Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Latest Cybersecurity News

Cupertino ships iOS 18.2 and macOS Sequoia 15.2 patches to fix data leakage, sandbox escapes and code exection vulnerabilities.

The doughnut and coffeehouse chain confirmed a cyberattack took out parts of its online ordering system in parts of the United States.

Academic researchers devise BadRAM, a new attack that uses $10 equipment to break AMD’s latest trusted execution environment protections.

Google pushes out major Chrome browser updates to fix multiple serious security defects.

This eye-opening session that pulls back the curtain on how bad actors exploit social engineering tactics, like deepfake technology and Business Email Compromise (BEC).

Atlassian and Splunk on Tuesday announced patches for over two dozen vulnerabilities, including high-severity flaws.

Exploitation of a vulnerability affecting Cleo file transfer tools has been linked to the new Termite ransomware group.

Google’s Willow quantum chip marks a transformative moment in quantum computing development.

Center for Vein Restoration discloses data breach impacting the personal, medical, and financial information of 446,000 individuals.

December 2024 ICS Patch Tuesday brings advisories from CISA, as well as several major industrial automation companies. 

Ivanti has released patches for critical vulnerabilities in Cloud Services Application, Connect Secure, and Policy Secure.

People on the Move

Mike Byron has been named Chief Financial Officer (CFO) at Exabeam.

Ex-GitHub chief technology officer Mike Hanley has joined GM as CISO.

Network security and compliance assurance firm Titania has appointed Victoria Dimmick as CEO.

Secure browser firm Conceal has appointed Eric Cornelius as Chief Executive Officer.

Shanta Kohli has been named CMO at Sysdig.

More People On The Move
WIllow Quantum Chip WIllow Quantum Chip

Google’s Willow quantum chip marks a transformative moment in quantum computing development.

Guan Tianfeng Sophos firewall hack Guan Tianfeng Sophos firewall hack

The US government announced charges, sanctions and a reward for Guan Tianfeng, a Chinese national accused of involvement in Sophos firewall hacks.

Windows zero-day Windows zero-day

Patch Tuesday: Redmond patches 71 security flaws and calls immediate attention to an exploited Windows zero-day reported by CrowdStrike.

Top Cybersecurity Headlines

CVE-2024-50623, an improperly patched vulnerability affecting Cleo file transfer tools, has been exploited in the wild.

Radiant Capital says a North Korean threat actor stole $50 million in assets in a sophisticated October attack.

Deloitte has issued a response after the Brain Cipher ransomware group claimed to have stolen over 1 Tb of information belonging to the company.

SecurityWeek Industry Experts

More Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack Demonstration to learn how hackers operate and gain knowledge to strengthen your defenses against deepfake and BEC fraud.

Register

Learn how to develop a holistic solution that provides you and your team the power to mitigate cyber threats effectively within your OT environment.

Register

Upcoming Cybersecurity Events

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders. [June 2025, Stay Tuned]

Learn More

SecurityWeek’s CISO Forum Summer Summit & Golf Classic will take place June 25-26 at the Ritz-Carlton, Half Moon Bay, CA

Learn More

Huddle with your peers to measure the costs, benefits, and risks of deploying machine learning and predictive AI tools in the enterprise, the threat from adversarial AI and deepfakes, and preparation for the inevitable compliance and regulations. (December 4, 2024)

Learn More

SecurityWeek’s Identity & Zero Trust Strategies Summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies. (Oct. 9, 2024)

Learn More

Vulnerabilities

Cybercrime

Mumba Botnet Infects over 55,000 Computers around the worldAVG Technologies issued a report this week that identified a global network of 55,000 malware-infected computers infected by the Mumba botnet.AVG researchers discovered that the Mumba botnet, named after attributes indentified on the server, has stolen more than 60GB of data from users including credentials from social networking Web sites, banking account details, credit card numbers and emails.

MobileIron, a provider of multi-OS smartphone management solutions, today announced a $16 million Series C financing round. Just under a year ago the company raised $11 million in a Series B funding round.The new capital will be used to support business expansion and investment in innovation.Foundation Capital joined existing investors Norwest Venture Partners, Sequoia Capital, and Storm Ventures. The investment was led by Paul Holland, general partner with Foundation Capital.

Biometric Authentication for iPhone AppsPerSay, a provider of Voice Biometric solutions, today announced the availability of its VocalPassword functionality for iPhone, iPad, and iPod Touch applications. The new capability can replace existing login processes and use technology that relies on the biometric power of voice to verify identity.

Mobile Device Management Security a Top ConcernA recent survey conducted by security firm McAfee has revealed that around 76 percent organizations are planning to implement at least one key mobility initiative to improve their operations within the next 6 to 12 months.

"Mariposa botnet" - Butterfly botnet kit Author Arrested“Iserdo,” the confirmed author of the Butterfly botnet kit, was arrested recently in Maribor, Slovenia, by Slovenian authorities working with the FBI. The 23-year-old master hacker known only by his Internet handle is allegedly the mastermind behind the code used to build the Mariposa botnet, which has compromised millions of systems worldwide. He is currently free on bail.

Microsoft this week announced an agreement to collaborate with Adobe systems and facilitate advanced information sharing on vulnerabilities via its Microsoft Active Protections Program (MAPP), which Adobe will join. MAPP is a collaborative effort involving 65 global members that facilitates the sharing of product vulnerabilities with security software providers. Adobe will join the program in the fall of this year.

The presentation "Jackpotting Automated Teller Machines" was originally on the schedule at Black Hat USA 2009 but the talk was pulled at the last minute. This year it was on! Videos of Barnaby Jack demonstrating both local and remote attacks and a multi-platform ATM rootkit.Barnaby Jack Hacks ATMs Remotely At Black Hat

The presentation "Jackpotting Automated Teller Machines" was originally on the schedule at Black Hat USA 2009 but the talk was pulled at the last minute. This year it was on! and... it just happened today. We are in the process of uploading VIDEOS of the ATM hacking demonstration but the pipes are a little slow from Vegas today. In the meantime, here are a few photos. Check back later tonight and we'll have the actual videos of Barnaby Jack demonstrating...

CA Technologies (NASDAQ:CA) today announced that its identity and access management (IAM) technology now supports the Google Apps™ suite, which includes the familiar and widely-used Gmail and Google Docs applications. This means that companies can now use the same identity/access management system for both internal and external (Google) applications.

A shocking 87 percent of the victims in a study of data breaches jointly conducted by Verizon and the U.S. Secret Service had evidence of the breach in their log files, yet missed it. According to the 2010 Verizon Data Breach Investigations Report, 60 percent of breaches were discovered by external parties, and then only after a considerable amount of time.Most breaches were considered avoidable if security basics had been followed Only 4 percent of breaches assessed required difficult and...

Event image poster

The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Learn More

Application Security

Application Security

Google has announced the open source availability of Vanir, a patch validation tool for Android platform developers.

Cloud Security

Cloud Security

Veeam releases patches for two vulnerabilities in Service Provider Console, including a critical-severity remote code execution bug.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.