The cybersecurity agency CISA and other government agencies are calling to action for the US to take the necessary steps to improve cybersecurity by closing the software understanding gap. This gap is the result of manufacturers building software that mission owners and operators lack the adequate capacity to verify, meaning that they cannot fully understand […]

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar. We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape. Each week, we curate and present a collection of noteworthy developments, […]

Law firm Wolf Haldenstein Adler Freeman & Herz LLP is notifying more than 3.4 million individuals that their personal information was compromised in a December 2023 data breach. According to the firm, it discovered the incident after detecting suspicious activity on its network. Its investigation revealed that a threat actor accessed certain files and data […]

Google on Thursday announced the release of OSV-SCALIBR (Software Composition Analysis LIBRary), an open source library for software composition analysis. Released as an open source Go library, the tool is an extensible file system scanner designed to extract information on software inventory and identify vulnerabilities. OSV-SCALIBR can either be used as a standalone binary (a […]

The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Thursday announced sanctions against two individuals and four entities involved in generating illicit funds for North Korea as part of the fake IT worker scheme. As part of the elaborate operation, North Korean operatives relied on stolen identities and AI to pose […]

President Joe Biden this week issued an executive order aimed at strengthening the United States’ cybersecurity and making it easier to go after hackers. The executive order covers areas such as security in third-party software supply chains, software development, identity, the security of internet protocols, encryption, quantum computing, artificial intelligence, infrastructure and network security, and […]

Vulnerabilities in the SimpleHelp remote access software are trivial to exploit and could allow attackers to compromise the server and client machines, cybersecurity firm Horizon3.ai reports. SimpleHelp provides remote support solutions that include file transfer, diagnostics, and task automation capabilities. It uses clients running on customers’ machines and a server that acts as a web […]

Cisco this week unveiled AI Defense, a new solution designed to help enterprises secure the development and use of AI applications.  Cisco AI Defense focuses on two main areas: accessing AI applications, and building and running AI applications. The first is related to the use of third-party AI apps, which can boost productivity, but they […]

Microsoft researchers have uncovered Russian intelligence agencies using spear-phishing tactics to target victims with QR codes and WhatsApp group chats. Redmond’s threat intelligence team documented the discovery Thursday with a warning that the Russian APT — tracked as Star Blizzard — has shifted its longstanding spear-phishing tactics to focus on WhatsApp groups. According to Microsoft, […]

New research shows that over 4 million systems on the internet, including VPN servers and home routers, are vulnerable to attacks due to tunneling protocol vulnerabilities. The research was conducted by Mathy Vanhoef, a professor at the KU Leuven university in Belgium, and PhD student Angelos Beitis, in collaboration with VPN testing company Top10VPN. Vanhoef […]