Google has disrupted over 175,000 YouTube and Blogger instances related to the Chinese influence operation Dragonbridge.

The post Google Disrupts More China-Linked Dragonbridge Influence Operations appeared first on SecurityWeek.

Freed from the shackles of always demanding a technical background, the CISO can concentrate on building a diverse team comprising multiple skills.

The post Gaining and Retaining Security Talent: A Cheat Sheet for CISOs appeared first on SecurityWeek.

Some expressed concern about a rise in hybrid attacks by Russia – including allegations of election interference, cyberattacks and sabotage.

The post The EU Targets Russia’s LNG Ghost Fleet With Sanctions as Concern Mounts About Hybrid Attacks appeared first on SecurityWeek.

The P2Pinfect worm targeting Redis servers has been updated with ransomware and cryptocurrency mining payloads.

The post P2Pinfect Worm Now Dropping Ransomware on Redis Servers appeared first on SecurityWeek.

More than 100,000 websites are affected by a supply chain attack injecting malware via a Polyfill domain.

The post Polyfill Supply Chain Attack Hits Over 100k Websites  appeared first on SecurityWeek.

Several vulnerabilities patched recently in Siemens Sicam products could be exploited in attacks aimed at the energy sector.

The post Siemens Sicam Vulnerabilities Could Facilitate Attacks on Energy Sector appeared first on SecurityWeek.

Exploitation attempts targeting CVE-2024-5806, a critical MOVEit Transfer vulnerability patched recently, have started.

The post Exploitation Attempts Target New MOVEit Transfer Vulnerability appeared first on SecurityWeek.

The European Council has added six Russian hackers to the EU’s sanctions list for their cyberattacks against member states and Ukraine.

The post EU Sanctions Six Russian Hackers appeared first on SecurityWeek.

A Mirai-like botnet has started exploiting a critical-severity vulnerability in discontinued Zyxel NAS products.

The post Recent Zyxel NAS Vulnerability Exploited by Botnet appeared first on SecurityWeek.

Indonesia’s national data center has been compromised by a hacking group asking for a $8 million ransom that the government won’t pay.

The post Indonesia Says a Cyberattack Has Compromised Its Data Center but It Won’t Pay the $8 Million Ransom appeared first on SecurityWeek.

CoinStats says North Korean hackers drained $2 million in virtual assets from 1,590 cryptocurrency wallets.

The post Hackers Steal Over $2 Million in Cryptocurrency From CoinStats Wallets appeared first on SecurityWeek.

Five WordPress plugins were injected with malicious code that creates a new administrative account.

The post Several Plugins Compromised in WordPress Supply Chain Attack  appeared first on SecurityWeek.

Researcher shows how hackers could use social engineering to deliver ransomware and other malware to Meta’s Quest 3 VR headset.

The post Meta’s Virtual Reality Headset Vulnerable to Ransomware Attacks: Researcher appeared first on SecurityWeek.

Car dealerships in North America are still wrestling with major disruptions that started last week with cyberattacks on a company whose software is used widely in the auto retail sales sector.

The post Car Dealerships in North America Revert to Pens and Paper After Cyberattacks on Software Provider appeared first on SecurityWeek.

Employees of the Any.Run malware analysis service were recently targeted in a phishing attack that was part of a BEC campaign.

The post Malware Sandbox Any.Run Targeted in Phishing Attack appeared first on SecurityWeek.

Neiman Marcus has disclosed a data breach impacting 64,000 people just as a hacker announced the sale of customer data.

The post Neiman Marcus Data Breach Disclosed as Hacker Offers to Sell Stolen Information appeared first on SecurityWeek.

Google has released a Chrome security update to resolve four high-severity use-after-free vulnerabilities.

The post Chrome 126 Update Patches Memory Safety Bugs appeared first on SecurityWeek.

Assange will plead guilty to an Espionage Act charge of conspiring to unlawfully obtain and disseminate classified national defense information, the Justice Department said.

The post WikiLeaks Founder Julian Assange Will Plead Guilty in Deal With US and Return to Australia appeared first on SecurityWeek.

A suspected Chinese state-sponsored hacking group has stepped up its targeting of Taiwanese organizations, particularly those in sectors such as government, education, technology and diplomacy.

The post Chinese Hackers Have Stepped Up Attacks on Taiwanese Organizations, Cybersecurity Firm Says appeared first on SecurityWeek.

SecurityWeek’s AI Risk Summit + CISO Forum brings together business and government stakeholders to provide meaningful guidance on risk management and cybersecurity in the age of artificial intelligence.

The post Tech Leaders Gather This Week for AI Risk Summit + CISO Forum at the Ritz-Carlton, Half Moon Bay appeared first on SecurityWeek.

New attack named SnailLoad allows a remote attacker to infer websites and videos viewed by a user without direct access to network traffic.

The post New SnailLoad Attack Relies on Network Latency Variations to Infer User Activity appeared first on SecurityWeek.

The EFF has issued a warning over the use of automated license plate readers following the discovery of serious vulnerabilities. 

The post EFF Issues New Warning After Discovery of Automated License Plate Reader Vulnerabilities appeared first on SecurityWeek.

LivaNova USA says the personal and medical information of 130,000 individuals was compromised in an October 2023 data breach.

The post LivaNova USA Discloses Data Breach Impacting 130,000 Individuals appeared first on SecurityWeek.

The US has announced charges against four Vietnamese nationals for hacking businesses and causing $71 million in losses.

The post Vietnamese Members of FIN9 Hacking Group Charged in US appeared first on SecurityWeek.

The Los Angeles County Department of Health Services discloses a data breach caused by push notification spamming attack.

The post Push Notification Fatigue Leads to LA County Health Department Data Breach appeared first on SecurityWeek.

The US has imposed sanctions on 12 individuals who have leadership roles at Kaspersky in Russia and the UK.

The post US Sanctions 12 Kaspersky Executives  appeared first on SecurityWeek.

A hacker claims to have stolen the information of 30 million users from TEG subsidiary Ticketek.

The post Hacker Claims Theft of 30M User Records From Australia Ticketing Company TEG appeared first on SecurityWeek.

Japan’s space agency has suffered a series of cyberattacks, but sensitive information related to rockets and satellites was not affected.

The post Japan’s Space Agency Was Hit by Multiple Cyberattacks, but Officials Say No Sensitive Data Was Taken appeared first on SecurityWeek.

Facial recognition startup Clearview AI has reached a settlement in an Illinois lawsuit alleging its massive photographic collection of faces violated the subjects’ privacy rights.

The post Facial Recognition Startup Clearview AI Settles Privacy Suit appeared first on SecurityWeek.

Hundreds of operations and appointments are still being canceled more than two weeks after the June 3 cyberattack on NHS provider Synnovis.

The post Investigation of Russian Hack on London Hospitals May Take Weeks Amid Worries Over Online Data Dump appeared first on SecurityWeek.

Santander US is notifying over 12,000 employees that their personal information was compromised in a data breach.

The post Santander Employee Data Breach Linked to Snowflake Attack appeared first on SecurityWeek.

A recently patched Vision Pro vulnerability was classified by Apple as a DoS issue, but a researcher has shown that it’s ‘scary’.

The post Spatial Computing Hack Exploits Apple Vision Pro Flaw to Fill Room With Spiders, Bats appeared first on SecurityWeek.

Noteworthy stories that might have slipped under the radar: Microsoft email spoofing vulnerability, Snowflake hack victims get ransom demands, LogoFail still around.

The post In Other News: Microsoft Email Spoofing, Snowflake Hack Ransoms, LogoFail Follow-Up appeared first on SecurityWeek.

Threat actors are exploiting a recent path traversal vulnerability in SolarWinds Serv-U using public PoC code.

The post Recent SolarWinds Serv-U Vulnerability Exploited in the Wild appeared first on SecurityWeek.

CISA says CFATS program data was likely accessed after an Ivanti Connect Secure appliance was hacked in January.

The post Personal and Chemical Facility Information Potentially Accessed in CISA Hack appeared first on SecurityWeek.

The US government announced a ban on the sale of Kaspersky software over fears that the company is controlled by the Russian government.

The post US Bans Kaspersky Software appeared first on SecurityWeek.

Car dealership software provider CDK Global was in the process of restoring services impacted by a cyberattack when it discovered an additional hack.

The post Disruptions at Many Car Dealerships Continue as CDK Hack Worsens appeared first on SecurityWeek.

Change Healthcare is starting to notify hospitals, insurers and other customers that they may have had patient information exposed in a massive cyberattack.

The post Change Healthcare to Start Notifying Customers Who Had Data Exposed in Cyberattack appeared first on SecurityWeek.

A years-long espionage campaign has targeted telecoms companies in Asia with tools associated with Chinese groups.

The post Cyber Assault on Asian Telecoms Traced to Chinese State Hackers appeared first on SecurityWeek.

Ilya Sutskever's new company is focused on safely developing “superintelligence” - a reference to AI systems that are smarter than humans.

The post OpenAI Co-Founder Sutskever Sets up New AI Company Devoted to ‘Safe Superintelligence’ appeared first on SecurityWeek.

Pomerium raises $13.75 million in Series A funding for dynamic user identity verification and access management platform.

The post Access Management Startup Pomerium Raises $13.75 Million appeared first on SecurityWeek.

LockBit appears to once again be the most active ransomware group, but experts believe the hackers may just be inflating their numbers. 

The post LockBit Ransomware Again Most Active – Real Attack Surge or Smokescreen? appeared first on SecurityWeek.

Hundreds of PC and server models may be affected by CVE-2024-0762, a privilege escalation and code execution flaw in Phoenix SecureCore UEFI firmware.

The post Hundreds of PC, Server Models Possibly Affected by Serious Phoenix UEFI Vulnerability appeared first on SecurityWeek.

AI model weights govern outputs from the system, but altered or ‘poisoned’, they can make the output erroneous and, in extremis, useless and dangerous.

The post AI Weights: Securing the Heart and Soft Underbelly of Artificial Intelligence appeared first on SecurityWeek.

Enterprise identity company raises new capital from JP Morgan and Hercules Capital as it prepares for an IPO exit.

The post Semperis Eyes IPO With $125 Million in Growth Financing appeared first on SecurityWeek.

A threat actor targeting Chinese-speaking victims has been using the SquidLoader malware loader in recent attacks.

The post Highly Evasive SquidLoader Malware Targets China appeared first on SecurityWeek.

Atlassian has released Confluence, Crucible, and Jira updates to address multiple high-severity vulnerabilities.

The post Atlassian Patches High-Severity Vulnerabilities in Confluence, Crucible, Jira appeared first on SecurityWeek.

Post-quantum cryptography (PQC) company PQShield has raised $37 million in Series B funding for its quantum-safe cryptography solutions.

The post Post-Quantum Cryptography Firm PQShield Raises $37 Million appeared first on SecurityWeek.

A statewide outage of the Massachusetts 911 system was the result of a firewall that blocked calls from reaching emergency responders.

The post Massachusetts 911 Outage Caused by Errant Firewall appeared first on SecurityWeek.