Krebs on Security

MAY 10, 2022

By all accounts, the most urgent bug Microsoft addressed this month is CVE-2022-26925 , a weakness in a central component of Windows security (the “ Local Security Authority ” process within Windows). CVE-2022-26925 was publicly disclosed prior to today, and Microsoft says it is now actively being exploited in the wild.

Authentication 306

Authentication Security Ransomware IT 306

Krebs on Security

MARCH 14, 2023

The government alleges that on May 7, 2022, Singh used stolen credentials to log into a U.S. On May 12, 2022, KrebsOnSecurity broke the news that hackers had gained access to a DEA portal that taps into 16 different federal law enforcement databases. .” federal government portal without authorization. ” Image: USDOJ.

Government 321

Government Security Access Communications 321

Krebs on Security

JANUARY 11, 2022

By all accounts, the most severe flaw addressed today is CVE-2022-21907, a critical, remote code execution flaw in the “ HTTP Protocol Stack.” ” Microsoft says the flaw affects Windows 10 and Windows 11 , as well as Server 2019 and Server 2022. “Test and deploy this patch quickly.” ” Quickly indeed.

Libraries 320

Libraries Security Access IT 320

Krebs on Security

FEBRUARY 28, 2023

Image: Shutterstock.com Three different cybercriminal groups claimed access to internal networks at communications giant T-Mobile in more than 100 separate incidents throughout 2022, new data suggests. But by the time we got to claims made in the middle of May 2022, completing the rest of the year’s timeline seemed unnecessary.

Phishing 355

Phishing Authentication Security Access 355

Krebs on Security

APRIL 13, 2022

Of particular concern this month is CVE-2022-24521 , which is a “privilege escalation” vulnerability in the Windows common log file system driver. Among the scariest critical bugs is CVE-2022-26809, a potentially “wormable” weakness in a core Windows component ( RPC ) that earned a CVSS score of 9.8 (10

Ransomware 302

Ransomware Security Access IT 302

Krebs on Security

JUNE 15, 2022

On top of the critical heap this month is CVE-2022-30190 , a vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Beaumont said other researchers on April 12, 2022 told Microsoft about active exploitation of the MSDT flaw, but Microsoft closed the ticket saying it wasn’t a security issue.

Security 308

Security Cloud Cybersecurity IT 308

Data Breach Today

DECEMBER 28, 2022

Russia Continued Its Cyber Offensive With an Average of 10 Cyberattacks a Day Ukraine's domestic intelligence agency revealed this week that it successfully blocked more than 4,500 cyberattacks in 2022.

IT 252

IT 252

Krebs on Security

FEBRUARY 8, 2022

Among those is CVE-2022-22005 , a weakness in Microsoft’s Sharepoint Server versions 2013-2019 that could be exploited by any authenticated user. ” Kevin Breen at Immersive Labs called attention to CVE-2022-21996 , an elevation of privilege vulnerability in the core Windows component “ Win32k.”

Authentication 259

Authentication Ransomware Systems administration Security 259

Data Breach Today

JUNE 14, 2023

The computing giant dubs the threat actor Cadet Blizzard and says it carried out the January 2022 WhisperGate attacks against Ukraine.

Military 189

Military IT 189

Krebs on Security

SEPTEMBER 14, 2022

Worst in terms of outright scariness is CVE-2022-37969 , which is a “privilege escalation” weakness in the Windows Common Log File System Driver that allows attackers to gain SYSTEM-level privileges on a vulnerable host. .” CVE-2022-32984 is a problem in the deepest recesses of the operating system (the kernel).

Privacy 176

Privacy Security Cybersecurity Authentication 176

Data Breach Today

JANUARY 13, 2023

Massachusetts Citizens Excluded From Feds' Case Against Shields Health Care Group Shields Health Care Group, a Massachusetts-based medical imaging services provider, is facing two class action lawsuits filed this week - a consolidated federal case and a similar, separate case filed in state court - both in the wake of the same 2022 data breach affecting (..)

Data breaches 219

Data breaches 219

Data Breach Today

MAY 31, 2022

The Majority of Incidents Entailed Malware Distribution, Phishing and Intrusion Attempts Three months after Russia’s ongoing invasion of Ukraine began, the country takes a look back at the turbulence the nation has faced in its cyber sphere during Q1 2022, and considers the way ahead.

Phishing 266

Phishing IT 266

Data Breach Today

FEBRUARY 24, 2023

IBM Data Shows the Region Accounted for 31% of All Incidents Monitored During 2022 The Asia-Pacific region had the dubious distinction of being the global region that faced the most cyberattacks during 2022, as observed by IBM's threat intelligence platform.

161

161

Data Breach Today

JULY 5, 2022

Get the Latest Insights from the Industry's Top Minds - All in One Place Welcome to ISMG's compendium of RSA Conference 2022. The 31st annual conference covered a wide range of topics including cybercrime, cyberwarfare, zero trust, supply chain risk, ransomware, OT security, cyber insurance and jobs.

Ransomware 225

Ransomware Insurance Risk Security 225

Data Breach Today

JUNE 28, 2023

Hackers Evolve Tactics to Focus on Espionage, Not Destruction, State Agency Says Cyberattackers have hit Ukraine's critical infrastructure over 3,000 times since the beginning of the Russian invasion in 2022, according to Ukraine's national incident response team, which warned that such attacks may continue for years even after the fighting on the (..)

130

130

Data Breach Today

AUGUST 10, 2022

Ransomware, New Tactics and Geopolitical Threats Among the Key Conference Topics Black Hat 2022 kicks off today with security experts sharing cutting-edge research and insights through demos, technical trainings and hands-on labs.

Ransomware 235

Ransomware Risk Security 235

Data Breach Today

APRIL 13, 2022

ISACA's Jon Brandt Discusses Workforce Efforts, Resources and Cyber Operations The 2022 ISACA State of Cybersecurity report reveals trends in the cybersecurity workforce and the threat landscape, including understaffing and retention.

Cybersecurity 232

Cybersecurity 232

Data Breach Today

MAY 18, 2022

30, 2022. EDR Deployments Will be Underway at More Than Half of Federal Agencies This Year EDR deployments will be underway at more than half of federal civilian agencies by the end of September, according to federal officials.

247

247

Data Breach Today

MAY 18, 2022

30, 2022. EDR Deployments Will Be Underway at More Than Half of Federal Agencies This Year EDR deployments will be underway at more than half of federal civilian agencies by the end of September, according to federal officials.

Government 211

Government 211

Data Breach Today

DECEMBER 30, 2022

A Reflection on Top Thought-Leader Interviews of the Year In the latest update, four ISMG editors discuss important issues of 2022, including: CISO Marene Allison's unique career path; Ukrainian government cybersecurity official Victor Zhora on lessons learned from countering cyberattacks; and insights from CEO Nikesh Arora of Palo Alto Networks.

Cybersecurity 130

Cybersecurity Government 130

Security Affairs

DECEMBER 29, 2022

NCC Group’s Fox-IT research team warns of thousands of Citrix ADC and Gateway endpoints remain vulnerable to two critical vulnerabilities, tracked as CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), that the company addressed in recent months. Citrix addressed the flaw on November 8, 2022. Pierluigi Paganini.

Authentication 94

Authentication Cloud Security Access 94

Hunton Privacy

NOVEMBER 14, 2022

On November 1, 2022, the Federal Trade Commission hosted their annual PrivacyCon 2022, which was available to the public via webcast. The recordings of PrivacyCon 2022 are available on the FTC website. The FTC held seven different panels highlighting the latest research and trends in consumer privacy and data security.

Privacy 103

Privacy Data Privacy Data collection Risk 103

Security Affairs

DECEMBER 14, 2022

Microsoft released December 2022 Patch Tuesday security updates that fix 52 vulnerabilities across its products. Microsoft December 2022 Patch Tuesday security updates fixed two zero-day vulnerabilities; one of the new issues addressed this month is listed as publicly known at the time of release, and one is actively exploited.

Security 108

Security Information Security IT 108

Hunton Privacy

MARCH 7, 2023

On March 7, 2023, the Irish Data Protection Commission (“DPC”) published its Annual Report for 2022 (the “Report”). Highlights from the Report include: During 2022, the DPC received 2,700 complaints from data subjects under the General Data Protection Regulation (“GDPR”).

Data breaches 114

Data breaches GDPR Personal data Compliance 114

Security Affairs

DECEMBER 9, 2022

On the third day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned more than $250,000. Another successful exploit in the SOHO SMASHUP category @ #P2OToronto #Pwn2Own pic.twitter.com/8Qty12wmU1 — Zero Day Initiative (@thezdi) December 9, 2022. The results of Day Three are available here.

Cloud 119

Cloud Security Information Security IT 119

Security Affairs

OCTOBER 14, 2022

Researchers disclosed details of a now-patched flaw, tracked as CVE-2022-37969, in Windows Common Log File System (CLFS). The CVE-2022-37969 (CVSS score: 7.8) Microsoft fixed it with the release of September 2022 Patch Tuesday security updates, the company also states it has been actively exploited in the wild. “An

Metadata 145

Metadata Security Access Information Security 145

Info Source

SEPTEMBER 15, 2023

The growth rates for Capture & IDP software and solutions returned to a double-digit growth, close to pre-pandemic growth rates in 2022. The demand for Capture & IDP solutions in 2022 slowed slightly in North America following a particularly strong year.

Information capture 52

Information capture Marketing Records Management e-Discovery 52

Security Affairs

OCTOBER 28, 2022

Apple released updates to backport the recently released security patches for CVE-2022-42827 zero-day to older iPhones and iPads. Apple has released new security updates to backport security patches released this week to address actively exploited CVE-2022-42827 in older iPhones and iPads, addressing an actively exploited zero-day bug.

Security 116

Security Information Security IT 116

Security Affairs

MAY 1, 2023

In 2022, Google prevented 1.43 million policy-violating applications from being published on Google Play in 2022. ” The company explained that in 2022, the App Security Improvements program helped developers to address approximately 500K security weaknesses affecting approximately 300K apps.

Security 87

Security Privacy Education Access 87

Security Affairs

MAY 20, 2022

During the second day of the Pwn2Own Vancouver 2022 hacking competition, contestants demonstrated a working exploit for Microsoft Windows 11. During the second day of the Pwn2Own Vancouver 2022 hacking competition, white hat hackers demonstrated a working exploit against Microsoft Windows 11 OS. To nominate, please visit:?

Security 86

Security Cybersecurity Access Information Security 86