2023 - Cyber Security Informer

Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days

Schneier on Security

NOVEMBER 18, 2024

Zero-day vulnerabilities are more commonly used , according to the Five Eyes: Key Findings In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets.

Cybersecurity

Microsoft Patch Tuesday, November 2023 Edition

Krebs on Security

NOVEMBER 14, 2023

The zero-day threats targeting Microsoft this month include CVE-2023-36025 , a weakness that allows malicious content to bypass the Windows SmartScreen Security feature. Microsoft says it is relatively straightforward for attackers to exploit CVE-2023-36036 as a way to elevate their privileges on a compromised PC.

Social Engineering

Social Engineering Phishing Internet Internet

Microsoft Patch Tuesday, December 2023 Edition

Krebs on Security

DECEMBER 12, 2023

The final Patch Tuesday of 2023 is upon us, with Microsoft Corp. Among the critical bugs quashed this month is CVE-2023-35628 , a weakness present in Windows 10 and later versions, as well as Microsoft Server 2008 and later. For example, CVE-2023-35636 , which Microsoft says is an information disclosure vulnerability in Outlook.

Internet

Internet Internet Engineering Malware

Patch Tuesday, October 2023 Edition

Krebs on Security

OCTOBER 10, 2023

The patch fixes CVE-2023-42724 , which attackers have been using in targeted attacks to elevate their access on a local device. Apple said it also patched CVE-2023-5217 , which is not listed as a zero-day bug. ” Microsoft also patched zero-day bugs in Skype for Business ( CVE-2023-41763 ) and Wordpad ( CVE-2023-36563 ).

Engineering

Engineering DDOS Software Authentication

The Anti-Money Laundering Act of 2020: Initial Catalysts, Current Implications, and Future Impacts

Speaker: Elizabeth "Paige" Baumann, Founder and CEO of Paige Baumann Advisory, LLC

March 22nd, 2023 at 9:30 am PDT, 12:30 pm EDT, 4:30 pm GMT Treasury’s Financial Crimes Enforcement Network (FinCEN) pursuant to the AMLA so far Anticipated impacts of the AMLA to financial institutions required to have AML programs and other entities Save your seat and register today!

Banking

Microsoft (& Apple) Patch Tuesday, April 2023 Edition

Krebs on Security

APRIL 11, 2023

On April 7, Apple issued emergency security updates to fix two weaknesses that are being actively exploited, including CVE-2023-28206 , which can be exploited by apps to seize control over a device. CVE-2023-28205 can be used by a malicious or hacked website to install code. Both vulnerabilities are addressed in iOS/iPadOS 16.4.1,

Social Engineering

Social Engineering Ransomware Internet Internet

Microsoft Patch Tuesday, June 2023 Edition

Krebs on Security

JUNE 13, 2023

” Top of the list on that front is CVE-2023-29357 , which is a “critical” bug in Microsoft SharePoint Server that can be exploited by an unauthenticated attacker on the same network. This SharePoint flaw earned a CVSS rating of 9.8 is the most dangerous).

Social Engineering

Social Engineering System Administration Authentication Internet

Microsoft Patch Tuesday, May 2023 Edition

Krebs on Security

MAY 9, 2023

First up in May’s zero-day flaws is CVE-2023-29336 , which is an “elevation of privilege” weakness in Windows which has a low attack complexity, requires low privileges, and no user interaction. ” Adam Barnett , lead software engineer at Rapid7 , said CVE-2023-24932 deserves a considerably higher threat score.

Malware

Malware Software Internet Internet

Microsoft Patch Tuesday, January 2023 Edition

Krebs on Security

JANUARY 10, 2023

Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. Of particular concern for organizations running Microsoft SharePoint Server is CVE-2023-21743. Microsoft says this flaw is “more likely to be exploited” at some point.

Software

Software Encryption Engineering Internet

Exploring the Overlap: Cost Optimization and Digital Transformation

Speaker: Alex Jiménez, Managing Principal, Financial Service Consulting for EPAM

April 19th, 2023 at 9:30 am PDT, 12:30 pm EDT, 4:30 pm GMT

Digital transformation

Atlassian Confluence Vulnerability CVE-2023-22527 Exploited for Cryptomining

Penetration Testing

OCTOBER 30, 2024

In a recently disclosed report by Trend Micro, attackers were observed exploiting a vulnerability in Atlassian’s Confluence servers (CVE-2023-22527) to hijack victim resources and harvest rewards from the Titan Network—a... The post Atlassian Confluence Vulnerability CVE-2023-22527 Exploited for Cryptomining appeared first on Cybersecurity (..)

Cybersecurity

Amazon discloses employee data breach after May 2023 MOVEit attacks

Security Affairs

NOVEMBER 11, 2024

Amazon disclosed a data breach exposing employee data, with information allegedly stolen in the May 2023 MOVEit attacks. Amazon disclosed a data breach that exposed employee information after data was allegedly stolen during the May 2023 MOVEit attacks. Amazon was compromised in May, 2023 via a MoveIT 0day exploit.

Data breaches

Data breaches Hacking Technology Ransomware

CVE-2023-28578 & CVE-2023-28582: Qualcomm Patches Critical Flaws in Popular Chips

Penetration Testing

MARCH 6, 2024

US chipmaking giant Qualcomm has released a crucial security bulletin this month, patching 16 vulnerabilities – including two critical flaws (CVE-2023-28578 and CVE-2023-28582)– that leave billions of devices exposed to potential attacks.

Penetration Testing

Zero-Day Exploits Surge in 2023, Cisco, Fortinet Vulnerabilities Targeted

Security Boulevard

NOVEMBER 15, 2024

The post Zero-Day Exploits Surge in 2023, Cisco, Fortinet Vulnerabilities Targeted appeared first on Security Boulevard.

Cybersecurity

Cybersecurity Cyber threats

The Power of Storytelling in Risk Management

Speaker: Dr. Karen Hardy, CEO and Chief Risk Officer of Strategic Leadership Advisors LLC

July 13th, 2023 at 9:30am PDT, 12:30pm EDT, 5:30pm BST

Risk

Kaspersky releases 2023 predictions

Tech Republic Security

JANUARY 23, 2023

A new report from Kaspersky details what their digital forensics and incident response teams predict as the main 2023 threats to corporations and government agencies. The post Kaspersky releases 2023 predictions appeared first on TechRepublic. Learn more about it.

Government

Government Phishing Ransomware Malware

CVE-2023-51385 and CVE-2023-6004 – A Dual OpenSSH Threat

Penetration Testing

DECEMBER 23, 2023

Identified as... The post CVE-2023-51385 and CVE-2023-6004 – A Dual OpenSSH Threat appeared first on Penetration Testing. A now-patched security vulnerability, with a CVSS score of 9.8, threatened the very core of its secure channel operations.

Penetration Testing

McAfee 2023 Threat Predictions

Tech Republic Security

DECEMBER 9, 2022

2022 is almost over, and the threats seen during the year have built the foundations for 2023's threat landscape, according to McAfee. The post McAfee 2023 Threat Predictions appeared first on TechRepublic. Cyber criminals will benefit from new technologies such as AI or Web3.

Technology

Technology Artificial Intelligence

2023 Ransomware Attack Report

Security Boulevard

FEBRUARY 13, 2024

The 2023 ransomware attack report summarizes the major changes we saw in ransomware trends and tactics by geography, sector and variant. The post 2023 Ransomware Attack Report appeared first on Security Boulevard.

Ransomware

Cybersecurity Predictions for 2024

We’ve recently looked back at what happened within cybersecurity in 2023. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.

Cybersecurity

Top cybersecurity threats for 2023

Tech Republic Security

NOVEMBER 14, 2022

The post Top cybersecurity threats for 2023 appeared first on TechRepublic. Next year, cybercriminals will be as busy as ever. Are IT departments ready?

Cybersecurity

Cybersecurity Phishing Ransomware Malware

2023 FBI Internet Crime Report reported cybercrime losses reached $12.5 billion in 2023

Security Affairs

MARCH 7, 2024

The FBI Internet Crime Complaint Center (IC3) 2023 report states that reported cybercrime losses reached $12.5 billion in 2023. The 2023 Internet Crime Report published the FBI’s Internet Crime Complaint Center (IC3) reveals that reported cybercrime losses reached $12.5 billion in 2023. billion in 2023 (+38%).

Cybercrime

Cybercrime Internet Internet Scams

CVE-2023-48788 Exploited: Researcher Details Cyberattacks on Fortinet EMS

Penetration Testing

SEPTEMBER 19, 2024

The report highlights critical vulnerabilities,... The post CVE-2023-48788 Exploited: Researcher Details Cyberattacks on Fortinet EMS appeared first on Cybersecurity News.

Cybersecurity

Cybersecurity Ransomware Malware

Critical Wi-Fi Flaws Put Your Data at Risk (CVE-2023-52160, CVE-2023-52161)

Penetration Testing

FEBRUARY 15, 2024

Two new vulnerabilities (CVE-2023-52160, CVE-2023-52161) in open-source WiFi software are allowing attackers to trick victims into connecting to evil twins of trusted networks intercept their traffic, and join otherwise secure networks without needing the... The post Critical Wi-Fi Flaws Put Your Data at Risk (CVE-2023-52160, CVE-2023-52161) (..)

Penetration Testing

Penetration Testing Risk Software

ERM Program Fundamentals for Success in the Banking Industry

Speaker: William Hord, Senior VP of Risk & Professional Services

July 20th, 2023 at 9:30am PDT, 12:30pm EDT, 5:30pm BST This exclusive webinar with William Hord, Senior VP of Risk & Professional Services, will explore the answers to these questions and other foundational elements you need to start or validate your ERM program. Register today!

Banking

20 Most Popular TechRepublic Articles in 2023

Tech Republic Security

DECEMBER 22, 2023

Here's a list of the 20 most popular articles published by TechRepublic in 2023. Read articles about ChatGPT, Google Bard, Windows 11 and more

Artificial Intelligence

Incident response analyst report 2023

SecureList

MAY 14, 2024

Incident response analyst report 2023 As an information security company, our services include incident response and investigation, and malware analysis. Our annual Incident Response Report presents anonymized statistics on the cyberattacks we investigated in 2023. This attack vector was among the three most frequently seen in 2023.

Ransomware

Ransomware Authentication Passwords Government

Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748

Security Affairs

NOVEMBER 1, 2023

Experts warn that threat actors started exploiting the critical flaw CVE-2023-46747 in F5 BIG-IP installs less than five days after PoC exploit disclosure. F5 this week warned customers about a critical security vulnerability, tracked as CVE-2023-46747 (CVSS 9.8), that impacts BIG-IP and could result in unauthenticated remote code execution.

Authentication

Authentication Hacking Cybersecurity Information Security

Top 5 Global Cyber Security Trends of 2023, According to Google Report

Tech Republic Security

MAY 3, 2024

According to the M-Trends report, the average time it takes for an organisation to detect an attacker in their environment has decreased from 16 days in 2022 to 10 days in 2023.

Ransomware

Ransomware Cybersecurity

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Speaker: Erika R. Bales, Esq.

August 23, 2023 at 9:30am PDT, 12:30pm EDT, 5:30pm BST Bales, Esq. is here to teach you: How to break compliance and security down into discrete components Tips and strategies to establish a functional compliance and security protocol for your organization Why compliance and security are moving targets - your job is never “done” And more!

Thales Wins Big in 2023

Thales Cloud Protection & Licensing

NOVEMBER 1, 2023

Thales Wins Big in 2023 madhav Thu, 11/02/2023 - 05:09 Here at Thales, we are incredibly proud of what we do. 2023 has been a particularly good year for us; keep reading for a run-through of our most recent successes. Here at Thales, we believe that our research can transform the cybersecurity landscape for the better.

Marketing

Marketing Cybersecurity Technology CISO

Financial cyberthreats in 2023

SecureList

MAY 6, 2024

Methodology In this report, we present an analysis of financial cyberthreats in 2023, focusing on banking Trojans and phishing pages that target online banking, shopping accounts, cryptocurrency wallets and other financial assets. Cryptocurrency phishing saw a 16% year-on-year increase in 2023, with 5.84 million in 2022.

Phishing

Phishing Banking Mobile Scams

PoC Released for CVE-2023-42942 – a macOS Root Privilege Escalation Vulnerability

Penetration Testing

MARCH 1, 2024

An independent security researcher has published details and proof-of-concept (PoC) code for a macOS vulnerability (CVE-2023-42942) that could be exploited for root privilege escalation.

Penetration Testing

2023, the year of ransomware

Security Boulevard

DECEMBER 21, 2023

As I begin to document the ransomware landscape of 2023, I recognize that the constantly changing nature of these attacks means that any momentary snapshot becomes quickly outdated. What remains unchanged is the harsh reality that … Continue reading "2023, the year of ransomware" The post 2023, the year of ransomware appeared first on Solvo.

Ransomware

5 Key Findings From the 2023 FBI Internet Crime Report

The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). In this eBook, we will look at the 2023 report and explore the most important cybersecurity stats and how to prevent them.

Identity Theft

CVE-2023-32191 (CVSS 10) in Rancher Kubernetes Engine Exposes Sensitive Credentials

Penetration Testing

JUNE 18, 2024

This vulnerability, identified as CVE-2023-32191 and rated with a... The post CVE-2023-32191 (CVSS 10) in Rancher Kubernetes Engine Exposes Sensitive Credentials appeared first on Cybersecurity News.

Engineering

Engineering Cybersecurity

8 Takeaways from Apple 2023 Threat Research

Security Boulevard

JUNE 4, 2024

The post 8 Takeaways from Apple 2023 Threat Research appeared first on Security Boulevard. The newly-released Apple cybersecurity threat study reveals interesting data points and demonstrates how the threat landscape is evolving.

Cybersecurity

Cybersecurity Data privacy Data breaches Security Awareness

Google addressed the sixth Chrome Zero-Day vulnerability in 2023

Security Affairs

NOVEMBER 29, 2023

Google released security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-6345, in the Chrome browser. Google on Wednesday released security updates to address a new actively exploited zero-day, tracked as CVE-2023-6345, in the Chrome browser. ” reads the advisory published by Google.

Surveillance

Surveillance Engineering Hacking Software

CISA Warns of Active CVE-2023-24955 Exploitation in Microsoft SharePoint Server

Penetration Testing

MARCH 26, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm regarding active attacks targeting a vulnerability in Microsoft SharePoint Server (CVE-2023-24955).

Penetration Testing

Penetration Testing Cybersecurity

Everything You Need to Know About Crypto

Speaker: Ryan McInerny, CAMS, FRM, MSBA - Principal, Product Strategy

May 18th, 2023 at 9:30 am PDT, 12:30 pm EDT, 5:30 pm BST

Cryptocurrency

Web Vulnerability Submissions Exploded in 2023

Security Boulevard

JANUARY 26, 2024

There was an alarming surge of user-submitted web vulnerability submissions in 2023—with a 30% increase compared to 2022—as open-scoped bug bounty programs evolved. The post Web Vulnerability Submissions Exploded in 2023 appeared first on Security Boulevard.

Mobile

Mobile Malware Cybersecurity Network Security

AWS re:Invent 2023: Cybersecurity Visibility

Security Boulevard

DECEMBER 21, 2023

Shira Rubinoff talks with CySight's Rafi Sabel at AWS re:Invent 2023. The post AWS re:Invent 2023: Cybersecurity Visibility appeared first on Security Boulevard.

Cybersecurity

The top cyber security news stories of 2023

Security Boulevard

DECEMBER 11, 2023

The post The top cyber security news stories of 2023 appeared first on Click Armor. The post The top cyber security news stories of 2023 appeared first on Security Boulevard.

CISO

CISO Security Awareness Phishing Risk

PoC Released for Zero-Click CVE-2023-35628 Vulnerability in Microsoft Windows

Penetration Testing

APRIL 12, 2024

Akamai researcher Ben Barnea has released the technical details and proof-of-concept (PoC) for a severe CVE-2023-35628 vulnerability in Microsoft Windows, specifically affecting Outlook clients and potentially exploitable through Windows Explorer.

Penetration Testing

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

November 14th, 2023 at 9:30am PST, 12:30pm EST, 5:30pm GMT In this exclusive webinar with industry visionaries, you'll learn: The value of Software Composition Analysis Regulations impacting both software producers and buyers What a Software Bill of Materials is and why you need one Software supply chain security best practices.and more!

Cybersecurity

Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days

Microsoft Patch Tuesday, November 2023 Edition

Trending Sources

Microsoft Patch Tuesday, December 2023 Edition

Patch Tuesday, October 2023 Edition

The Anti-Money Laundering Act of 2020: Initial Catalysts, Current Implications, and Future Impacts

Microsoft (& Apple) Patch Tuesday, April 2023 Edition

Microsoft Patch Tuesday, June 2023 Edition

Microsoft Patch Tuesday, May 2023 Edition

Microsoft Patch Tuesday, January 2023 Edition

Exploring the Overlap: Cost Optimization and Digital Transformation

Atlassian Confluence Vulnerability CVE-2023-22527 Exploited for Cryptomining

Amazon discloses employee data breach after May 2023 MOVEit attacks

CVE-2023-28578 & CVE-2023-28582: Qualcomm Patches Critical Flaws in Popular Chips

Zero-Day Exploits Surge in 2023, Cisco, Fortinet Vulnerabilities Targeted

The Power of Storytelling in Risk Management

Kaspersky releases 2023 predictions

CVE-2023-51385 and CVE-2023-6004 – A Dual OpenSSH Threat

McAfee 2023 Threat Predictions

2023 Ransomware Attack Report

Cybersecurity Predictions for 2024

Top cybersecurity threats for 2023

2023 FBI Internet Crime Report reported cybercrime losses reached $12.5 billion in 2023

CVE-2023-48788 Exploited: Researcher Details Cyberattacks on Fortinet EMS

Critical Wi-Fi Flaws Put Your Data at Risk (CVE-2023-52160, CVE-2023-52161)

ERM Program Fundamentals for Success in the Banking Industry

20 Most Popular TechRepublic Articles in 2023

Incident response analyst report 2023

Threat actors actively exploit F5 BIG-IP flaws CVE-2023-46747 and CVE-2023-46748

Top 5 Global Cyber Security Trends of 2023, According to Google Report

From Complexity to Clarity: Strategies for Effective Compliance and Security Measures

Thales Wins Big in 2023

Financial cyberthreats in 2023

PoC Released for CVE-2023-42942 – a macOS Root Privilege Escalation Vulnerability

2023, the year of ransomware

5 Key Findings From the 2023 FBI Internet Crime Report

CVE-2023-32191 (CVSS 10) in Rancher Kubernetes Engine Exposes Sensitive Credentials

8 Takeaways from Apple 2023 Threat Research

Google addressed the sixth Chrome Zero-Day vulnerability in 2023

CISA Warns of Active CVE-2023-24955 Exploitation in Microsoft SharePoint Server

Everything You Need to Know About Crypto

Web Vulnerability Submissions Exploded in 2023

AWS re:Invent 2023: Cybersecurity Visibility

The top cyber security news stories of 2023

PoC Released for Zero-Click CVE-2023-35628 Vulnerability in Microsoft Windows

Software Composition Analysis: The New Armor for Your Cybersecurity

Stay Connected