Krebs on Security

JANUARY 11, 2022

By all accounts, the most severe flaw addressed today is CVE-2022-21907, a critical, remote code execution flaw in the “ HTTP Protocol Stack.” ” Microsoft says the flaw affects Windows 10 and Windows 11 , as well as Server 2019 and Server 2022. “Test and deploy this patch quickly.”

Libraries 255

Libraries Security Access IT 255

Krebs on Security

JUNE 15, 2022

On top of the critical heap this month is CVE-2022-30190 , a vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Beaumont said other researchers on April 12, 2022 told Microsoft about active exploitation of the MSDT flaw, but Microsoft closed the ticket saying it wasn’t a security issue.

Cloud 247

Cloud Security IT Cybersecurity 247

Jamf

JULY 14, 2022

For over 10 years, Apple admins from near and far have gathered, be it in person or virtually, at the Jamf Nation User Conference (JNUC). Check out the 10 reasons this year's JNUC is one you'll have to see to believe. This year’s event will be even bigger, better and back in person !

Security 98

Security IT 98

Security Affairs

APRIL 12, 2022

Microsoft Partch Tuesday security updates for April 2022 fixed 128 vulnerabilities, including an actively exploited zero-day reported by NSA. One of these flaws, tracked as CVE-2022-24521 (CVSS score 7.8), is a Windows Common Log File System Driver Elevation of Privilege issue that is actively exploited. Pierluigi Paganini.

Libraries 99

Libraries Cybersecurity Security IT 99

Info Source

OCTOBER 9, 2022

DIR 10-10-2022. To open and read this issue as a PDF (or to download): Click here.

40

40

Security Affairs

FEBRUARY 8, 2024

Government offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware group. Starting from the end of July 2022, the FBI infiltrated Hive’s computer networks. According to the announcement, the group targeted organizations in over 80 countries.

Ransomware 117

Ransomware Blockchain Manufacturing Analytics 117

Data Matters

JANUARY 17, 2023

This Sidley Update highlights certain key disclosure considerations for preparing your annual report on Form 10-K for fiscal year 2022, including recent amendments to U.S. The post Preparing Your 2022 Form 10-K: A Summary of Recent Key Disclosure Developments, Priorities, and Trends appeared first on Data Matters Privacy Blog.

Compliance 88

Compliance Privacy Security Cybersecurity 88

Security Affairs

FEBRUARY 25, 2024

Crooks stole nearly $10 million from the wallet of one of the co-founders of the video game Axie Infinity and the related Ronin Network. Cybercriminals stole about $10 million from the wallet of Jeff “Jihoz” Zirlin, who is one of the co-founders of the video game Axie Infinity and the related Ronin Network. In April, the U.S.

Blockchain 115

Blockchain Ransomware Cybersecurity Government 115

Outpost24

NOVEMBER 30, 2021

2022 Cybersecurity Predictions. Tue, 11/30/2021 - 10:10. Here our panel of security experts share their predictions for the key security challenges and trends to look out for in 2022 ensuring you can beat the hackers at their own game. Florian Barre. Full-Stack Security.

Cybersecurity 98

Cybersecurity Digital transformation Ransomware Security 98

Security Affairs

DECEMBER 9, 2022

On the third day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hacking competition, participants earned more than $250,000. The team earned $50K and 10 Master of Pwn points. SecurityAffairs – hacking, Pwn2Own Toronto 2022). The results of Day Three are available here. Pierluigi Paganini.

Cloud 120

Cloud Security Information Security IT 120

Security Affairs

APRIL 7, 2022

Experts discovered a vulnerability, tracked as CVE-2022-22292, which can be exploited to compromise Android 9, 10, 11, and 12 devices. Researchers from mobile cybersecurity firm Kryptowire discovered a vulnerability, tracked as CVE-2022-22292 , in Android 9, 10, 11, and 12 devices. To nominate, please visit:?

Cybersecurity 130

Cybersecurity Security Access Information Security 130

KnowBe4

FEBRUARY 12, 2024

The US Federal Trade Commission (FTC) has disclosed that people in the United States lost a record $10 billion to fraud in 2023, a 14% increase from 2022. Nearly half of the losses were due to investment scams.

Security 80

Security 80

Security Affairs

MAY 19, 2022

White hat hackers earned a total of $800,000 on the first day of the Pwn2Own Vancouver 2022, $450,000 for exploits targeting Microsoft Teams. Pwn2Own Vancouver 2022 hacking contest has begun, it is the 15th edition of this important event organized by Trend Micro’s Zero Day Initiative (ZDI). The remaining exploits received a $40,000.

Cybersecurity 126

Cybersecurity Security IT Information Security 126

Security Affairs

DECEMBER 1, 2023

The Black Basta ransomware gang infected over 300 victims accumulating ransom payments exceeding $100 million since early 2022. The Black Basta ransomware group has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. ” reads the Elliptic’s report.

Ransomware 96

Ransomware Blockchain Retail Insurance 96

Outpost24

MAY 15, 2022

The State of Ransomware in 2022. Mon, 05/16/2022 - 01:10. Florian Barre. Blueliv, an Outpost24 company. Threat Intelligence.

Ransomware 98

Ransomware 98

Security Affairs

OCTOBER 14, 2022

Researchers disclosed details of a now-patched flaw, tracked as CVE-2022-37969, in Windows Common Log File System (CLFS). The CVE-2022-37969 (CVSS score: 7.8) Microsoft fixed it with the release of September 2022 Patch Tuesday security updates, the company also states it has been actively exploited in the wild. “An

Metadata 145

Metadata Security IT Access 145

Security Affairs

AUGUST 29, 2022

Cybersecurity and Infrastructure Security Agency (CISA) added 10 new flaws to its Known Exploited Vulnerabilities Catalog. Cybersecurity and Infrastructure Security Agency (CISA) added 10 new vulnerabilities to its Known Exploited Vulnerabilities Catalog , including a high-severity security flaw ( CVE-2021-38406 CVSS score: 7.8)

IT 98

IT Authentication Cybersecurity Cloud 98

Security Affairs

JULY 4, 2022

US Critical Infrastructure Security Agency (CISA) adds CVE-2022-26925 Windows LSA flaw to its Known Exploited Vulnerabilities Catalog. Now the US organization added again the CVE-2022-26925 to the catalog and orders Federal agencies to fix the vulnerability by July 22. SecurityAffairs – hacking, CVE-2022-26925).

Authentication 98

Authentication Risk Security IT 98

Security Affairs

DECEMBER 7, 2022

The Pwn2Own Toronto 2022 hacking competition has begun, this is the 10th anniversary of the consumer-focused version of the contest. The news of the Samsung Galaxy S22 hack on the first day of Pwn2Own Toronto 2022 made the headlines. The team earned $100K cash and 10 Master of Pwn points. Pierluigi Paganini.

Security 98

Security Data breaches Information Security IT 98

Jamf

JANUARY 25, 2023

With 2022 in the rearview, we take a look back at the indelible impact left by cybersecurity threats. Come on this voyage with us, as we don’t just highlight the top ten threats from last year, but also glean what we learned from them as organizations of all sizes and industries use that knowledge to fortify their defenses in 2023.

Security 52

Security Cybersecurity 52

Security Affairs

JUNE 5, 2022

Proof-of-concept exploits for the critical CVE-2022-26134 vulnerability in Atlassian Confluence and Data Center servers are available online. Proof-of-concept exploits for the critical CVE-2022-26134 flaw, affecting Atlassian Confluence and Data Center servers, have been released. 23 unique IPs so far.

Cybersecurity 123

Cybersecurity IoT Security IT 123

Security Affairs

OCTOBER 10, 2022

Fortinet has confirmed that the recently disclosed critical authentication bypass issue (CVE-2022-40684) is being exploited in the wild. Last week, Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684 , that impacted FortiGate firewalls and FortiProxy web proxies. Blog post and POC coming later this week.

Authentication 112

Authentication Cybersecurity Risk Security 112

Security Affairs

MARCH 21, 2023

Experts warn that 55 zero-day vulnerabilities were exploited in attacks carried out by ransomware and cyberespionage groups in 2022. “Products from Microsoft, Google, and Apple made up the majority of zero-day vulnerabilities in 2022, consistent with previous years. ” reads the report published by Mandiant.

Ransomware 92

Ransomware Access Cybersecurity Risk 92

Security Affairs

JANUARY 31, 2023

Horizon3 security researchers released proof-of-concept (PoC) code for VMware vRealize Log Insight RCE vulnerability CVE-2022-31706. Last week, researchers from Horizon3’s Attack Team announced the release of PoC exploit code for remote code execution in VMware vRealize Log tracked as CVE-2022-31706 (CVSS base 9.8/10).

Analytics 97

Analytics Authentication Access Security 97

Security Affairs

JANUARY 30, 2022

A researcher disclosed an exploit for a Windows local privilege elevation issue (CVE-2022-21882) that allows anyone to gain admin privileges in Windows 10. The Win32k elevation of privilege vulnerability was fixed this month as part of the January 2022 Patch Tuesday , it is the result of a bypass for the previously CVE-2021-1732 flaw.

Authentication 94

Authentication Ransomware Security Access 94

Security Affairs

JUNE 29, 2022

The MITRE organization published the 2022 CWE Top 25 most dangerous software weaknesses. The MITRE shared the list of the 2022 top 25 most common and dangerous weaknesses, it could help organizations to assess internal infrastructure and determine their surface of attack. ” reads the announcement published by Mitre.

Authentication 98

Authentication Education Cybersecurity Security 98

Security Affairs

MARCH 22, 2022

The popular Anonymous hacktivist collective announced to have hacked Nestlè and leaked 10 GB of sensitive data because the food and beverage giant continued to operate in Russia. Anonymous #OpRussia pic.twitter.com/7HO9UzeBoc — Anonymous TV (@YourAnonTV) March 20, 2022. Follow me on Twitter: @securityaffairs and Facebook.

Passwords 98

Passwords Marketing Government IT 98

Security Affairs

MARCH 22, 2023

The report covers incidents in aviation, maritime, railway, and road transport industries between January 2021 and October 2022. During the reporting period, ransomware was the most prominent threat against the sector in 2022. The researchers pointed out that the ransomware attacks doubled compared to the previous year.

Ransomware 94

Ransomware Phishing Cybersecurity IT 94

Security Affairs

FEBRUARY 5, 2022

US CISA ordered federal agencies to patch their systems against actively exploited CVE-2022-21882 Windows flaw. The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to address their systems against an actively exploited Windows vulnerability tracked as CVE-2022-21882. Pierluigi Paganini.

Cybersecurity 97

Cybersecurity Authentication Compliance Risk 97

IT Governance

JANUARY 9, 2023

Welcome to our review of security incidents for 2022, in which we take a closer look at the information gathered in our monthly lists of data breaches and cyber attacks. IT Governance discovered 1,063 security incidents in 2022, which accounted for 480,014,323 breached records. The biggest data breaches of 2022.

Data breaches 126

Data breaches Ransomware Government Passwords 126

eSecurity Planet

MARCH 27, 2023

Mandiant tracked 55 zero-day vulnerabilities that were actively exploited in 2022. ” The most-exploited products, according to the report, were operating systems (19 zero-days); followed by browsers (11 zero-days); and security, IT, and network management products (10 zero-days). .”

Cloud 103

Cloud Ransomware Risk Access 103

IG Guru

AUGUST 16, 2021

The ICRM is pleased to announce the following candidates for the ICRM 2021 Elections: President-Elect/Treasurer (2022-2024) Caroline J. The post ICRM Announces 2022 Board Candidates appeared first on IG GURU. Members in good standing will receive their […].

98

98

The Last Watchdog

AUGUST 8, 2023

Picus’ Blue Report data shows that, on average, organizations’ security controls (such as next-gen firewalls and intrusion prevention solutions) only prevent 6 out of every 10 attacks. Simulation data shows that, on average, organizations log 4 out of 10 attacks but only generate alerts for 2 in 10 attacks.

Security 100

Security Risk Ransomware Marketing 100

KnowBe4

OCTOBER 20, 2022

In our 2022 State of Employee Compliance Training report , we compiled the top challenges faced by compliance training managers. Based on his years of experience in the learning and training industry, we asked for his top 10 tips to run a successful compliance training program in your organization.

Compliance 89

Compliance 89

The Security Ledger

MARCH 3, 2022

Seven in 10 SOC analysts say they are “burned out.” Six in 10 plan to leave their job “in the next year.” The post How to Bring the Power of No-Code Security Automation to Your Team in 2022 appeared first on The Security Ledger with. Read the whole entry. » Read the whole entry. »

Security 98

Security 98

IG Guru

FEBRUARY 4, 2022

February 1, 2022 CIGO Association is pleased to announce that submissions are invited for the 2022 1st Annual CIGO IG Best Practice Awards. Submission Deadline is Monday, February 28, 2022. Submissions must be made in PowerPoint, no more than 10 slides. Only one nomination per organization. More information is here.

74

74

Data Breach Today

FEBRUARY 22, 2023

The group, which has been active since 2022, has demanded that one victim pay $10 million in ransom, according to researchers at Varonis. Hackers Demand Info on Victim's Cyber Insurance Policy to Negotiate Ransom Demand The newly relaunched HardBit 2.0

Insurance 262

Insurance Ransomware 262