Security Boulevard

JANUARY 10, 2025

According to a Netskope report, phishing attacks surged in 2024, with enterprise employees clicking on phishing links at a rate nearly three times higher than in 2023. The post Phishing Threats, GenAI Among Top Cybersecurity Risks in 2025 appeared first on Security Boulevard. The study found phishing campaigns have evolved.

Phishing 122

Phishing Risk Cybersecurity Security Awareness 122

SecureList

NOVEMBER 29, 2024

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Quarterly figures In Q3 2024: Kaspersky solutions successfully blocked more than 652 million cyberattacks originating from various online resources. 2 China 0.95 3 Libya 0.68 4 South Korea 0.66

Mobile 106

Mobile Adware Ransomware Malware 106

Krebs on Security

AUGUST 13, 2024

CVE-2024-38106 , CVE-2024-38107 and CVE-2024-38193 all allow an attacker to gain SYSTEM level privileges on a vulnerable machine, although the vulnerabilities reside in different parts of the Windows operating system. The final zero-day this month is CVE-2024-38189 , a remote code execution flaw in Microsoft Project.

Internet 303

Internet Internet Malware Software 303

Penetration Testing

NOVEMBER 21, 2024

A newly discovered vulnerability in popular remote desktop software AnyDesk could allow attackers to uncover users’ IP addresses, posing significant privacy risks.

Software 98

Software Risk Cybersecurity 98

Krebs on Security

OCTOBER 8, 2024

One of the zero-day flaws — CVE-2024-43573 — stems from a security weakness in MSHTML , the proprietary engine of Microsoft’s Internet Explorer web browser. If that sounds familiar it’s because this is the fourth MSHTML vulnerability found to be exploited in the wild so far in 2024.

Engineering 256

Engineering Internet Internet System Administration 256

Adam Shostack

JANUARY 2, 2025

The most important stories around threat modeling, appsec and secure by design for June, 2024. A group of leading AI researchers have released a letter about a Right to Warn , advocating that staff can warn the public about risks from their employers products, without being sued for disparagement or retaliated against.

Scams 130

Scams Mobile Engineering Software 130

Penetration Testing

DECEMBER 29, 2024

A high-severity vulnerability, CVE-2024-55950 (CVSS 8.6), has been identified in Tabby (formerly Terminus), a widely used terminal emulator and SSH client for Windows, macOS, and Linux.

Risk 64

Risk Cybersecurity 64

The Last Watchdog

MARCH 19, 2025

SpyCloud , the leading identity threat protection company, today released its 2025 SpyCloud Annual Identity Exposure Report , highlighting the rise of darknet-exposed identity data as the primary cyber risk facing enterprises today. It requires organizations to rethink the risks posed by employees, consumers, partners and suppliers.

Cyber Risk 113

Cyber Risk Risk Phishing Cybercrime 113

Responsible Cyber

NOVEMBER 23, 2024

Overview of Vendor Breaches in 2024 In 2024, the cybersecurity landscape has faced an alarming rise in vendor-related breaches, underscoring the vulnerabilities associated with third-party service providers. A common characteristic among the vendor breaches reported in 2024 is the exploitation of weak security protocols.

Risk 81

Risk Healthcare Education Cybersecurity 81

Penetration Testing

NOVEMBER 18, 2024

Palo Alto Networks has issued critical advisories regarding two actively exploited vulnerabilities in their PAN-OS software, posing significant risks to organizations relying on the platform for network security.

Network Security 78

Network Security Software Risk Cybersecurity 78

Penetration Testing

NOVEMBER 4, 2024

has been identified, posing a significant security risk that could allow attackers to execute arbitrary web scripts or HTML on... The post CVE-2024-46538: Unpatched XSS Flaw in pfSense Allows Remote Exploits, PoC Published appeared first on Cybersecurity News.

Risk 92

Risk Cybersecurity 92

Security Affairs

OCTOBER 23, 2024

It becomes increasingly difficult to gain complete visibility or transparency that could help security and privacy teams discover sensitive data, identify its security and compliance postures, and mitigate risks. To add to the difficulty, the advent of Generative AI (GenAI) has brought unprecedented security and privacy risks.

Data privacy 124

Data privacy Unstructured Data Risk Data breaches 124

Adam Shostack

JANUARY 2, 2025

First, the Washington Post reports on how Officials studied Baltimore bridge risks but didnt prepare for ship strike that discusses the challenges of securing bridges against modern cargo ships. A less busy month in appsec, AI, and regulation, but still interesting stories Im going to kick off with two interesting engineering stories.

Engineering 130

Engineering Software Cybersecurity Risk 130

Security Affairs

NOVEMBER 7, 2024

Google as usual did not share details about the attacks exploiting the above vulnerability, however, it added that another issue, tracked as CVE-2024-43047, is actively exploited in the wild. CVE-2024-43093 CVE-2024-43047″ reads the security bulletin published by Google. Versions up to 2.3.6 and unpatched 2.3.7

Firewall 124

Firewall Authentication Accountability Risk 124

Malwarebytes

DECEMBER 31, 2024

It may sound weird when I say that I would like to remember 2024 as the year of the biggest breaches. Huge increase in numbers As we reported in July , the number of data breach victims went up 1,170% in Q2 2024, compared to Q2 2023 (from 81,958,874 victims to 1,041,312,601). Remember these headlines? Heres what you need to know.

Data breaches 106

Data breaches Healthcare Passwords Banking 106

Malwarebytes

OCTOBER 30, 2024

Technical details One of the vulnerabilities was reported to Google by Apple Security Engineering and Architecture (SEAR), which reported the issue on October 23, 2024. This vulnerability, tracked as CVE-2024-10487 , can be used by cybercriminals as a drive-by download. It could be used for potential data theft or system crashes.

Spyware 143

Spyware Architecture Advertising Engineering 143

Security Boulevard

NOVEMBER 1, 2024

If not promptly addressed, your organization is at risk. The post Cybersecurity Vulnerability News: October 2024 CVE Roundup appeared first on TrueFort. The post Cybersecurity Vulnerability News: October 2024 CVE Roundup appeared first on Security Boulevard.

Cybersecurity 64

Cybersecurity Technology Risk 64

Thales Cloud Protection & Licensing

NOVEMBER 26, 2024

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday josh.pearson@t… Tue, 11/26/2024 - 08:01 As Black Friday and Cyber Monday loom, the stakes for retailers extend far beyond enticing deals and record sales. With retail sales during 2024 set to grow to between $5.23 trillion and $5.28 trillion and $5.28

Retail 71

Retail Cyber Risk Risk DDOS 71

Malwarebytes

NOVEMBER 6, 2024

If your Android phone shows patch level 2024-11-05 or later then the issues discussed below have been fixed. The CVEs that look the most important are: CVE-2024-43047 : a high-severity use-after-free issue in closed-source Qualcomm components within the Android kernel that elevates privileges.

Encryption 135

Encryption Mobile Technology Software 135

Security Affairs

NOVEMBER 2, 2024

Hackers are exploiting two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, in PTZOptics cameras. Threat actors are attempting to exploit two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957 , in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras, GretNoise researchers warn.

Firmware 120

Firmware Manufacturing IoT Healthcare 120

Thales Cloud Protection & Licensing

DECEMBER 3, 2024

Thales Introduces Data Risk Intelligence, Bringing Organizations Risk Profile Front and Center madhav Tue, 12/03/2024 - 09:32 When Thales finalized the acquisition of Imperva in January 2024, our aim was clear: to empower organizations to protect data and secure all paths to it. Want to dive deeper?

Risk 62

Risk Digital transformation Encryption Software 62

Security Affairs

OCTOBER 19, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the Veeam Backup and Replication flaw CVE-2024-40711 (CVSS score of 9.8) This week, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware.

Backups 129

Backups VPN Ransomware Authentication 129

The Last Watchdog

AUGUST 12, 2024

LAS VEGAS – Here’s what I discovered last week here at Black Hat USA 2024 : GenAI is very much in the mix as a potent X-factor in cybersecurity. When you add AI into the mix, it further intensifies the challenge of managing data sprawl and the associated risks.” Those are my big takeaways from Black Hat USA 2024. Roger that.

Software 290

Software Technology Mobile Cybersecurity 290

BH Consulting

OCTOBER 24, 2024

Grant aid for SME cybersecurity as the Ireland’s industry expands A new grant aims to help SMEs to review and update their cybersecurity and mitigate against the risk of incidents. Those are the seven threats ENISA enumerates in its latest Threat Landscape 2024 report. Information Security Buzz has a good summary of the main points.

Social Engineering 69

Social Engineering Passwords Cybersecurity Ransomware 69

The Last Watchdog

OCTOBER 23, 2024

22, 2024, CyberNewswire — INE Security offers essential advice to protect digital assets and enhance security. As small businesses increasingly depend on digital technologies to operate and grow, the risks associated with cyber threats also escalate. Cary, NC, Oct.

Small Business 162

Small Business Data breaches Backups Passwords 162

The Last Watchdog

DECEMBER 12, 2023

Related: Adopting an assume-breach mindset With that in mind, Last Watchdog invited the cybersecurity experts we’ve worked with this past year for their perspectives on two questions that all company leaders should have top of mind: •What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization?

Cybersecurity 258

Cybersecurity Social Engineering Cyber threats Software 258

SecureWorld News

NOVEMBER 14, 2024

Ransomware attacks on healthcare organizations have sharply increased in 2024, as shown by recent research from Safety Detectives. Escalating Frequency and Impact: Healthcare services have become one of the most targeted industries, moving from the fifth most attacked sector in 2023 to third in 2024.

Healthcare 119

Healthcare Ransomware Identity Theft Data breaches 119

The Last Watchdog

DECEMBER 13, 2023

We drilled down on a few significant developments expected to play out in 2024 and beyond. What’s more, a fresh layer of risks posed by the rise of quantum computing looms large. A we turn the corner into 2024, Digital Trust is in sight. We met at DigiCert Trust Summit 2023. This is something we’ve come to take for granted.

Encryption 311

Encryption Technology CISO IoT 311

Malwarebytes

APRIL 8, 2025

Technical details The zero-days are both located in the kernel: CVE-2024-53150 : an out-of-bounds flaw in the USB sub-component of the Linux Kernel that could result in information disclosure. CVE-2024-53197 : a privilege escalation flaw in the USB audio sub-component of the Linux Kernel. Again, no user interaction is required.

Spyware 118

Spyware Mobile Software Risk 118

Security Affairs

NOVEMBER 6, 2024

Taiwanese vendor Synology has addressed a critical security vulnerability, tracked as CVE-2024-10443, that impacts DiskStation and BeePhotos. Security researcher Rick de Jager demonstrated the vulner ability, called RISK:STATION by cybersecurity firm Midnight Blue, at the Pwn2Own Ireland 2024 hacking contest.

Firmware 123

Firmware Manufacturing Hacking Media 123

Centraleyes

APRIL 24, 2025

Mandiants report highlighted that three of the four top exploited vulnerabilities in 2024 were zero-days discovered and leveraged by attackers before patches were available. Palo Alto Networks GlobalProtect (CVE-2024-3400) was the most exploited vulnerability, used by both state-backed groups and ransomware affiliates. The targets?

Risk 52

Risk VPN Firewall Ransomware 52

Security Affairs

OCTOBER 22, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the ScienceLogic SL1 flaw CVE-2024-9537 (CVSS v4 score: 9.3) ” On September 24, 2024, cloud hosting provider Rackspace reported an issue with its ScienceLogic EM7 monitoring tool. CISA orders federal agencies to fix this vulnerability by November 11, 2024.

Encryption 121

Encryption Hacking Accountability Cybersecurity 121

Security Affairs

MARCH 31, 2025

Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco Smart Licensing Utility vulnerability, tracked as CVE-2024-20439 , to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2024-20440 (CVSS score: 9.8) The vulnerability is due to excessive verbosity in a debug log file. reads the advisory.

Software 108

Software Passwords Internet Internet 108

BH Consulting

DECEMBER 6, 2024

This blog will explore the advantages and risks these AI tools bring, along with actionable steps to integrate them responsibly into business practices. Key security and privacy risks Despite these benefits, there are inherent risks in relying on AI coding assistants. Establish an AI usage policy.

Risk 72

Risk Data privacy Information Security Software 72

Security Affairs

NOVEMBER 9, 2024

Below are the vulnerabilities reported by ZDI: CVE-2024-8355 : SQL injection in DeviceManager, enabling database manipulation or code execution via spoofed Apple device connections. CVE-2024-8358 : Command injection in UPDATES_ExtractFile , enabling command execution via file paths during updates.

Hacking 128

Hacking Firmware Software Manufacturing 128

Security Affairs

DECEMBER 17, 2024

Cybersecurity and Infrastructure Security Agency (CISA)added the Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference ( CVE-2024-35250 ) and Adobe ColdFusion Improper Access Control ( CVE-2024-20767 ) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability CVE-2024-35250 (CVSS score 7.8)

Hacking 107

Hacking Cybersecurity Ransomware Risk 107

Krebs on Security

DECEMBER 11, 2024

Peter German , a former deputy commissioner for the Royal Canadian Mounted Police who authored two reports on money laundering in British Columbia, told the publicationsit goes against the spirit of Canadas registration requirements for such businesses, which are considered high-risk for money laundering and terrorist financing. ”

Cryptocurrency 280

Cryptocurrency Banking Cybercrime Advertising 280