Krebs on Security

FEBRUARY 13, 2024

Top of the heap on this Fat Patch Tuesday is CVE-2024-21412 , a “security feature bypass” in the way Windows handles Internet Shortcut Files that Microsoft says is being targeted in active exploits. Microsoft Corp. msi) that in turn unloads a remote access trojan (RAT) onto infected Windows systems.

Engineering 264

Engineering Internet Internet Software 264

Krebs on Security

MAY 14, 2024

CVE-2024-30051 is an “elevation of privilege” bug in a core Windows library. ” CVE-2024-30040 is a security feature bypass in MSHTML , a component that is deeply tied to the default Web browser on Windows systems. . First, the zero-days.

Social Engineering 256

Social Engineering Backups Malware Software 256

Lohrman on Security

JULY 21, 2024

Several recently released cyber industry reports show steady or growing ransomware numbers in 2024 so far, and impacts on business and government have never been greater.

Ransomware 267

Ransomware Government 267

Krebs on Security

OCTOBER 8, 2024

One of the zero-day flaws — CVE-2024-43573 — stems from a security weakness in MSHTML , the proprietary engine of Microsoft’s Internet Explorer web browser. If that sounds familiar it’s because this is the fourth MSHTML vulnerability found to be exploited in the wild so far in 2024.

Engineering 236

Engineering Internet Internet System Administration 236

Krebs on Security

JUNE 11, 2024

CVE-2024-30080 is a flaw in the Microsoft Message Queuing (MSMQ) service that can allow attackers to execute code of their choosing. CVE-2024-30080 has been assigned a CVSS vulnerability score of 9.8 (10 CVE-2024-30078 is a remote code execution weakness in the Windows WiFi Driver , which also has a CVSS score of 9.8.

Internet 254

Internet Internet Software Malware 254

Lohrman on Security

NOVEMBER 3, 2024

ISC2 just released their 2024 cyber workforce report, and the key findings are eye-opening for public-sector employees. Here’s what you need to know.

Government 266

Government 266

Lohrman on Security

MAY 12, 2024

As another RSA Conference in San Francisco ended on May 10, 2024, the global impact that cybersecurity and artificial intelligence bring to every area of life has become much more apparent.

Artificial Intelligence 250

Artificial Intelligence Cybersecurity 250

The Last Watchdog

DECEMBER 16, 2024

Continuing our look back at 2024, part two of Last Watchdogs year-ender roundtable turns its focus to emerging threats vs. evolving defense tactics. This has fueled rapid adoption of autonomous AI agents, which matured significantly in 2024 and will become mainstream in 2025. The drivers are intensifying. million (NIST, WEF).

Cyber threats 264

Cyber threats CISO IoT Phishing 264

Joseph Steinberg

JANUARY 30, 2024

They will then shift our focus to the future, and help us forecast for 2024 with a forward-thinking exploration of anticipated cybersecurity challenges and advancements. Steinberg and Liwer will analyze the potential impact of emerging technologies, legislative changes, and geopolitical events on the cybersecurity landscape.

Artificial Intelligence 266

Artificial Intelligence Cybersecurity Cyber threats Technology 266

Lohrman on Security

JUNE 16, 2024

It’s been six months since I released the Top 24 Security Predictions for 2024, so which predictions are on track and which seem off base — so far? And what’s new as we hit the halfway point in the year?

Cybersecurity 234

Cybersecurity 234

Tech Republic Security

DECEMBER 10, 2024

TechRepublic looks back at the biggest cybersecurity stories of 2024, from record data breaches to rising ransomware threats and CISO burnout.

CISO 189

CISO Cybersecurity Data breaches Ransomware 189

The Last Watchdog

AUGUST 12, 2024

LAS VEGAS – Here’s what I discovered last week here at Black Hat USA 2024 : GenAI is very much in the mix as a potent X-factor in cybersecurity. After strolling the exhibits floor at Black Hat USA 2024 and speaking with the solution providers, I jotted down two categories of cybersecurity advancements: ‘coding level’ and ‘operational level.’

Software 290

Software Technology Mobile Cybersecurity 290

Schneier on Security

APRIL 10, 2024

Last week I posted a short memorial of Ross Anderson. The Communications of the ACM asked me to expand it. Here’s the longer version.

Engineering 323

Engineering Cybersecurity 323

The Last Watchdog

DECEMBER 12, 2023

What should I be most concerned about – and focus on – in 2024? In 2024, we will see more targeted, sophisticated business email compromise (BEC) attacks, including VIP impersonation, vendor email compromise (VEC), and autonomous agents used for malicious purposes. For 2024, it will take a village!

Cybersecurity 258

Cybersecurity Social Engineering Cyber threats Software 258

The Last Watchdog

DECEMBER 13, 2023

We drilled down on a few significant developments expected to play out in 2024 and beyond. DigiCert recently released the DigiCert PQC Playground —a part of DigiCert Labs designed to let security code writers and tech enthusiasts experiment with the NIST-endorsed PQC algorithms which are slated to go into effect in 2024.

Encryption 311

Encryption Technology CISO IoT 311

Penetration Testing

DECEMBER 19, 2024

resolves multiple vulnerabilities that pose significant risks, including... The post CVE-2024-49576 and CVE-2024-47810: Foxit Addresses Remote Code Execution Flaws appeared first on Cybersecurity News. Foxit has released a crucial security update for its widely used Foxit PDF Reader and Foxit PDF Editor.

Risk 137

Risk Cybersecurity 137

Penetration Testing

DECEMBER 8, 2024

A critical use-after-free vulnerability, identified as CVE-2024-38193, has been discovered in the afd.sys Windows driver. poses a significant threat to Windows systems,... The post Windows Zero-Day Vulnerability CVE-2024-38193 Exploited in the Wild: PoC Published appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

Penetration Testing

DECEMBER 17, 2024

One of the vulnerabilities could allow... The post RCE and DoS Vulnerabilities Addressed in Apache Tomcat: CVE-2024-50379 and CVE-2024-54677 appeared first on Cybersecurity News.

Software 117

Software Cybersecurity 117

Penetration Testing

DECEMBER 10, 2024

The update, rolling out progressively to Windows, Mac, and Linux... The post Google Chrome Patches High-Severity Vulnerabilities – CVE-2024-12381 & CVE-2024-12382 appeared first on Cybersecurity News.

Cybersecurity 121

Cybersecurity 121

Penetration Testing

NOVEMBER 24, 2024

A high-severity vulnerability (CVE-2024-11477) has been discovered in the popular file archiver 7-Zip, potentially allowing attackers to execute malicious code on vulnerable systems. The flaw, identified by Nicholas Zubrisky of... The post CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now!

Cybersecurity 145

Cybersecurity 145

Penetration Testing

DECEMBER 22, 2024

The Apache Software Foundation recently released a critical security update to address a remote code execution (RCE) vulnerability in Apache Tomcat, identified as CVE-2024-56337.

Software 137

Software Cybersecurity 137

Penetration Testing

OCTOBER 20, 2024

The vulnerability, tracked as CVE-2024-30090 and assigned a CVSS score of 7.0, could... The post Microsoft Windows Flaw: CVE-2024-30090 PoC Exploit Published, Posing SYSTEM Privilege Threat appeared first on Cybersecurity News.

Cybersecurity 144

Cybersecurity 144

Security Affairs

NOVEMBER 12, 2024

Microsoft Patch Tuesday security updates for November 2024 addressed 89 vulnerabilities, including two actively exploited zero-day flaws. CVE-2024-49039 : A Windows Task Scheduler privilege escalation flaw allows AppContainer escape, enabling low-privileged users to run code at Medium integrity. Immediate patching is recommended.

Internet 128

Internet Internet Hacking Data breaches 128

Penetration Testing

DECEMBER 11, 2024

The vulnerability, identified as CVE-2024-53247... The post CVE-2024-53247: Splunk Secure Gateway App Vulnerability Allows Remote Code Execution appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

Tech Republic Security

OCTOBER 16, 2024

Zscaler ThreatLabz report reveals a 2024 surge in mobile, IoT, and OT cyberattacks, highlighting key trends and the need for zero trust security.

IoT 181

IoT Mobile Cyber threats Internet 181

Schneier on Security

JUNE 7, 2024

This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security.

Cybersecurity 279

Cybersecurity 279

Tech Republic Security

SEPTEMBER 17, 2024

LastPass’ recent data breaches make it hard to recommend as a viable password manager in 2024. Learn more in our full review below.

Password Management 170

Password Management Data breaches Passwords 170

Penetration Testing

OCTOBER 23, 2024

Fortinet has issued a security advisory for its FortiManager platform, addressing a critical vulnerability—CVE-2024-47575—which has been actively exploited in the wild. arises from a... The post Fortinet Warns of Actively Exploited Flaw in FortiManager: CVE-2024-47575 (CVSS 9.8) This vulnerability, rated at CVSS 9.8,

Cybersecurity 127

Cybersecurity 127

Penetration Testing

NOVEMBER 14, 2024

A critical security vulnerability, CVE-2024-52301, has been identified in the Laravel framework, a popular web application framework known for its elegant syntax and comprehensive toolset for building robust applications.

Cybersecurity 143

Cybersecurity 143

Penetration Testing

OCTOBER 27, 2024

The SonicWall Capture Labs Threat Research Team has published an in-depth analysis of CVE-2024-38812, a critical heap-overflow vulnerability found in VMware vCenter Server.

Cybersecurity 141

Cybersecurity 141

Tech Republic Security

NOVEMBER 8, 2024

Discover the best vulnerability management tools of 2024. Compare top solutions, explore features and benefits, and find expert reviews to guide your choice.

153

153

The Last Watchdog

DECEMBER 5, 2024

5, 2024, CyberNewswire — One Identity proudly announces it has been named a winner in the Hot Company: Privileged Access Management (PAM) category in the 12th annual Cyber Defense Awards by Cyber Defense Magazine (CDM), the industrys leading information security magazine. Alisa Viejo, Calif.,

InfoSec 130

InfoSec Cyber Risk CISO Cybersecurity 130

Penetration Testing

DECEMBER 31, 2024

A security researcher published a proof-of-concept (PoC) exploit for CVE-2024-21182, a critical vulnerability in Oracle WebLogic Server. Rated at CVSS 7.5,

Cybersecurity 105

Cybersecurity 105

Penetration Testing

NOVEMBER 19, 2024

CVE-2024-47533 exposes Cobbler servers to unauthorized access and control, enabling attackers to manipulate system configurations.

Cybersecurity 127

Cybersecurity 127

Security Affairs

OCTOBER 22, 2024

VMware failed to fully address a remote code execution flaw, tracked as CVE-2024-38812 (CVSS score: 9.8), in its vCenter Server platform. In September, Broadcom released security updates to the vulnerability CVE-2024-38812. During the 2024 Matrix Cup hacking contest in China, zbl & srs of team TZL demonstrated the vulnerability.

Hacking 141

Hacking Government Software Information Security 141

Penetration Testing

DECEMBER 11, 2024

Developers using the popular Apache Struts framework are urged to update their systems immediately following the discovery of a critical security flaw (CVE-2024-53677, CVSS 9.5)

Cybersecurity 134

Cybersecurity 134

Schneier on Security

FEBRUARY 14, 2024

This is a current list of where and when I am scheduled to speak: I’m speaking at the Munich Security Conference (MSC) 2024 in Munich, Germany, on Friday, February 16, 2024. The symposium will be held at Columbia University in New York City and online, on Tuesday, February 20, 2024. The list is maintained on this page.

279

279