too significant a risk” of exposing the anti-exploit work needed to fend off the very adversaries involved in the case.

Microsoft is revamping how anti-malware tools interact with the Windows kernel to avoid another CrowdStrike faulty update catastrophe. 

The designation of UK data centers as Critical National Infrastructure strengthens cyber defenses, but a proposed £3.75B data center on protected Green Belt land sparks debate.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from cybersecurity experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 25-26, Ritz-Carlton, Half Moon Bay, CA]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

The Attack Surface Management Summit will dig into the transformative trends driving data security and provide insights and strategies to take full advantage of attack surface management technologies. (September 18, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

Securing the Extended EnterpriseAs corporations expand their reliance on the Internet and technology to conduct business, most work diligently to reduce their exposure to attack. Their efforts are focused primarily on protecting their enterprise assets, but could they be missing a very important aspect of their attack surface…. the extended enterprise?

Signature Based Anti-Virus Test Results - Vendors Struggle to Keep up with ThreatsThe most popular signature-based antivirus (AV) solutions detect on average less than 19% of malware threats, according to a new report released today by IT security vendor Cyveillance. However, that detection rate increases to 61.7% after 30 days, although even this rate could hardly be seen as comforting.

Security solutions provider Rapid7 has launched the latest version of its vulnerability management solution, NeXpose, which will help local governments and private enterprises adhere to Federal Information Processing Standard (FIPS) 140-2 Certification requirements.

Jailbroken iPhones - a Risk in the EnterpriseLast week’s ruling by the Library of Congress's Copyright Office giving a legal green light to iPhone and iPad users who want to download non-Apple-approved apps may make corporate security managers nervous if these Apple products are part of their mobile device portfolio – but a smartphone security company has come up with a counter-measure that will at least bring the risk level down to what it was before the ruling.

Solace Systems and Layer 7 Technologies Team Up on Scalable Messaging for SOA and Cloud EnvironmentsSolace Systems and Layer 7 Technologies have announced a joint venture in which the companies will integrate their technologies to offer scalable and secure SOA and cloud based solutions to their customers.

Information security technology vendor Perimeter E-Security has decided to expand its R&D initiatives by opening a new innovation center in Boston, MA. The company plans to expand the new research group for the next two years. Perimeter E-Security offers information security and compliance products to enterprise users including secure messaging services, firewall services and anti-virus and spam detection services.

Mumba Botnet Infects over 55,000 Computers around the worldAVG Technologies issued a report this week that identified a global network of 55,000 malware-infected computers infected by the Mumba botnet.AVG researchers discovered that the Mumba botnet, named after attributes indentified on the server, has stolen more than 60GB of data from users including credentials from social networking Web sites, banking account details, credit card numbers and emails.

MobileIron, a provider of multi-OS smartphone management solutions, today announced a $16 million Series C financing round. Just under a year ago the company raised $11 million in a Series B funding round.The new capital will be used to support business expansion and investment in innovation.Foundation Capital joined existing investors Norwest Venture Partners, Sequoia Capital, and Storm Ventures. The investment was led by Paul Holland, general partner with Foundation Capital.

Biometric Authentication for iPhone AppsPerSay, a provider of Voice Biometric solutions, today announced the availability of its VocalPassword functionality for iPhone, iPad, and iPod Touch applications. The new capability can replace existing login processes and use technology that relies on the biometric power of voice to verify identity.

Mobile Device Management Security a Top ConcernA recent survey conducted by security firm McAfee has revealed that around 76 percent organizations are planning to implement at least one key mobility initiative to improve their operations within the next 6 to 12 months.

"Mariposa botnet" - Butterfly botnet kit Author Arrested“Iserdo,” the confirmed author of the Butterfly botnet kit, was arrested recently in Maribor, Slovenia, by Slovenian authorities working with the FBI. The 23-year-old master hacker known only by his Internet handle is allegedly the mastermind behind the code used to build the Mariposa botnet, which has compromised millions of systems worldwide. He is currently free on bail.

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

RunSafe Security has raised $12 million in a Series B funding round for a solution designed to help companies develop secure software.

Cloud Security