www.securityweek.com
Open in
urlscan Pro
104.24.161.3
Public Scan
Submitted URL: http://www.securityweek.com/
Effective URL: https://www.securityweek.com/
Submission: On February 08 via api from US — Scanned from DE
Effective URL: https://www.securityweek.com/
Submission: On February 08 via api from US — Scanned from DE
Form analysis
3 forms found in the DOMGET https://www.securityweek.com/
<form method="get" id="zox-search-form" action="https://www.securityweek.com/" data-hs-cf-bound="true">
<input type="text" name="s" id="zox-search-input" value="Search" onfocus="if (!window.__cfRLUnblockHandlers) return false; if (this.value == "Search") { this.value = ""; }"
onblur="if (!window.__cfRLUnblockHandlers) return false; if (this.value == "Search") { this.value = ""; }">
<input type="submit" id="zox-search-submit" value="Search">
</form>
Name: ccoptin — POST https://visitor.constantcontact.com/d.jsp
<form class="sw-newsletter-cc" style="" method="post" target="_blank" action="https://visitor.constantcontact.com/d.jsp" name="ccoptin" data-hs-cf-bound="true">
<input type="hidden" value="1102592012458" name="m">
<input type="hidden" value="oi" name="p">
<div class="form-item">
<input type="text" class="form-text required" value="" placeholder="Business Email Address..." size="60" name="ea" maxlength="128">
<input type="submit" class="submit" value="Subscribe" name="go">
</div>
</form>
Name: ccoptin — POST https://visitor.constantcontact.com/d.jsp
<form class="sw-newsletter-cc" style="" method="post" target="_blank" action="https://visitor.constantcontact.com/d.jsp" name="ccoptin" data-hs-cf-bound="true">
<input type="hidden" value="1102592012458" name="m">
<input type="hidden" value="oi" name="p">
<div class="form-item">
<input type="text" class="form-text required" value="" placeholder="Business Email Address..." size="60" name="ea" maxlength="128">
<input type="submit" class="submit" value="Subscribe" name="go">
</div>
</form>
Text Content
This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. We won't track your information when you visit our site. But in order to comply with your preferences, we'll have to use just one tiny cookie so that you're not asked to make this choice again. Accept Decline SECURITYWEEK NETWORK: * Cybersecurity News * Webcasts * Virtual Events ICS: * ICS Cybersecurity Conference * Malware & Threats * Cyberwarfare * Cybercrime * Data Breaches * Fraud & Identity Theft * Nation-State * Ransomware * Vulnerabilities * Security Operations * Threat Intelligence * Incident Response * Tracking & Law Enforcement * Security Architecture * Application Security * Cloud Security * Endpoint Security * Identity & Access * IoT Security * Mobile & Wireless * Network Security * Risk Management * Cyber Insurance * Data Protection * Privacy & Compliance * Supply Chain Security * CISO Strategy * Cyber Insurance * CISO Conversations * CISO Forum * ICS/OT * Industrial Cybersecurity * ICS Cybersecurity Conference * Funding/M&A * Cybersecurity Funding * M&A Tracker * Cybersecurity News * Webcasts * Virtual Events * ICS Cybersecurity Conference Connect with us * * * Hi, what are you looking for? SECURITYWEEK * Malware & Threats * Cyberwarfare * Cybercrime * Data Breaches * Fraud & Identity Theft * Nation-State * Ransomware * Vulnerabilities * Security Operations * Threat Intelligence * Incident Response * Tracking & Law Enforcement * Security Architecture * Application Security * Cloud Security * Endpoint Security * Identity & Access * IoT Security * Mobile & Wireless * Network Security * Risk Management * Cyber Insurance * Data Protection * Privacy & Compliance * Supply Chain Security * CISO Strategy * Cyber Insurance * CISO Conversations * CISO Forum * ICS/OT * Industrial Cybersecurity * ICS Cybersecurity Conference * Funding/M&A * Cybersecurity Funding * M&A Tracker LATEST CYBERSECURITY NEWS RANSOMWARE PAYMENTS SURPASSED $1 BILLION IN 2023: ANALYSIS The payments made by victims in response to ransomware attacks doubled in 2023 compared to 2022, according to Chainalysis. IRAN RAMPS UP CYBERATTACKS ON ISRAEL AMID HAMAS CONFLICT: MICROSOFT Iran’s offensive cyber operations against Israel went from chaotic in October 2023 to targeting new geographies a month later. LIMACHARLIE LANDS $10.2 MILLION SERIES A FUNDING California startup lands new financing to build and supply tools to run an MSSP or SOC on a pay-as-you-use model. FORTINET: APTS EXPLOITING FORTIOS VULNERABILITIES IN CRITICAL INFRASTRUCTURE ATTACKS Fortinet warns that Chinese and other APTs are exploiting CVE-2022-42475 and CVE-2023-27997 in attacks. FEDERAL CYBERSECURITY AGENCY LAUNCHES PROGRAM TO BOOST SUPPORT FOR STATE, LOCAL ELECTION OFFICES CISA launched a program aimed at boosting election security, shoring up support for local offices and hoping to provide reassurance to voters that elections will be safe and accurate. CISCO PATCHES CRITICAL VULNERABILITIES IN ENTERPRISE COMMUNICATION DEVICES Two critical vulnerabilities in Cisco Expressway series devices can be exploited in CSRF attacks without authentication. GOOGLE ANNOUNCES ENHANCED FRAUD PROTECTION FOR ANDROID Google Play Protect will block the installation of sideloaded applications requesting permissions frequently abused by fraudsters. HOW TO PREDICT YOUR PATCHING PRIORITIES Implementing a smart and timely approach to patching remains one of the primary ways for organizations to protect their networks from attackers. WERE 3 MILLION TOOTHBRUSHES REALLY USED FOR A DDOS ATTACK? Three million electric toothbrushes were reportedly used for disruptive DDoS attacks, but cybersecurity experts questioned the claims. BIDEN ADMINISTRATION NAMES A DIRECTOR OF THE NEW AI SAFETY INSTITUTE The Biden administration named Elizabeth Kelly as the director of the newly established safety institute for artificial intelligence. US SAYS CHINA’S VOLT TYPHOON HACKERS ‘PRE-POSITIONING’ FOR CYBERATTACKS AGAINST CRITICAL INFRASTRUCTURE New CISA alert includes technical mitigations to harden attack surfaces and instructions to hunt for the Chinese government-backed hackers. MOST LINUX SYSTEMS EXPOSED TO COMPLETE COMPROMISE VIA SHIM VULNERABILITY A critical remote code execution vulnerability in Shim could allow attackers to take over vulnerable Linux systems. DEVICE AUTHORITY RAISES $7M FOR ENTERPRISE IOT IDENTITY AND ACCESS MANAGEMENT PLATFORM Device Authority raises $7 million in a Series A funding round for its enterprise identity and access management for IoT solution. VERIZON SAYS DATA BREACH IMPACTED 63,000 EMPLOYEES Verizon is notifying 63,206 employees that their personal information was exposed in an internal data breach. JETBRAINS PATCHES CRITICAL AUTHENTICATION BYPASS IN TEAMCITY JetBrains releases patches for a critical-severity TeamCity authentication bypass leading to remote code execution. RANSOMWARE PAYMENTS SURPASSED $1 BILLION IN 2023: ANALYSIS The payments made by victims in response to ransomware attacks doubled in 2023 compared to 2022, according to Chainalysis. WERE 3 MILLION TOOTHBRUSHES REALLY USED FOR A DDOS ATTACK? Three million electric toothbrushes were reportedly used for disruptive DDoS attacks, but cybersecurity experts questioned the claims. US SAYS CHINA’S VOLT TYPHOON HACKERS ‘PRE-POSITIONING’ FOR CYBERATTACKS AGAINST CRITICAL INFRASTRUCTURE New CISA alert includes technical mitigations to harden attack surfaces and instructions to hunt for the Chinese government-backed hackers. TOP CYBERSECURITY HEADLINES RANSOMWARE PAYMENTS SURPASSED $1 BILLION IN 2023: ANALYSIS The payments made by victims in response to ransomware attacks doubled in 2023 compared to 2022, according to Chainalysis. IRAN RAMPS UP CYBERATTACKS ON ISRAEL AMID HAMAS CONFLICT: MICROSOFT Iran’s offensive cyber operations against Israel went from chaotic in October 2023 to targeting new geographies a month later. LIMACHARLIE LANDS $10.2 MILLION SERIES A FUNDING California startup lands new financing to build and supply tools to run an MSSP or SOC on a pay-as-you-use model. FORTINET: APTS EXPLOITING FORTIOS VULNERABILITIES IN CRITICAL INFRASTRUCTURE ATTACKS Fortinet warns that Chinese and other APTs are exploiting CVE-2022-42475 and CVE-2023-27997 in attacks. SECURITYWEEK INDUSTRY EXPERTS HOW TO PREDICT YOUR PATCHING PRIORITIES Implementing a smart and timely approach to patching remains one of the primary ways for organizations to protect their networks from attackers. Derek Manky Read more WHY ARE CYBERSECURITY AUTOMATION PROJECTS FAILING? The cybersecurity industry has taken limited action to reduce cybersecurity process friction, reduce mundane tasks and improve overall user experience. Marc Solomon Read more HOW TO ALIGN YOUR INCIDENT RESPONSE PRACTICES WITH THE NEW SEC DISCLOSURE RULES By turning incident response simulation into a continuous process and employing innovative tools, you can address the stringent requirements of the new SEC incident disclosure rules. Torsten George Read more IN THE CONTEXT OF CLOUD, SECURITY AND MOBILITY, IT’S TIME ORGANIZATIONS DITCH LEGACY MPLS If organizations understand the benefits SASE offers over MPLS and traditional SD-WAN, they will realize that SASE is poised to replace aging MPLS in due time. Etay Maor Read more OUTSMARTING RANSOMWARE’S NEW PLAYBOOK Encryption is a technological necessity and also a legal safeguard, with importance in both defending against and mitigating the consequences of cyberattacks. Rik Ferguson Read more More Expert Insights TRENDING MOST LINUX SYSTEMS EXPOSED TO COMPLETE COMPROMISE VIA SHIM VULNERABILITY ANYDESK HACKED: REVOKES PASSWORDS, CERTIFICATES IN RESPONSE CLOUDFLARE HACKED BY SUSPECTED STATE-SPONSORED THREAT ACTOR MILLIONS OF USER RECORDS STOLEN FROM 65 WEBSITES VIA SQL INJECTION ATTACKS CRITICAL REMOTE CODE EXECUTION VULNERABILITY PATCHED IN ANDROID GOOGLE LINKS OVER 60 ZERO-DAYS TO COMMERCIAL SPYWARE VENDORS MERCEDES SOURCE CODE EXPOSED BY LEAKED GITHUB TOKEN CYBERSECURITY M&A ROUNDUP: 34 DEALS ANNOUNCED IN JANUARY 2024 DAILY BRIEFING NEWSLETTER Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. * Facebook * Twitter * LinkedIn * RSS Feed WEBINAR: THE ACTIVE THREAT LANDSCAPE IN THE CLOUD February 22, 2024 Join the live webinar to learn about active threats targeting common cloud deployments and what security teams can do to mitigate them. Register VIRTUAL EVENT: SUPPLY CHAIN SECURITY SUMMIT March 20, 2024 Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects. Register * CYBERSECURITY M&A ROUNDUP: 34 DEALS ANNOUNCED IN JANUARY 2024 * ZEROFOX TO BE TAKEN PRIVATE IN $350 MILLION DEAL * SECURITYWEEK ANALYSIS: CYBERSECURITY M&A DROPPING, OVER 400 DEALS ANNOUNCED IN 2023 * CYBERSECURITY M&A ROUNDUP: 25 DEALS ANNOUNCED IN DECEMBER 2023 * CYBERSECURITY M&A ROUNDUP: 34 DEALS ANNOUNCED IN NOVEMBER 2023 * SECURITYWEEK CYBER INSIGHTS 2023 SERIES * CYBER INSIGHTS 2023 | THE COMING OF WEB3 * CYBER INSIGHTS 2023 | ZERO TRUST AND IDENTITY AND ACCESS MANAGEMENT * CYBER INSIGHTS 2023: VENTURE CAPITAL * CYBER INSIGHTS 2023 | QUANTUM COMPUTING AND THE COMING CRYPTOPOCALYPSE * CYBER INSIGHTS 2023 | RANSOMWARE * HACKER CONVERSATIONS: ROB DYKE ON LEGAL BULLYING OF GOOD FAITH RESEARCHERS * HACKER CONVERSATIONS: HD MOORE AND THE LINE BETWEEN BLACK AND WHITE * HACKER CONVERSATIONS: RUNA SANDVIK * HACKER CONVERSATIONS: CHRIS WYSOPAL, AKA WELD POND * HACKER CONVERSATIONS: NATALIE SILVANOVICH FROM GOOGLE’S PROJECT ZERO * CISO CONVERSATIONS: THE LEGAL SECTOR WITH ALYSSA MILLER AT EPIQ AND MARK WALMSLEY AT FRESHFIELDS * CISO CONVERSATIONS: JASON REBHOLZ AND JASON OZIN FROM THE INSURANCE SECTOR * CISO CONVERSATIONS: THREE LEADING CISOS IN THE MODERN HEALTHCARE SECTOR * CISO CONVERSATIONS: CISOS IN CLOUD-BASED SERVICES DISCUSS THE PROCESS OF LEADERSHIP * CISO CONVERSATIONS: FIELD CISOS FROM VMWARE CARBON BLACK AND NETSPI UPCOMING VIRTUAL EVENTS CISOs and risk management leaders must understand clearly the role of cyber insurance in a robust security program, ongoing changes to premiums and policy pricing, the errors that could deny coverage and how it all fits into global incident response planning. Learn More SecurityWeek’s inaugural Cyber AI & Automation Summit pushes the boundaries of security discussions by exploring the implications and applications of predictive AI, machine learning, and automation in modern cybersecurity programs. Learn More Designed for senior level cybersecurity leaders to discuss, share and learn innovative information security and risk management strategies, SecurityWeek’s CISO Forum, will take place in 2023 as a virtual event. (June 13-14, 2023) Learn More As CISOs and corporate defenders grapple with the intricacies of securing sensitive data passing through multi-cloud deployments and APIs, the importance of frameworks, tools, controls and design models have surfaced to the front burner. (July 19, 2023) Learn More VULNERABILITIES * CISCO PATCHES CRITICAL VULNERABILITIES IN ENTERPRISE COMMUNICATION DEVICES Two critical vulnerabilities in Cisco Expressway series devices can be exploited in CSRF attacks without authentication. February 8, 2024 * HOW TO PREDICT YOUR PATCHING PRIORITIES Implementing a smart and timely approach to patching remains one of the primary ways for organizations to protect their networks from attackers. February 8, 2024 * MOST LINUX SYSTEMS EXPOSED TO COMPLETE COMPROMISE VIA SHIM VULNERABILITY A critical remote code execution vulnerability in Shim could allow attackers to take over vulnerable Linux systems. February 7, 2024 * JETBRAINS PATCHES CRITICAL AUTHENTICATION BYPASS IN TEAMCITY JetBrains releases patches for a critical-severity TeamCity authentication bypass leading to remote code execution. February 7, 2024 CYBERCRIME * MILLIONS OF USER RECORDS STOLEN FROM 65 WEBSITES VIA SQL INJECTION ATTACKS The ResumeLooters hackers compromise recruitment and retail websites using SQL injection and XSS attacks. February 6, 2024 * UK, FRANCE HOST CONFERENCE TO TACKLE ‘HACKERS FOR HIRE’ Britain and France will host 35 nations alongside business and technology firm leaders at an inaugural conference in London to tackle “hackers for hire”… February 5, 2024 * DRAFTKINGS HACKER SENTENCED TO 18 MONTHS IN PRISON Joseph Garrison has received an 18-month prison sentence for accessing 60,000 DraftKings user accounts using credential stuffing. February 2, 2024 * 31 PEOPLE ARRESTED IN GLOBAL CYBERCRIME CRACKDOWN Law enforcement in 50 countries partner to take down ransomware, banking malware, and phishing threats. February 2, 2024 RANSOMWARE PAYMENTS SURPASSED $1 BILLION IN 2023: ANALYSIS The payments made by victims in response to ransomware attacks doubled in 2023 compared to 2022, according to Chainalysis. February 8, 2024 IRAN RAMPS UP CYBERATTACKS ON ISRAEL AMID HAMAS CONFLICT: MICROSOFT Iran’s offensive cyber operations against Israel went from chaotic in October 2023 to targeting new geographies a month later. February 8, 2024 LIMACHARLIE LANDS $10.2 MILLION SERIES A FUNDING California startup lands new financing to build and supply tools to run an MSSP or SOC on a pay-as-you-use model. February 8, 2024 FORTINET: APTS EXPLOITING FORTIOS VULNERABILITIES IN CRITICAL INFRASTRUCTURE ATTACKS Fortinet warns that Chinese and other APTs are exploiting CVE-2022-42475 and CVE-2023-27997 in attacks. February 8, 2024 FEDERAL CYBERSECURITY AGENCY LAUNCHES PROGRAM TO BOOST SUPPORT FOR STATE, LOCAL ELECTION OFFICES CISA launched a program aimed at boosting election security, shoring up support for local offices and hoping to provide reassurance to voters that elections will be safe and accurate. February 8, 2024 CISCO PATCHES CRITICAL VULNERABILITIES IN ENTERPRISE COMMUNICATION DEVICES Two critical vulnerabilities in Cisco Expressway series devices can be exploited in CSRF attacks without authentication. February 8, 2024 GOOGLE ANNOUNCES ENHANCED FRAUD PROTECTION FOR ANDROID Google Play Protect will block the installation of sideloaded applications requesting permissions frequently abused by fraudsters. February 8, 2024 HOW TO PREDICT YOUR PATCHING PRIORITIES Implementing a smart and timely approach to patching remains one of the primary ways for organizations to protect their networks from attackers. February 8, 2024 WERE 3 MILLION TOOTHBRUSHES REALLY USED FOR A DDOS ATTACK? Three million electric toothbrushes were reportedly used for disruptive DDoS attacks, but cybersecurity experts questioned the claims. February 8, 2024 BIDEN ADMINISTRATION NAMES A DIRECTOR OF THE NEW AI SAFETY INSTITUTE The Biden administration named Elizabeth Kelly as the director of the newly established safety institute for artificial intelligence. February 7, 2024 US SAYS CHINA’S VOLT TYPHOON HACKERS ‘PRE-POSITIONING’ FOR CYBERATTACKS AGAINST CRITICAL INFRASTRUCTURE New CISA alert includes technical mitigations to harden attack surfaces and instructions to hunt for the Chinese government-backed hackers. February 7, 2024 MOST LINUX SYSTEMS EXPOSED TO COMPLETE COMPROMISE VIA SHIM VULNERABILITY A critical remote code execution vulnerability in Shim could allow attackers to take over vulnerable Linux systems. February 7, 2024 DEVICE AUTHORITY RAISES $7M FOR ENTERPRISE IOT IDENTITY AND ACCESS MANAGEMENT PLATFORM Device Authority raises $7 million in a Series A funding round for its enterprise identity and access management for IoT solution. February 7, 2024 VERIZON SAYS DATA BREACH IMPACTED 63,000 EMPLOYEES Verizon is notifying 63,206 employees that their personal information was exposed in an internal data breach. February 7, 2024 JETBRAINS PATCHES CRITICAL AUTHENTICATION BYPASS IN TEAMCITY JetBrains releases patches for a critical-severity TeamCity authentication bypass leading to remote code execution. February 7, 2024 CYBERSECURITY M&A ROUNDUP: 34 DEALS ANNOUNCED IN JANUARY 2024 Thirty-four cybersecurity-related merger and acquisition (M&A) deals were announced in January 2024. February 7, 2024 More Articles Page 1 of 178212345Next ›Last » The leading global conference series for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity. Learn More APPLICATION SECURITY APPLICATION SECURITY GOOGLE CONTRIBUTES $1 MILLION TO RUST, SAYS IT PREVENTED HUNDREDS OF ANDROID VULNERABILITIES Google announces $1 million investment in improving Rust’s interoperability with legacy C++ codebases. Ionut Arghire3 days ago APPLICATION SECURITY GOOGLE OPEN SOURCES AI-AIDED FUZZING FRAMEWORK APPLICATION SECURITY TOR CODE AUDIT FINDS 17 VULNERABILITIES APPLICATION SECURITY NEW CLASS OF CI/CD ATTACKS COULD HAVE LED TO PYTORCH SUPPLY CHAIN COMPROMISE CLOUD SECURITY CLOUD SECURITY ‘LEAKY VESSELS’ CONTAINER ESCAPE VULNERABILITIES IMPACT DOCKER, OTHERS Snyk discloses information on Leaky Vessels, several potentially serious container escape vulnerabilities affecting Docker and others. Eduard KovacsFebruary 1, 2024 CLOUD SECURITY ORCA FLAGS DANGEROUS GOOGLE KUBERNETES ENGINE MISCONFIGURATION CLOUD SECURITY MICROSOFT LETS CLOUD USERS KEEP PERSONAL DATA WITHIN EUROPE TO EASE PRIVACY FEARS APPLICATION SECURITY SENTINELONE SNAPS UP SEED-STAGE CNAPP STARTUP PINGSAFE ICS/OT ICS/OT MITSUBISHI ELECTRIC FACTORY AUTOMATION FLAWS EXPOSE ENGINEERING WORKSTATIONS Critical and high-severity Mitsubishi Electric Factory Automation vulnerabilities can allow privileged access to engineering workstations. Eduard Kovacs3 days ago ICS/OT OT MAINTENANCE IS PRIMARY SOURCE OF OT SECURITY INCIDENTS: REPORT ICS/OT PODCAST: PALO ALTO NETWORKS TALKS IT/OT CONVERGENCE ICS/OT WESTERMO SWITCH VULNERABILITIES CAN FACILITATE ATTACKS ON INDUSTRIAL ORGANIZATIONS * * * POPULAR TOPICS * Cybersecurity News * Industrial Cybersecurity SECURITY COMMUNITY * Virtual Cybersecurity Events * Webcast Library * CISO Forum * ICS Cybersecurity Conference * Cybersecurity Newsletters STAY INTOUCH * Cyber Weapon Discussion Group * RSS Feed * Security Intelligence Group * Follow SecurityWeek on LinkedIn ABOUT SECURITYWEEK * Advertising * Event Sponsorships * Writing Opportunities * Feedback/Contact Us NEWS TIPS Got a confidential news tip? We want to hear from you. Submit Tip ADVERTISING Reach a large audience of enterprise cybersecurity professionals Contact Us DAILY BRIEFING NEWSLETTER Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox. * Privacy Policy Copyright © 2024 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved. Close