www.securityweek.com Open in urlscan Pro
104.24.161.3  Public Scan

Form analysis
3 forms found in the DOM

GET https://www.securityweek.com/

<form method="get" id="zox-search-form" action="https://www.securityweek.com/" data-hs-cf-bound="true">
  <input type="text" name="s" id="zox-search-input" value="Search" onfocus="if (!window.__cfRLUnblockHandlers) return false; if (this.value == &quot;Search&quot;) { this.value = &quot;&quot;; }"
    onblur="if (!window.__cfRLUnblockHandlers) return false; if (this.value == &quot;Search&quot;) { this.value = &quot;&quot;; }">
  <input type="submit" id="zox-search-submit" value="Search">
</form>

Name: ccoptin — POST https://visitor.constantcontact.com/d.jsp

<form class="sw-newsletter-cc" style="" method="post" target="_blank" action="https://visitor.constantcontact.com/d.jsp" name="ccoptin" data-hs-cf-bound="true">
  <input type="hidden" value="1102592012458" name="m">
  <input type="hidden" value="oi" name="p">
  <div class="form-item">
    <input type="text" class="form-text required" value="" placeholder="Business Email Address..." size="60" name="ea" maxlength="128">
    <input type="submit" class="submit" value="Subscribe" name="go">
  </div>
</form>

Name: ccoptin — POST https://visitor.constantcontact.com/d.jsp

<form class="sw-newsletter-cc" style="" method="post" target="_blank" action="https://visitor.constantcontact.com/d.jsp" name="ccoptin" data-hs-cf-bound="true">
  <input type="hidden" value="1102592012458" name="m">
  <input type="hidden" value="oi" name="p">
  <div class="form-item">
    <input type="text" class="form-text required" value="" placeholder="Business Email Address..." size="60" name="ea" maxlength="128">
    <input type="submit" class="submit" value="Subscribe" name="go">
  </div>
</form>

Text Content

This website stores cookies on your computer. These cookies are used to improve
your website experience and provide more personalized services to you, both on
this website and through other media. To find out more about the cookies we use,
see our Privacy Policy.

We won't track your information when you visit our site. But in order to comply
with your preferences, we'll have to use just one tiny cookie so that you're not
asked to make this choice again.

Accept Decline


SECURITYWEEK NETWORK:

 * Cybersecurity News
 * Webcasts
 * Virtual Events


ICS:

 * ICS Cybersecurity Conference

 * Malware & Threats
   * Cyberwarfare
   * Cybercrime
   * Data Breaches
   * Fraud & Identity Theft
   * Nation-State
   * Ransomware
   * Vulnerabilities
 * Security Operations
   * Threat Intelligence
   * Incident Response
   * Tracking & Law Enforcement
 * Security Architecture
   * Application Security
   * Cloud Security
   * Endpoint Security
   * Identity & Access
   * IoT Security
   * Mobile & Wireless
   * Network Security
 * Risk Management
   * Cyber Insurance
   * Data Protection
   * Privacy & Compliance
   * Supply Chain Security
 * CISO Strategy
   * Cyber Insurance
   * CISO Conversations
   * CISO Forum
 * ICS/OT
   * Industrial Cybersecurity
   * ICS Cybersecurity Conference
 * Funding/M&A
   * Cybersecurity Funding
   * M&A Tracker

 * Cybersecurity News
 * Webcasts
 * Virtual Events

 * ICS Cybersecurity Conference

Connect with us
 * 
 * 
 * 

Hi, what are you looking for?





SECURITYWEEK

 * Malware & Threats
   * Cyberwarfare
   * Cybercrime
   * Data Breaches
   * Fraud & Identity Theft
   * Nation-State
   * Ransomware
   * Vulnerabilities
 * Security Operations
   * Threat Intelligence
   * Incident Response
   * Tracking & Law Enforcement
 * Security Architecture
   * Application Security
   * Cloud Security
   * Endpoint Security
   * Identity & Access
   * IoT Security
   * Mobile & Wireless
   * Network Security
 * Risk Management
   * Cyber Insurance
   * Data Protection
   * Privacy & Compliance
   * Supply Chain Security
 * CISO Strategy
   * Cyber Insurance
   * CISO Conversations
   * CISO Forum
 * ICS/OT
   * Industrial Cybersecurity
   * ICS Cybersecurity Conference
 * Funding/M&A
   * Cybersecurity Funding
   * M&A Tracker



LATEST CYBERSECURITY NEWS


RANSOMWARE PAYMENTS SURPASSED $1 BILLION IN 2023: ANALYSIS

The payments made by victims in response to ransomware attacks doubled in 2023
compared to 2022, according to Chainalysis.


IRAN RAMPS UP CYBERATTACKS ON ISRAEL AMID HAMAS CONFLICT: MICROSOFT

Iran’s offensive cyber operations against Israel went from chaotic in October
2023 to targeting new geographies a month later.


LIMACHARLIE LANDS $10.2 MILLION SERIES A FUNDING

California startup lands new financing to build and supply tools to run an MSSP
or SOC on a pay-as-you-use model.


FORTINET: APTS EXPLOITING FORTIOS VULNERABILITIES IN CRITICAL INFRASTRUCTURE
ATTACKS

Fortinet warns that Chinese and other APTs are exploiting CVE-2022-42475 and
CVE-2023-27997 in attacks.


FEDERAL CYBERSECURITY AGENCY LAUNCHES PROGRAM TO BOOST SUPPORT FOR STATE, LOCAL
ELECTION OFFICES

CISA launched a program aimed at boosting election security, shoring up support
for local offices and hoping to provide reassurance to voters that elections
will be safe and accurate.


CISCO PATCHES CRITICAL VULNERABILITIES IN ENTERPRISE COMMUNICATION DEVICES

Two critical vulnerabilities in Cisco Expressway series devices can be exploited
in CSRF attacks without authentication.


GOOGLE ANNOUNCES ENHANCED FRAUD PROTECTION FOR ANDROID

Google Play Protect will block the installation of sideloaded applications
requesting permissions frequently abused by fraudsters.


HOW TO PREDICT YOUR PATCHING PRIORITIES

Implementing a smart and timely approach to patching remains one of the primary
ways for organizations to protect their networks from attackers.


WERE 3 MILLION TOOTHBRUSHES REALLY USED FOR A DDOS ATTACK?

Three million electric toothbrushes were reportedly used for disruptive DDoS
attacks, but cybersecurity experts questioned the claims.


BIDEN ADMINISTRATION NAMES A DIRECTOR OF THE NEW AI SAFETY INSTITUTE

The Biden administration named Elizabeth Kelly as the director of the newly
established safety institute for artificial intelligence.


US SAYS CHINA’S VOLT TYPHOON HACKERS ‘PRE-POSITIONING’ FOR CYBERATTACKS AGAINST
CRITICAL INFRASTRUCTURE

New CISA alert includes technical mitigations to harden attack surfaces and
instructions to hunt for the Chinese government-backed hackers.


MOST LINUX SYSTEMS EXPOSED TO COMPLETE COMPROMISE VIA SHIM VULNERABILITY 

A critical remote code execution vulnerability in Shim could allow attackers to
take over vulnerable Linux systems.


DEVICE AUTHORITY RAISES $7M FOR ENTERPRISE IOT IDENTITY AND ACCESS MANAGEMENT
PLATFORM 

Device Authority raises $7 million in a Series A funding round for its
enterprise identity and access management for IoT solution.


VERIZON SAYS DATA BREACH IMPACTED 63,000 EMPLOYEES

Verizon is notifying 63,206 employees that their personal information was
exposed in an internal data breach.


JETBRAINS PATCHES CRITICAL AUTHENTICATION BYPASS IN TEAMCITY

JetBrains releases patches for a critical-severity TeamCity authentication
bypass leading to remote code execution.


RANSOMWARE PAYMENTS SURPASSED $1 BILLION IN 2023: ANALYSIS

The payments made by victims in response to ransomware attacks doubled in 2023
compared to 2022, according to Chainalysis.


WERE 3 MILLION TOOTHBRUSHES REALLY USED FOR A DDOS ATTACK?

Three million electric toothbrushes were reportedly used for disruptive DDoS
attacks, but cybersecurity experts questioned the claims.


US SAYS CHINA’S VOLT TYPHOON HACKERS ‘PRE-POSITIONING’ FOR CYBERATTACKS AGAINST
CRITICAL INFRASTRUCTURE

New CISA alert includes technical mitigations to harden attack surfaces and
instructions to hunt for the Chinese government-backed hackers.

TOP CYBERSECURITY HEADLINES


RANSOMWARE PAYMENTS SURPASSED $1 BILLION IN 2023: ANALYSIS

The payments made by victims in response to ransomware attacks doubled in 2023
compared to 2022, according to Chainalysis.


IRAN RAMPS UP CYBERATTACKS ON ISRAEL AMID HAMAS CONFLICT: MICROSOFT

Iran’s offensive cyber operations against Israel went from chaotic in October
2023 to targeting new geographies a month later.


LIMACHARLIE LANDS $10.2 MILLION SERIES A FUNDING

California startup lands new financing to build and supply tools to run an MSSP
or SOC on a pay-as-you-use model.


FORTINET: APTS EXPLOITING FORTIOS VULNERABILITIES IN CRITICAL INFRASTRUCTURE
ATTACKS

Fortinet warns that Chinese and other APTs are exploiting CVE-2022-42475 and
CVE-2023-27997 in attacks.

SECURITYWEEK INDUSTRY EXPERTS


HOW TO PREDICT YOUR PATCHING PRIORITIES

Implementing a smart and timely approach to patching remains one of the primary
ways for organizations to protect their networks from attackers.

Derek Manky Read more


WHY ARE CYBERSECURITY AUTOMATION PROJECTS FAILING?

The cybersecurity industry has taken limited action to reduce cybersecurity
process friction, reduce mundane tasks and improve overall user experience.

Marc Solomon Read more


HOW TO ALIGN YOUR INCIDENT RESPONSE PRACTICES WITH THE NEW SEC DISCLOSURE RULES

By turning incident response simulation into a continuous process and employing
innovative tools, you can address the stringent requirements of the new SEC
incident disclosure rules.

Torsten George Read more


IN THE CONTEXT OF CLOUD, SECURITY AND MOBILITY, IT’S TIME ORGANIZATIONS DITCH
LEGACY MPLS

If organizations understand the benefits SASE offers over MPLS and traditional
SD-WAN, they will realize that SASE is poised to replace aging MPLS in due time.

Etay Maor Read more


OUTSMARTING RANSOMWARE’S NEW PLAYBOOK

Encryption is a technological necessity and also a legal safeguard, with
importance in both defending against and mitigating the consequences of
cyberattacks.

Rik Ferguson Read more
More Expert Insights


TRENDING


MOST LINUX SYSTEMS EXPOSED TO COMPLETE COMPROMISE VIA SHIM VULNERABILITY 


ANYDESK HACKED: REVOKES PASSWORDS, CERTIFICATES IN RESPONSE


CLOUDFLARE HACKED BY SUSPECTED STATE-SPONSORED THREAT ACTOR 


MILLIONS OF USER RECORDS STOLEN FROM 65 WEBSITES VIA SQL INJECTION ATTACKS


CRITICAL REMOTE CODE EXECUTION VULNERABILITY PATCHED IN ANDROID


GOOGLE LINKS OVER 60 ZERO-DAYS TO COMMERCIAL SPYWARE VENDORS


MERCEDES SOURCE CODE EXPOSED BY LEAKED GITHUB TOKEN


CYBERSECURITY M&A ROUNDUP: 34 DEALS ANNOUNCED IN JANUARY 2024




DAILY BRIEFING NEWSLETTER

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest
threats, trends, and technology, along with insightful columns from industry
experts.


 * Facebook
 * Twitter
 * LinkedIn
 * RSS Feed


WEBINAR: THE ACTIVE THREAT LANDSCAPE IN THE CLOUD

February 22, 2024

Join the live webinar to learn about active threats targeting common cloud
deployments and what security teams can do to mitigate them.

Register


VIRTUAL EVENT: SUPPLY CHAIN SECURITY SUMMIT

March 20, 2024

Join us for an in depth exploration of the critical nature of software and
vendor supply chain security issues with a focus on understanding how attacks
against identity infrastructure come with major cascading effects.

Register


 * CYBERSECURITY M&A ROUNDUP: 34 DEALS ANNOUNCED IN JANUARY 2024


 * ZEROFOX TO BE TAKEN PRIVATE IN $350 MILLION DEAL


 * SECURITYWEEK ANALYSIS: CYBERSECURITY M&A DROPPING, OVER 400 DEALS ANNOUNCED
   IN 2023


 * CYBERSECURITY M&A ROUNDUP: 25 DEALS ANNOUNCED IN DECEMBER 2023


 * CYBERSECURITY M&A ROUNDUP: 34 DEALS ANNOUNCED IN NOVEMBER 2023


 * SECURITYWEEK CYBER INSIGHTS 2023 SERIES


 * CYBER INSIGHTS 2023 | THE COMING OF WEB3


 * CYBER INSIGHTS 2023 | ZERO TRUST AND IDENTITY AND ACCESS MANAGEMENT


 * CYBER INSIGHTS 2023: VENTURE CAPITAL


 * CYBER INSIGHTS 2023 | QUANTUM COMPUTING AND THE COMING CRYPTOPOCALYPSE


 * CYBER INSIGHTS 2023 | RANSOMWARE


 * HACKER CONVERSATIONS: ROB DYKE ON LEGAL BULLYING OF GOOD FAITH RESEARCHERS


 * HACKER CONVERSATIONS: HD MOORE AND THE LINE BETWEEN BLACK AND WHITE


 * HACKER CONVERSATIONS: RUNA SANDVIK


 * HACKER CONVERSATIONS: CHRIS WYSOPAL, AKA WELD POND


 * HACKER CONVERSATIONS: NATALIE SILVANOVICH FROM GOOGLE’S PROJECT ZERO


 * CISO CONVERSATIONS: THE LEGAL SECTOR WITH ALYSSA MILLER AT EPIQ AND MARK
   WALMSLEY AT FRESHFIELDS


 * CISO CONVERSATIONS: JASON REBHOLZ AND JASON OZIN FROM THE INSURANCE SECTOR


 * CISO CONVERSATIONS: THREE LEADING CISOS IN THE MODERN HEALTHCARE SECTOR 


 * CISO CONVERSATIONS: CISOS IN CLOUD-BASED SERVICES DISCUSS THE PROCESS OF
   LEADERSHIP


 * CISO CONVERSATIONS: FIELD CISOS FROM VMWARE CARBON BLACK AND NETSPI

UPCOMING VIRTUAL EVENTS

CISOs and risk management leaders must understand clearly the role of cyber
insurance in a robust security program, ongoing changes to premiums and policy
pricing, the errors that could deny coverage and how it all fits into global
incident response planning.



Learn More

SecurityWeek’s inaugural Cyber AI & Automation Summit pushes the boundaries of
security discussions by exploring the implications and applications of
predictive AI, machine learning, and automation in modern cybersecurity
programs.



Learn More

Designed for senior level cybersecurity leaders to discuss, share and learn
innovative information security and risk management strategies, SecurityWeek’s
CISO Forum, will take place in 2023 as a virtual event. (June 13-14, 2023)



Learn More

As CISOs and corporate defenders grapple with the intricacies of securing
sensitive data passing through multi-cloud deployments and APIs, the importance
of frameworks, tools, controls and design models have surfaced to the front
burner. (July 19, 2023)



Learn More

VULNERABILITIES


 * CISCO PATCHES CRITICAL VULNERABILITIES IN ENTERPRISE COMMUNICATION DEVICES
   
   Two critical vulnerabilities in Cisco Expressway series devices can be
   exploited in CSRF attacks without authentication.
   
   February 8, 2024


 * HOW TO PREDICT YOUR PATCHING PRIORITIES
   
   Implementing a smart and timely approach to patching remains one of the
   primary ways for organizations to protect their networks from attackers.
   
   February 8, 2024


 * MOST LINUX SYSTEMS EXPOSED TO COMPLETE COMPROMISE VIA SHIM VULNERABILITY 
   
   A critical remote code execution vulnerability in Shim could allow attackers
   to take over vulnerable Linux systems.
   
   February 7, 2024


 * JETBRAINS PATCHES CRITICAL AUTHENTICATION BYPASS IN TEAMCITY
   
   JetBrains releases patches for a critical-severity TeamCity authentication
   bypass leading to remote code execution.
   
   February 7, 2024

CYBERCRIME


 * MILLIONS OF USER RECORDS STOLEN FROM 65 WEBSITES VIA SQL INJECTION ATTACKS
   
   The ResumeLooters hackers compromise recruitment and retail websites using
   SQL injection and XSS attacks.
   
   February 6, 2024


 * UK, FRANCE HOST CONFERENCE TO TACKLE ‘HACKERS FOR HIRE’
   
   Britain and France will host 35 nations alongside business and technology
   firm leaders at an inaugural conference in London to tackle “hackers for
   hire”…
   
   February 5, 2024


 * DRAFTKINGS HACKER SENTENCED TO 18 MONTHS IN PRISON
   
   Joseph Garrison has received an 18-month prison sentence for accessing 60,000
   DraftKings user accounts using credential stuffing.
   
   February 2, 2024


 * 31 PEOPLE ARRESTED IN GLOBAL CYBERCRIME CRACKDOWN
   
   Law enforcement in 50 countries partner to take down ransomware, banking
   malware, and phishing threats. 
   
   February 2, 2024


RANSOMWARE PAYMENTS SURPASSED $1 BILLION IN 2023: ANALYSIS

The payments made by victims in response to ransomware attacks doubled in 2023
compared to 2022, according to Chainalysis.

February 8, 2024


IRAN RAMPS UP CYBERATTACKS ON ISRAEL AMID HAMAS CONFLICT: MICROSOFT

Iran’s offensive cyber operations against Israel went from chaotic in October
2023 to targeting new geographies a month later.

February 8, 2024


LIMACHARLIE LANDS $10.2 MILLION SERIES A FUNDING

California startup lands new financing to build and supply tools to run an MSSP
or SOC on a pay-as-you-use model.

February 8, 2024


FORTINET: APTS EXPLOITING FORTIOS VULNERABILITIES IN CRITICAL INFRASTRUCTURE
ATTACKS

Fortinet warns that Chinese and other APTs are exploiting CVE-2022-42475 and
CVE-2023-27997 in attacks.

February 8, 2024


FEDERAL CYBERSECURITY AGENCY LAUNCHES PROGRAM TO BOOST SUPPORT FOR STATE, LOCAL
ELECTION OFFICES

CISA launched a program aimed at boosting election security, shoring up support
for local offices and hoping to provide reassurance to voters that elections
will be safe and accurate.

February 8, 2024


CISCO PATCHES CRITICAL VULNERABILITIES IN ENTERPRISE COMMUNICATION DEVICES

Two critical vulnerabilities in Cisco Expressway series devices can be exploited
in CSRF attacks without authentication.

February 8, 2024


GOOGLE ANNOUNCES ENHANCED FRAUD PROTECTION FOR ANDROID

Google Play Protect will block the installation of sideloaded applications
requesting permissions frequently abused by fraudsters.

February 8, 2024


HOW TO PREDICT YOUR PATCHING PRIORITIES

Implementing a smart and timely approach to patching remains one of the primary
ways for organizations to protect their networks from attackers.

February 8, 2024


WERE 3 MILLION TOOTHBRUSHES REALLY USED FOR A DDOS ATTACK?

Three million electric toothbrushes were reportedly used for disruptive DDoS
attacks, but cybersecurity experts questioned the claims.

February 8, 2024


BIDEN ADMINISTRATION NAMES A DIRECTOR OF THE NEW AI SAFETY INSTITUTE

The Biden administration named Elizabeth Kelly as the director of the newly
established safety institute for artificial intelligence.

February 7, 2024


US SAYS CHINA’S VOLT TYPHOON HACKERS ‘PRE-POSITIONING’ FOR CYBERATTACKS AGAINST
CRITICAL INFRASTRUCTURE

New CISA alert includes technical mitigations to harden attack surfaces and
instructions to hunt for the Chinese government-backed hackers.

February 7, 2024


MOST LINUX SYSTEMS EXPOSED TO COMPLETE COMPROMISE VIA SHIM VULNERABILITY 

A critical remote code execution vulnerability in Shim could allow attackers to
take over vulnerable Linux systems.

February 7, 2024


DEVICE AUTHORITY RAISES $7M FOR ENTERPRISE IOT IDENTITY AND ACCESS MANAGEMENT
PLATFORM 

Device Authority raises $7 million in a Series A funding round for its
enterprise identity and access management for IoT solution.

February 7, 2024


VERIZON SAYS DATA BREACH IMPACTED 63,000 EMPLOYEES

Verizon is notifying 63,206 employees that their personal information was
exposed in an internal data breach.

February 7, 2024


JETBRAINS PATCHES CRITICAL AUTHENTICATION BYPASS IN TEAMCITY

JetBrains releases patches for a critical-severity TeamCity authentication
bypass leading to remote code execution.

February 7, 2024


CYBERSECURITY M&A ROUNDUP: 34 DEALS ANNOUNCED IN JANUARY 2024

Thirty-four cybersecurity-related merger and acquisition (M&A) deals were
announced in January 2024.

February 7, 2024
More Articles
Page 1 of 178212345Next ›Last »

The leading global conference series for Operations, Control Systems and IT/OT
Security professionals to connect on SCADA, DCS PLC and field controller
cybersecurity.

Learn More

APPLICATION SECURITY


APPLICATION SECURITY


GOOGLE CONTRIBUTES $1 MILLION TO RUST, SAYS IT PREVENTED HUNDREDS OF ANDROID
VULNERABILITIES

Google announces $1 million investment in improving Rust’s interoperability with
legacy C++ codebases.

Ionut Arghire3 days ago


APPLICATION SECURITY


GOOGLE OPEN SOURCES AI-AIDED FUZZING FRAMEWORK


APPLICATION SECURITY


TOR CODE AUDIT FINDS 17 VULNERABILITIES


APPLICATION SECURITY


NEW CLASS OF CI/CD ATTACKS COULD HAVE LED TO PYTORCH SUPPLY CHAIN COMPROMISE

CLOUD SECURITY


CLOUD SECURITY


‘LEAKY VESSELS’ CONTAINER ESCAPE VULNERABILITIES IMPACT DOCKER, OTHERS 

Snyk discloses information on Leaky Vessels, several potentially serious
container escape vulnerabilities affecting Docker and others.

Eduard KovacsFebruary 1, 2024


CLOUD SECURITY


ORCA FLAGS DANGEROUS GOOGLE KUBERNETES ENGINE MISCONFIGURATION


CLOUD SECURITY


MICROSOFT LETS CLOUD USERS KEEP PERSONAL DATA WITHIN EUROPE TO EASE PRIVACY
FEARS


APPLICATION SECURITY


SENTINELONE SNAPS UP SEED-STAGE CNAPP STARTUP PINGSAFE

ICS/OT


ICS/OT


MITSUBISHI ELECTRIC FACTORY AUTOMATION FLAWS EXPOSE ENGINEERING WORKSTATIONS

Critical and high-severity Mitsubishi Electric Factory Automation
vulnerabilities can allow privileged access to engineering workstations. 

Eduard Kovacs3 days ago


ICS/OT


OT MAINTENANCE IS PRIMARY SOURCE OF OT SECURITY INCIDENTS: REPORT


ICS/OT


PODCAST: PALO ALTO NETWORKS TALKS IT/OT CONVERGENCE


ICS/OT


WESTERMO SWITCH VULNERABILITIES CAN FACILITATE ATTACKS ON INDUSTRIAL
ORGANIZATIONS

 * 
 * 
 * 


POPULAR TOPICS

 * Cybersecurity News
 * Industrial Cybersecurity


SECURITY COMMUNITY

 * Virtual Cybersecurity Events
 * Webcast Library
 * CISO Forum
 * ICS Cybersecurity Conference
 * Cybersecurity Newsletters


STAY INTOUCH

 * Cyber Weapon Discussion Group
 * RSS Feed
 * Security Intelligence Group
 * Follow SecurityWeek on LinkedIn


ABOUT SECURITYWEEK

 * Advertising
 * Event Sponsorships
 * Writing Opportunities
 * Feedback/Contact Us


NEWS TIPS

Got a confidential news tip? We want to hear from you.

Submit Tip


ADVERTISING

Reach a large audience of enterprise cybersecurity professionals

Contact Us


DAILY BRIEFING NEWSLETTER

Subscribe to the SecurityWeek Daily Briefing and get the latest content
delivered to your inbox.


 * Privacy Policy

Copyright © 2024 SecurityWeek ®, a Wired Business Media Publication. All Rights
Reserved.












Close