The Treasury Department announced sanctions Friday in connection with a massive Chinese hack of American telecommunications companies and a breach of its own computer network. The sanctions target a Chinese hacker who officials say is affiliated with Beijing’s Ministry of State Security and who was involved in a cyber-intrusion disclosed last month that gave hackers access to an untold number … [Read more...]
TikTok Says It Will ‘Go Dark’ Unless It Gets Clarity From Biden Following Supreme Court Ruling
TikTok said it will have to “go dark” this weekend unless the outgoing Biden administration assures the company it won’t enforce a shutdown of the popular app after the Supreme Court on Friday unanimously upheld the federal law banning the app unless it’s sold by its China-based parent company. The Supreme Court in its ruling held that the risk to national security posed by TikTok’s ties to … [Read more...]
US Government Agencies Call for Closing the Software Understanding Gap
The cybersecurity agency CISA and other government agencies are calling to action for the US to take the necessary steps to improve cybersecurity by closing the software understanding gap. This gap is the result of manufacturers building software that mission owners and operators lack the adequate capacity to verify, meaning that they cannot fully understand the software. “This gap leads to … [Read more...]
In Other News: Lawsuits and Settlements, CrowdStrike Phish, MITRE’s D3FEND 1.0
SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we curate and present a collection of noteworthy developments, ranging … [Read more...]
Wolf Haldenstein Data Breach Impacts 3.4 Million People
Law firm Wolf Haldenstein Adler Freeman & Herz LLP is notifying more than 3.4 million individuals that their personal information was compromised in a December 2023 data breach. According to the firm, it discovered the incident after detecting suspicious activity on its network. Its investigation revealed that a threat actor accessed certain files and data stored within the network, … [Read more...]
Google Releases Open Source Library for Software Composition Analysis
Google on Thursday announced the release of OSV-SCALIBR (Software Composition Analysis LIBRary), an open source library for software composition analysis. Released as an open source Go library, the tool is an extensible file system scanner designed to extract information on software inventory and identify vulnerabilities. OSV-SCALIBR can either be used as a standalone binary (a wrapper … [Read more...]
US Announces Sanctions Against North Korean Fake IT Worker Network
The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Thursday announced sanctions against two individuals and four entities involved in generating illicit funds for North Korea as part of the fake IT worker scheme. As part of the elaborate operation, North Korean operatives relied on stolen identities and AI to pose as IT workers and land jobs at companies in Western … [Read more...]
Industry Reactions to Biden’s Cybersecurity Executive Order: Feedback Friday
President Joe Biden this week issued an executive order aimed at strengthening the United States’ cybersecurity and making it easier to go after hackers. The executive order covers areas such as security in third-party software supply chains, software development, identity, the security of internet protocols, encryption, quantum computing, artificial intelligence, infrastructure and network … [Read more...]
Vulnerabilities in SimpleHelp Remote Access Software May Lead to System Compromise
Vulnerabilities in the SimpleHelp remote access software are trivial to exploit and could allow attackers to compromise the server and client machines, cybersecurity firm Horizon3.ai reports. SimpleHelp provides remote support solutions that include file transfer, diagnostics, and task automation capabilities. It uses clients running on customers’ machines and a server that acts as a web … [Read more...]
Cisco Unveils New AI Application Security Solution
Cisco this week unveiled AI Defense, a new solution designed to help enterprises secure the development and use of AI applications. Cisco AI Defense focuses on two main areas: accessing AI applications, and building and running AI applications. The first is related to the use of third-party AI apps, which can boost productivity, but they can also introduce risks, such as potential data … [Read more...]
Russian Cyberspies Caught Spear-Phishing with QR Codes, WhatsApp Groups
Microsoft researchers have uncovered Russian intelligence agencies using spear-phishing tactics to target victims with QR codes and WhatsApp group chats. Redmond’s threat intelligence team documented the discovery Thursday with a warning that the Russian APT — tracked as Star Blizzard — has shifted its longstanding spear-phishing tactics to focus on WhatsApp groups. According to Microsoft, … [Read more...]
Millions of Internet Hosts Vulnerable to Attacks Due to Tunneling Protocol Flaws
New research shows that over 4 million systems on the internet, including VPN servers and home routers, are vulnerable to attacks due to tunneling protocol vulnerabilities. The research was conducted by Mathy Vanhoef, a professor at the KU Leuven university in Belgium, and PhD student Angelos Beitis, in collaboration with VPN testing company Top10VPN. Vanhoef is well known for his Wi-Fi … [Read more...]
Wultra Raises €3 Million for Post-Quantum Authentication
Authentication solutions startup Wultra on Wednesday announced raising €3 million (~$3.1 million) in seed funding for its post-quantum technology. Tensor Ventures, Elevator Ventures, and J&T Ventures participated in the investment round. Founded in 2014, the Praha, Czech Republic-based startup provides banks and fintech companies with post-quantum authentication that provides secure and … [Read more...]
380,000 Impacted by Data Breach at Cannabis Retailer Stiiizy
California-based cannabis brand Stiiizy is notifying 380,000 individuals that their personal information was compromised in a data breach at one of its vendors. According to Stiiizy, it discovered the incident in late November, after the vendor notified it of a cyber intrusion, but the attackers had access to compromised systems for roughly a month. “On November 20, 2024, we were notified by … [Read more...]
North Korean Hackers Targeting Freelance Software Developers
North Korean hackers are targeting the software supply chain in a new campaign aimed at developers looking for freelance Web3 and cryptocurrency work, cybersecurity firm SecurityScorecard reports. Dubbed Operation 99 and attributed to the infamous Lazarus Group, the campaign represents an upgrade to previously observed Operation Dream Job attacks, luring developers to clone a malicious GitLab … [Read more...]
Cyber Insights 2025: Identities
SecurityWeek’s Cyber Insights 2025 examines expert opinions on the expected evolution of more than a dozen areas of cybersecurity interest over the next 12 months. We spoke to hundreds of individual experts to gain their expert opinions. Here we discuss what to expect with Identities. Identities, both human and machine, occupy a unique position: they are simultaneously the foundation of … [Read more...]
Biden Executive Order Aims to Shore Up US Cyber Defenses
President Joe Biden issued an executive order on Thursday aimed at strengthening the nation’s cybersecurity and making it easier to go after foreign adversaries or hacking groups that try to compromise US internet and telecommunication systems. Provisions in the order call for the development of minimum cybersecurity standards for government technology contractors and require that contractors … [Read more...]
Data From 15,000 Fortinet Firewalls Leaked by Hackers
A hacker group has leaked data associated with roughly 15,000 Fortinet firewalls and an analysis has shown that it was likely obtained back in 2022 through the exploitation of a vulnerability. The hackers who leaked the data are calling themselves Belsen Group and they claim this is their “first official operation”. They announced on January 14 that the data is available for free, saying that … [Read more...]
2024 US Healthcare Data Breaches: 585 Incidents, 180 Million Compromised User Records
In 2024, organizations informed the US government about more than 580 healthcare data breaches affecting a total of nearly 180 million user records. SecurityWeek has conducted an analysis of the healthcare breach database maintained by the US Department of Health and Human Services Office for Civil Rights (HHS OCR), which stores information on incidents impacting the protected health … [Read more...]
Head of US Cybersecurity Agency Says She Hopes It Keeps up Election Work Under Trump
Jen Easterly, the outgoing head of the U.S. government’s Cybersecurity and Infrastructure Security Agency, said Wednesday she hopes her agency is allowed to continue its election-related work under new leadership despite “contentiousness” around that part of its mission. “I really, really hope that we can continue to support those state and local election officials,” she said during an event in … [Read more...]
- 1
- 2
- 3
- …
- 33
- Next Page »