Security Affairs

NOVEMBER 29, 2023

Google released security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-6345, in the Chrome browser. Google on Wednesday released security updates to address a new actively exploited zero-day, tracked as CVE-2023-6345, in the Chrome browser.

Surveillance 136

Surveillance Engineering Hacking Software 136

Security Affairs

SEPTEMBER 28, 2023

Google released security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-5217, in the Chrome browser. Google on Wednesday released security updates to address a new actively exploited zero-day flaw in the Chrome browser which is tracked as CVE-2023-5217.

Surveillance 134

Surveillance Spyware Passwords Hacking 134

Security Affairs

NOVEMBER 11, 2024

Amazon disclosed a data breach exposing employee data, with information allegedly stolen in the May 2023 MOVEit attacks. Amazon disclosed a data breach that exposed employee information after data was allegedly stolen during the May 2023 MOVEit attacks. Amazon was compromised in May, 2023 via a MoveIT 0day exploit.

Data breaches 97

Data breaches Hacking Technology Ransomware 97

Security Affairs

SEPTEMBER 11, 2023

Google rolled out emergency security updates to address a new Chrome zero-day (CVE-2023-4863) actively exploited in the wild. Google rolled out emergency security updates to address a zero-day vulnerability that has been actively exploited in attacks in the wild since the start of the year.

Architecture 135

Architecture Engineering Hacking Information Security 135

Security Affairs

OCTOBER 4, 2023

The DRM Report Q2 2023 report provides a detailed insight into the ransomware threat landscape during the period between May and August 2023. Ransomware, a menace that has evolved into a formidable adversary, takes center stage in our examination of the cyber threat landscape during the second quarter of 2023.

Ransomware 133

Ransomware Data collection Cyber threats Hacking 133

Security Affairs

OCTOBER 18, 2023

Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. The researchers reported that several cybercrime groups began exploiting the flaw in early 2023, when the bug was still a zero-day. ” reported Google TAG.

Cybercrime 141

Cybercrime Malware Software Hacking 141

The Last Watchdog

JULY 7, 2023

Budapest, Hungary, July 07, 2023 — Silent Signal, a leading technology provider of state-of-the-art ethical hacking services and solutions, discovered and reported a vulnerability to IBM, that has been confirmed and identified under CVE-2023-30990. Read more about how to secure your IBM i Servers to meet compliance requirements.

Architecture 179

Architecture Hacking Media Government 179

Security Affairs

SEPTEMBER 20, 2023

GitLab rolled out security patches to address a critical vulnerability, tracked as CVE-2023-5009, that can be exploited to run pipelines as another user. GitLab has released security patches to address a critical vulnerability, tracked as CVE-2023-5009 (CVSS score: 9.6), that allows an attacker to run pipelines as another user.

Hacking 133

Hacking Risk Information Security 133

Security Affairs

NOVEMBER 28, 2023

Threat actors started exploiting a critical ownCloud vulnerability (CVE-2023-49103) that can lead to sensitive information disclosure. The vulnerability, tracked as CVE-2023-49103 , resides in the Graphapi app, which relies on a third-party GetPhpInfo.php library that provides a URL. ” reported the company.

Cybersecurity 133

Cybersecurity Passwords Internet Internet 133

Security Affairs

JANUARY 12, 2024

Researchers published a proof-of-concept (PoC) code for the recently disclosed critical flaw CVE-2023-51467 in the Apache OfBiz. Researchers from cybersecurity firm VulnCheck have created a proof-of-concept (PoC) exploit code for the recently disclosed critical flaw CVE-2023-51467 (CVSS score: 9.8) in the Apache OfBiz.

Authentication 144

Authentication Software Passwords Hacking 144

Security Boulevard

DECEMBER 10, 2023

SOC 2 is the gold standard in Information Security certifications and shows the world just how seriously your company takes Information Security. Originally established by the American […] The post The SOC 2 Compliance Checklist for 2023 appeared first on Centraleyes.

Information Security 69

Information Security 69

Security Affairs

OCTOBER 17, 2024

Russia-linked threat actor RomCom targeted Ukrainian government agencies and Polish entities in cyber attacks since late 2023. In the recent attacks, RomCom deployed an updated variant of the RomCom RAT dubbed ‘SingleCamper.’

Government 123

Government Malware Cyber Attacks Ransomware 123

Security Affairs

JULY 5, 2024

The New York Times revealed that OpenAI suffered a security breach in 2023, but the company says source code and customer data were not compromised. OpenAI suffered a security breach in 2023, the New York Times reported.

Artificial Intelligence 144

Artificial Intelligence Technology Risk Hacking 144

Security Affairs

MAY 22, 2024

The digital imaging products manufacturer OmniVision disclosed a data breach after the 2023 ransomware attack. In 2023, OmniVision employed 2,200 people and had an annual revenue of $1.4 In 2023, the imaging sensors manufacturer was the victim of a Cactus ransomware attack. OmniVision Technologies Inc.

Data breaches 135

Data breaches Ransomware Manufacturing Encryption 135

Security Affairs

SEPTEMBER 12, 2023

Microsoft September 2023 Patch Tuesday addressed 59 new flaws, including two vulnerabilities under active attack. Microsoft September 2023 Patch Tuesday security updates addressed 59 vulnerabilities, including two actively exploited zero-day. ” reported ZDI.

Hacking 138

Hacking Information Security 138

Security Affairs

FEBRUARY 13, 2024

Maintainers behind the Ransomfeed platform have released Q3 Report 2023 including activities of 185 criminal groups operating worldwide. This report offers an exhaustive account of ransomware threats in the third quarter of 2023, spotlighting activities monitored by the OSINT Ransomfeed platform.

Ransomware 135

Ransomware Data collection Hacking Technology 135

Security Affairs

OCTOBER 25, 2023

The Pwn2Own Toronto 2023 hacking contest has begun and during the first day, participants received $438,750 in prizes! During the Day 1 of the Pwn2Own Toronto 2023 hacking contest, the organization has awarded a total of $438,750 in prizes! Below is the leaderboard after Pwn2Own Toronto 2023 Day 1.

Hacking 138

Hacking Information Security 138

Security Affairs

MARCH 28, 2024

Google’s Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively exploited zero-day vulnerabilities in 2023. In 2023, Google (TAG) and Mandiant discovered 29 out of 97 vulnerabilities exploited in the wild. ” continues the report.

Government 140

Government Surveillance Cybercrime Ransomware 140

Security Affairs

SEPTEMBER 27, 2023

Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. Google assigned a new CVE identifier for a critical vulnerability, tracked as CVE-2023-5129 (CVSS score 10,0), in the libwebp image library for rendering images in the WebP format.

Spyware 135

Spyware Surveillance Software Hacking 135

Security Affairs

SEPTEMBER 19, 2023

Researchers discovered approximately 12,000 Juniper SRX firewalls and EX switches vulnerable to a recently disclosed CVE-2023-36845 RCE flaw. VulnCheck researchers discovered approximately 12,000 internet-exposed Juniper SRX firewalls and EX switches that are vulnerable to the recently disclosed remote code execution flaw CVE-2023-36845.

Firewall 142

Firewall Internet Internet Authentication 142

Security Affairs

OCTOBER 2, 2023

Experts warn of threat actors actively exploiting CVE-2023-40044 flaw in recently disclosed flaw in Progress Software’s WS_FTP products. ” Cybersecurity firm Rapid7 reported that threat actors started exploiting the CVE-2023-40044 flaw shortly after the release of the PoC code by Assetnote.

Authentication 131

Authentication Software Internet Internet 131

Security Affairs

NOVEMBER 2, 2023

Rapid7 researchers warn of the suspected exploitation of a recently disclosed critical security flaw (CVE-2023-46604) in the Apache ActiveMQ. Cybersecurity researchers at Rapid7 are warning of the suspected exploitation of the recently disclosed critical vulnerability CVE-2023-46604 in the Apache ActiveMQ. before 5.18.3

Ransomware 134

Ransomware Cybercrime Software Encryption 134

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Recommendations provided in these rankings are general in nature and based on information security best practices standards and guidelines, such as OWASP and NIST.

Passwords 119

Passwords Authentication Architecture Risk 119

Security Affairs

MARCH 13, 2024

Threat actors behind the ransomware attacks that hit Stanford University in 2023 gained access to 27,000 people. Stanford University confirmed that threat actors behind the September 2023 ransomware attack had access to 27,000 people. 27, 2023. . Stanford was breached last year by Clop Ransomware.

Ransomware 133

Ransomware Data breaches Passwords Hacking 133

CyberSecurity Insiders

DECEMBER 6, 2022

Compliance, regulatory, and critical services will triage to the top of the priority and budget list for most IT security teams. Automation of processes previously done by staffing and manual efforts will be one of the top projects in 2023 to remedy resource reduction and constraints. CISO shortage. CISO exodus.

Cybersecurity 126

Cybersecurity CISO InfoSec Technology 126

CyberSecurity Insiders

MAY 1, 2023

Companies that fail to protect their customers’ information are likely to face lawsuits in the year 2023, as impacted customers are no longer willing to tolerate such acts at the expense of their privacy and financial losses. By the way, data spills occurring from state-funded hacks are no longer covered under cyber insurance.

Data breaches 138

Data breaches Cyber Insurance Insurance Technology 138

CyberSecurity Insiders

APRIL 11, 2023

As the world continues to face unprecedented cyber threats, Chief Information Security Officers (CISOs) are facing a growing number of challenges in their roles. In 2023, these challenges are likely to increase, and CISOs will have to be well-equipped to overcome them.

CISO 104

CISO Data privacy Cyber threats Technology 104

Security Affairs

OCTOBER 12, 2023

to address the CVE-2023-42824 vulnerability that has been actively exploited in attacks. to address the recently disclosed zero-day CVE-2023-42824. Last week, Apple released emergency security updates to address a new zero-day vulnerability, tracked as CVE-2023-42824, that is exploited in attacks targeting iPhone and iPad devices. “A

Hacking 134

Hacking Mobile Information Security 134

Security Affairs

JANUARY 1, 2024

These are the Top 2023 Security Affairs cybersecurity stories … enjoy it. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Top 2023 Security Affairs cybersecurity stories) TB OF DATA STOLEN FROM DIGITAL INTELLIGENCE FIRM CELLEBRITE LEAKED ONLINE 1.7

Cybersecurity 135

Cybersecurity Spyware Data breaches Passwords 135

Security Affairs

OCTOBER 25, 2023

Citrix warned of attacks actively exploiting the vulnerability CVE-2023-4966 in NetScaler ADC and Gateway appliances. Citrix is urging administrators to secure all NetScaler ADC and Gateway appliances against the CVE-2023-4966 vulnerability, which is actively exploited in attacks. reported Citrix. reported Citrix.

Authentication 136

Authentication VPN Hacking Government 136

Security Affairs

JANUARY 25, 2024

The 2023 RedSense report covers long-term observations we have made regarding intel trends and interconnectivity. These observations were made by analyzing numerous 2023 threat findings and discoveries, and include references to case studies that were reported on by RedSense throughout the year.

Ransomware 128

Ransomware Cybercrime Malware Data breaches 128

Security Affairs

OCTOBER 31, 2023

Researchers publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. ai publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. We’ve developed a Proof of Concept for CVE-2023-20198 in #Cisco IOS XE. ” New POC Available!

Internet 140

Internet Internet Software Accountability 140

Security Affairs

OCTOBER 28, 2023

The Pwn2Own Toronto 2023 hacking competition is over, bug hunters earned $1,038,500 for 58 zero-day exploits. The Pwn2Own Toronto 2023 hacking competition is over, the organizers awarded $1,038,250 for 58 unique 0-days. That's a wrap on #Pwn2Own Toronto 2023! We awarded $1,038,250 for 58 unique 0-days during the event.

Hacking 144

Hacking Information Security 144

Security Affairs

OCTOBER 9, 2023

IBM observed a credential harvesting campaign that is targeting Citrix NetScaler gateways affected by the CVE-2023-3519 vulnerability. IBM’s X-Force researchers reported that threat actors are conducting a large-scale credential harvesting campaign exploiting the recent CVE-2023-3519 vulnerability (CVSS score: 9.8)

VPN 135

VPN Authentication Cyber Attacks Passwords 135

Security Affairs

SEPTEMBER 4, 2023

Cybercrime will cost Germany 206 billion euros ($224 billion) in 2023, German digital association Bitkom told Reuters. According to the German digital association Bitkom, cybercrime will have a worrisome impact on the economy of the state in 2023.

Cybercrime 134

Cybercrime Cyber Attacks Cyber threats Hacking 134

Security Affairs

JANUARY 19, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti EPMM flaw CVE-2023-35082 to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the Ivanti EPMM flaw CVE-2023-35082 (CVSS score: 9.8) and below). .

Mobile 133

Mobile Internet Internet Hacking 133

Security Affairs

SEPTEMBER 3, 2023

Researcher released PoC exploit code for a recent critical flaw (CVE-2023-34039) in VMware Aria Operations for Networks. At the end of August, VMware released security updates to address two vulnerabilities in Aria Operations for Networks (formerly vRealize Network Insight), respectively tracked as CVE-2023-34039 (CVSS score: 9.8)

Authentication 136

Authentication Engineering Hacking Information Security 136