Threats & Malware, Vulnerabilities
July 24, 2024
Via: SecurityWeekThere have been so many hot takes about the CrowdStrike disaster that I don’t feel any need to add mine. But when you see what Delta Airlines is *still* doing to passengers some five days after this one piece of […]
Threats & Malware, Vulnerabilities
July 10, 2024
Via: Help Net SecurityCVE-2024-38112, a spoofing vulnerability in Windows MSHTML Platform for which Microsoft has released a fix on Tuesday, has likely been exploited by attackers in the wild for over a year, Check Point researcher Haifei Li has revealed. “Check Point Research […]
July 3, 2024
Via: SecureWorldOrganizations increasingly rely on global talent outsourcing to bolster their cybersecurity capabilities. By tapping into a vast pool of skilled professionals worldwide, companies can address skill shortages, optimize costs, and gain access to specialized expertise. However, this trend also introduces […]
Threats & Malware, Vulnerabilities
June 26, 2024
Via: The RegisterThought last year’s MOVEit hellscape was well and truly behind you? Unlucky, buster. We’re back for round two after Progress Software lifted the lid on fresh vulnerabilities affecting MOVEit Transfer and Gateway. Progress Software initially contacted users on June 13 […]
Threats & Malware, Vulnerabilities
June 25, 2024
Via: The RegisterUS cybersecurity agency CISA is urging high-risk chemical facilities to secure their online accounts after someone broke into its Chemical Security Assessment Tool (CSAT) portal. CSAT is used by industry facilities that house chemicals of interest, of which there are […]
June 25, 2024
Via: The RegisterYou know that a technology problem is serious when the White House holds a summit about it. Ransomware is no longer a simple nerd-borne irritation; it’s an organized criminal scourge. Research from the Enterprise Systems Group (ESG) found 79 percent […]
Threats & Malware, Virus & Malware
May 24, 2024
Via: CSO OnlineIn its frontline threat intelligence report for the first quarter of 2024, risk and financial advisory firm Kroll revealed that, as in virtually every other industry, cyber criminals are using artificial intelligence (AI) to further their goals. Well-known tactics such […]
Threats & Malware, Vulnerabilities
May 16, 2024
Via: The RegisterNational Cyber Security Centre (NCSC) CTO Ollie Whitehouse kicked off day two of Britain’s cyber watchdog’s annual shindig, CYBERUK, with a tirade about the tech market, pulling it apart to demonstrate why he believes it’s at fault for many of […]
Threats & Malware, Vulnerabilities
May 14, 2024
Via: The RegisterThe UK’s NHS is warning of the possibility that vulnerabilities in Arcserve Unified Data Protection (UDP) software are being actively exploited. Originally disclosed in March, the three vulnerabilities all had proof of concept (PoC) exploit code released the day after […]
Threats & Malware, Vulnerabilities
April 17, 2024
Via: The RegisterAI agents, which combine large language models with automation software, can successfully exploit real world security vulnerabilities by reading security advisories, academics have claimed. In a newly released paper, four University of Illinois Urbana-Champaign (UIUC) computer scientists – Richard Fang, […]
April 3, 2024
Via: Naked SecurityTo deploy a ransomware attack, adversaries must first gain access to a victim’s corporate environment, devices, and data. Threat actors typically use two main approaches to gain entry: logging in using compromised credentials, i.e., legitimate access data that had previously […]
Mobile, Mobile security, Threats & Malware, Vulnerabilities
April 3, 2024
Via: Security WeekThe exploited flaws, tracked as CVE-2024-29745 and CVE-2024-29748, impact Pixel’s bootloader and firmware, Google notes in its advisory. The internet giant says it has indications that these two security defects “may be under limited, targeted exploitation,” without providing specific details […]
Threats & Malware, Vulnerabilities
February 22, 2024
Via: Security AffairsThe maintainers of the Joomla! Project released Joomla 5.0.3 and 4.4.3 versions that addressed the following vulnerabilities in the popular content management system (CMS): [20240201] –CVE-2024-21722 Core – Insufficient session expiration in MFA management views: The MFA management features did […]
Threats & Malware, Vulnerabilities
February 9, 2024
Via: The RegisterWe’ve had to write the word “Fortinet” so often lately that we’re considering making a macro just to make our lives a little easier after what the company’s reps will surely agree has been a week sent from hell. It […]
Threats & Malware, Vulnerabilities
February 8, 2024
Via: The RegisterResearchers suspect the criminals behind the Raspberry Robin malware are now buying exploits for speedier cyberattacks. An exploit developer is thought by infosec pros to be either on the Raspberry Robin payroll or a close contact that sells them to […]
Application security, Security
February 8, 2024
Via: The RegisterMemory-safety flaws represent the majority of high-severity problems for Google and Microsoft, but they’re not necessarily associated with the majority of vulnerabilities that actually get exploited. So while coding with Rust can help reduce memory safety vulnerabilities, it won’t fix […]
Threats & Malware, Vulnerabilities
February 6, 2024
Via: The RegisterFortinet’s FortiSIEM product is vulnerable to two new maximum-severity security vulnerabilities that allow for remote code execution. Both CVE-2024-23108 and CVE-2024-23109 have been assigned provisional scores of 10 on the CVSS scale, suggesting exploits can be carried out remotely by […]
Threats & Malware, Vulnerabilities
January 31, 2024
Via: Security AffairsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability can allow an attacker with arbitrary read and write capability to bypass Pointer Authentication. […]
Threats & Malware, Vulnerabilities
January 30, 2024
Via: The RegisterJuniper Networks has disclosed separate vulnerabilities it was previously accused of concealing, and apologized to customers for the error in communication. The update, which happened late last week, comes hot on the heels of reporting from El Reg that highlighted […]
Threats & Malware, Vulnerabilities
January 25, 2024
Via: Naked SecurityIn July 2023, our proactive behavior rules triggered on an attempt to load a driver named pskmad_64.sys (Panda Memory Access Driver) on a protected machine. The driver is owned by Panda Security and used in many of their products. Due […]