Security Experts:

WRITE FOR US

IT Security News Headlines

rss icon

Potential RCE Flaw Patched in PyPI’s GitHub Repository
OT Security Firm Nozomi Networks Raises $100 Million
Chipotle's Email Marketing Account Hacked to Spread Malware
Cybersecurity M&A Roundup: 38 Deals Announced in July 2021
Cisco, Sonatype and Others Join Open Source Security Foundation
long dotted

More Security Headlines

Amazon Fined 746 Mn Euros in Luxembourg Over Data Privacy
Amazon was fined 746 million euros ($880 million) by Luxembourg authorities over allegations it flouted the EU's data protection rules. [Read More]
NSA Shares Guidance for Government Employees on Securing Wireless Devices in Public
The agency published a new infosheet detailing steps required to mitigate the security risks associated with Wi-Fi, Bluetooth, and NFC connections in public. [Read More]
Flaws in Pneumatic Tube System Can Facilitate Cyberattacks on North American Hospitals
Several critical vulnerabilities found in a Swisslog Healthcare pneumatic tube system used in a majority of North American hospitals can be highly useful for ransomware attacks. [Read More]
Zoom to Settle US Privacy Lawsuit for $85 Mn
Zoom has agreed to settle a class-action US privacy lawsuit for $85 million. [Read More]
Justice Department Says Russians Hacked Federal Prosecutors
The Russian hackers behind the massive SolarWinds cyberespionage campaign broke into the email accounts some of the most prominent federal prosecutors’ offices around the country last year, the Department of Justice said. [Read More]
Android Banking Trojan 'Vultur' Abusing Accessibility Services
The malware uses screen recording and keylogging to harvest users’ login credentials for banking applications and crypto-wallets. [Read More]
Russia's APT29 Still Actively Delivering Malware Used in COVID-19 Vaccine Spying
Russia’s APT29 is still actively delivering the WellMess malware, which it used in attacks aimed at COVID-19 vaccine makers, despite the fact that the malware was exposed by Western governments. [Read More]
New Chinese Threat Group 'GhostEmperor' Targets Governments, Telecom Firms
Focused on high-profile victims, the Chinese-speaking adversary uses a formerly unknown Windows kernel-mode rootkit and does not appear to be linked to known threat actors. [Read More]
Window of Exposure is Expanding and Hackers Know Exactly Where to Strike
Developers need to improve their security by design, but have little incentive to do so while faced with the business pressure to increase the speed of development. [Read More]
Remote Code Execution Flaws Patched in WordPress Download Manager Plugin
A high-severity security hole could allow an attacker to upload a file titled info.php.png that would be executable on certain configurations. [Read More]

SecurityWeek Experts

rss icon

Yaniv Vardi's picture
Protect: The Second Pillar in Your Journey to Improve Industrial Cybersecurity Posture
Yaniv Vardi - ICS/OT
Wherever you are on your industrial cybersecurity journey, the important thing is to start strengthening cyber defenses and resilience now.
Read full story
Keith Ibarguen's picture
Leveraging People in the Email Security Battle
Keith Ibarguen - Email Security
Leveraging humans for detection makes it hard for the attackers to predict whether or not their malicious emails will be identified and using technology to automate response provides scale and speed in resolution.
Read full story
Tim Bandos's picture
Creating an Effective Threat Hunting Program with Limited Resources
Tim Bandos - Incident Response
The more you identify within your threat hunting program, the more opportunity you may have at expanding with additional budget. Never let an incident go to waste.
Read full story
Gordon Lawson's picture
Leading Threat to Industrial Security is Not What You Think
Gordon Lawson - ICS/OT
ICS operators need additional methods of obscuring their critical infrastructure from cyber security threats and tactics while allowing teams to more anonymously conduct incident detection and response.
Read full story
John Maddison's picture
Is Your SecOps Solution Keeping Up?
John Maddison - Network Security
Trying to keep track of the who, what, when, where, and how of today’s network has broken the backs of many SecOps teams.
Read full story
Torsten George's picture
Zero Trust, We Must
Torsten George - Network Security
Until organizations start implementing identity-centric security measures, account compromise attacks will continue to provide an easy entree for data breaches.
Read full story
Idan Aharoni's picture
Success of Ransomware Attacks Shows the State of Cybersecurity
Idan Aharoni - Malware
The fact that so many large and high-profile enterprises fall prey to ransomware attacks that in many cases does not pose any new technical challenge suggests that there are still many gaps that needs to be closed.
Read full story
Rob Fry's picture
Collective Intelligence: Realities and Hardships of Crowdsourced Threat Intel
Rob Fry - Incident Response
We are a community with grand ideas around the concept of crowdsourced threat intel (CTI), but with little history or previous successes that show CTI as a viable idea.
Read full story
Marc Solomon's picture
Three Approaches to an XDR Architecture
Marc Solomon - Endpoint Security
If you view XDR as a destination and not a solution, regardless of the path you take, you will need to understand the focus and core competencies of each vendor,
Read full story
Landon Winkelvoss's picture
Digital Executive Protection: Protecting Highly Visible Individuals from Personal Cyberattacks
Landon Winkelvoss - Risk Management
Executive protection teams face threats from many sources including social media, telephone, email, and event in-person physical threats.
Read full story