AIIM

DECEMBER 31, 2024

As we reflect on the transformative developments in AI and automation throughout 2024, several key trends have emerged that are shaping the future of information management.

209

209

Security Affairs

OCTOBER 23, 2024

Data Security Posture Management (DSPM) helps organizations address evolving data security and privacy requirements by protecting and managing sensitive information.

Data Privacy 323

Data Privacy Privacy GDPR Compliance 323

Security Affairs

SEPTEMBER 16, 2024

Microsoft warns that a recently patched Windows flaw, tracked as CVE-2024-43461, was actively exploited as a zero-day before July 2024. Microsoft warns that attackers actively exploited the Windows vulnerability CVE-2024-43461 as a zero-day before July 2024. MSHTML is a platform used by Internet Explorer. “Yes.

Archiving 349

Archiving File names Libraries Passwords 349

Security Affairs

OCTOBER 19, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the Veeam Backup and Replication flaw CVE-2024-40711 (CVSS score of 9.8) This week, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware.

IT 334

IT Ransomware Authentication Cybersecurity 334

Security Affairs

NOVEMBER 7, 2024

Google as usual did not share details about the attacks exploiting the above vulnerability, however, it added that another issue, tracked as CVE-2024-43047, is actively exploited in the wild. CVE-2024-43093 CVE-2024-43047″ reads the security bulletin published by Google. Versions up to 2.3.6 and unpatched 2.3.7

IT 323

IT Authentication Cybersecurity Risk 323

The Last Watchdog

DECEMBER 16, 2024

Continuing our look back at 2024, part two of Last Watchdogs year-ender roundtable turns its focus to emerging threats vs. evolving defense tactics. This has fueled rapid adoption of autonomous AI agents, which matured significantly in 2024 and will become mainstream in 2025. The drivers are intensifying. million (NIST, WEF).

Security 264

Security Phishing IoT Risk 264

Security Affairs

NOVEMBER 9, 2024

Below are the vulnerabilities reported by ZDI: CVE-2024-8355 : SQL injection in DeviceManager, enabling database manipulation or code execution via spoofed Apple device connections. CVE-2024-8358 : Command injection in UPDATES_ExtractFile , enabling command execution via file paths during updates.

Ransomware 332

Ransomware Manufacturing Access Risk 332

Security Affairs

APRIL 15, 2025

Hertz Corporation disclosed a data breach after customer data was stolen via Cleo zero-day exploits in late 2024, affecting Hertz, Thrifty, and Dollar brands. Threat actors gained access to customer data via Cleo zero-day exploits in late 2024. In December 2024, the U.S.

Data breaches 168

Data breaches Ransomware Cybersecurity Government 168

Security Affairs

DECEMBER 24, 2024

Adobe released out-of-bandsecurity updates to address a critical vulnerability, tracked as CVE-2024-53961 (CVSS score 7.4), in ColdFusion. Cybersecurity and Infrastructure Security Agency (CISA) added another Adobe ColdFusion issue, tracked as CVE-2024-20767 , to its Known Exploited Vulnerabilities (KEV) catalog. In December, the U.S.

Cybersecurity 173

Cybersecurity Access Security IT 173

Security Affairs

OCTOBER 11, 2024

As of September 5, 2024, the Internet Archive held more than 42.1 HIBP permalink: [link] pic.twitter.com/Oc2Qvrh6Ov — HackManac (@H4ckManac) October 10, 2024 The threat actors that breached the popular website have shared a copy of the stolen data with the data breach notification service Have I Been Pwned data.

Archiving 312

Archiving Data breaches Passwords File names 312

Security Affairs

APRIL 30, 2025

In 2024, it was observed attacking OT organizations and linked to cyberattacks on 60 entities in Asia and Europe. In 2024, attacks primarily focused on governmental, diplomatic, and research sectors, with some campaigns specifically hitting French government organizations.

Military 294

Military Phishing Government Cybersecurity 294

Security Affairs

SEPTEMBER 18, 2024

Broadcom released security updates to address a critical vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), in VMware vCenter Server that could lead to remote code execution. The company also addressed a privilege escalation vulnerability, tracked as CVE-2024-38813, in vCenter Server. ” reads the advisory.

Cloud 332

Cloud Access IT Security 332

Security Affairs

AUGUST 14, 2024

Microsoft’s August 2024 Patch Tuesday addressed 90 vulnerabilities, including six that are actively exploited. No Yes RCE CVE-2024-38178 Scripting Engine Memory Corruption Vulnerability Important 7.5 No Yes RCE CVE-2024-38193 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Important 7.8

Security 356

Security IT Information Security 356

Security Affairs

NOVEMBER 27, 2024

The virtualization giant addressed the following vulnerabilities: Here are the details from VMware’s VMSA-2024-0022 bulletin : Local privilege escalation vulnerability (CVE-2024-38830) (CVSS 7.8) – A local admin on VMware Aria Operations can exploit a vulnerability to escalate privileges to root. Important 8.18.2

Cloud 299

Cloud Access IT Security 299

Security Affairs

AUGUST 1, 2024

Shadowserver researchers reported that over 20,000 internet-exposed VMware ESXi instances are affected by the actively exploited flaw CVE-2024-37085. Researchers at the Shadowserver Foundation reported that approximately 20,000 VMware ESXi servers exposed online appear impacted by the exploited vulnerability CVE-2024-37085.

Ransomware 357

Ransomware Authentication Cloud Security 357

Security Affairs

OCTOBER 25, 2024

The Change Healthcare data breach in the February 2024 impacted over 100 million, the largest-ever healthcare data breach in the US. UnitedHealth Group announced that the data breach suffered by Change Healthcare in February 2024 impacted more than 100 million individuals.

Data breaches 330

Data breaches Ransomware Insurance Cybersecurity 330

Security Affairs

SEPTEMBER 8, 2024

Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer GeoTools flaw CVE-2024-36401 in malware-based campaigns. The researchers observed threat actors exploiting CVE-2024-36401 in attacks aimed at IT service providers in India, technology companies in the U.S., ” concludes the report.

Libraries 345

Libraries Encryption Cybersecurity Access 345

Security Affairs

OCTOBER 25, 2024

The organization observed suspicious activity on its network on August 8, 2024 and promptly initiated an internal investigation. “On August 8, 2024, OPPC detected suspicious activity on its computer network. OPPC reported to the US Department of Health and Human Services that the security incident impacted 795916 individuals.

Data breaches 332

Data breaches Ransomware Security IT 332

Security Affairs

MARCH 31, 2025

Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco Smart Licensing Utility vulnerability, tracked as CVE-2024-20439 , to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2024-20440 (CVSS score: 9.8) The vulnerability is due to excessive verbosity in a debug log file. reads the advisory.

IT 283

IT Cybersecurity Access Passwords 283

WIRED Threat Level

JANUARY 10, 2025

Data WIRED collected during the 2024 Democratic National Convention strongly suggests the use of a cell-site simulator, a controversial spy device that intercepts sensitive data from every phone in its range.

IT 342

IT Privacy Security 342

Security Affairs

JULY 11, 2024

Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. The flaw CVE-2024-4577 (CVSS score: 9.8) Greynoise researchers also reported malicious attempts of exploitation of the CVE-2024-4577. “As ” reported Akamai. . ” reported Akamai.

Honeypots 352

Honeypots File names Mining IoT 352

Security Affairs

SEPTEMBER 16, 2024

SolarWinds addressed a critical remote code execution vulnerability, tracked as CVE-2024-28991, in Access Rights Manager. The company also addressed a hardcoded credential vulnerability, tracked as CVE-2024-28990, in ARM. and prior versions. ” reads the advisory. Piotr Bazydlo also reported this vulnerability.

Access 345

Access Authentication Security Information Security 345

Security Affairs

SEPTEMBER 11, 2024

Microsoft Patch Tuesday security updates for September 2024 addressed 79 flaws, including four actively exploited zero-day flaws. ” The four actively exploited zero-day vulnerabilities are: CVE-2024-38014 – Windows Installer Elevation of Privilege Vulnerability. However, we at the ZDI think that number should be five.”

Security 332

Security IoT Authentication IT 332

Security Affairs

OCTOBER 22, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the ScienceLogic SL1 flaw CVE-2024-9537 (CVSS v4 score: 9.3) ” On September 24, 2024, cloud hosting provider Rackspace reported an issue with its ScienceLogic EM7 monitoring tool. CISA orders federal agencies to fix this vulnerability by November 11, 2024.

IT 316

IT Cybersecurity Encryption Cloud 316

Security Affairs

JANUARY 26, 2025

In October 2024, UnitedHealth Group announced that the data breach suffered by Change Healthcare in February 2024 impacted more than 100 million individuals. reads an update published by the company on February 29, 2024. The final figure represents well over half of the U.S. population.”

Data breaches 331

Data breaches Insurance Ransomware Cybersecurity 331

Security Affairs

AUGUST 19, 2024

Microsoft has addressed a zero-day vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), which has been exploited by the North Korea-linked Lazarus APT group. The vulnerability, tracked as CVE-2024-38193 (CVSS score: 7.8), is a privilege escalation issue that resides in the Windows Ancillary Function Driver (AFD.sys) for WinSock.

Access 350

Access Security Marketing IT 350

Security Affairs

OCTOBER 11, 2024

Sophos researchers warn that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware. Sophos reports ransomware operators are exploiting a critical code execution flaw in Veeam Backup & Replication.

Ransomware 334

Ransomware Authentication Access Cloud 334

Security Affairs

NOVEMBER 5, 2024

Authorities arrested Mr. Moucka on October 30, 2024, he was taken into custody on a US provisional arrest warrant. ” In June 2024, Snowflake revealed that a limited number of its customers were targeted in a campaign by UNC5537 , a financially motivated group based in North America. Charges remain undisclosed.

Unstructured data 312

Unstructured data Cloud Sales Security 312

Security Affairs

DECEMBER 2, 2024

Our goal is to deploy 200 new WebTunnel bridges by the end of this December (2024) to open secure access for users in Russia.” Tunnel bridges have grown from 60 to 143 since early 2024, but they are not enough. . “We are calling on the Tor community and the Internet freedom community to help us scale up WebTunnel bridges.

Government 329

Government Access Security IT 329

Security Affairs

DECEMBER 4, 2024

Veeam released security updates for a critical vulnerability, tracked as CVE-2024-42448 (CVSS score of 9.9) Veeam also addressed a vulnerability, tracked as CVE-2024-42449 (CVSS score 7.1) After the Akira and Fog ransomware attacks, experts warned of threat actors attempting to deploy Frag ransomware actively exploiting CVE-2024-40711.

Ransomware 291

Ransomware Cloud IT Security 291