Security Affairs

FEBRUARY 6, 2024

Google released Android ’s February 2024 security patches to address 46 vulnerabilities, including a critical remote code execution issue. Google released Android February 2024 security patches to address 46 vulnerabilities, including a critical remote code execution flaw tracked as CVE-2024-0031.

Security 129

Security Information Security IT 129

Security Affairs

APRIL 11, 2024

The flaw CVE-2024-3272 is a Command Injection Vulnerability impacting D-Link Multiple NAS Devices. Chaining CVE-2024-3272 and CVE-2024-3273 an attacker can achieve remote, unauthorized code execution. CISA orders federal agencies to fix this vulnerability by May 2, 2024.

IT 118

IT Cybersecurity Authentication Risk 118

Security Affairs

MAY 24, 2024

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

IT 109

IT Data breaches Access Cybersecurity 109

Security Affairs

MARCH 9, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2024-27198 (CVSS Score 9.8) This week Rapid7 researchers disclosed two new critical security vulnerabilities, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score:7.3), in JetBrains TeamCity On-Premises.

IT 122

IT Authentication Cybersecurity Risk 122

Security Affairs

MARCH 6, 2024

CVE-2024-23225 is a Kernel memory corruption flaw, the company addressed it with improved validation. “An CVE-2024-23296 is a RTKit memory corruption flaw, the company addressed it with improved validation. CISA orders federal agencies to fix this vulnerability by March 27, 2024. reads the advisory.

IT 115

IT Cybersecurity Ransomware Risk 115

Security Affairs

MARCH 5, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2024-21338 (CVSS Score 7.8) The zero-day, tracked as CVE-2024-21338 has been addressed by Microsoft in the February Patch Tuesday update. The flaw CVE-2024-21338 resides within the IOCTL (Input and Output Control) dispatcher of the driver appid.sys.

IT 116

IT Cybersecurity Ransomware Access 116

Security Affairs

FEBRUARY 15, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the following two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-21412 Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability CVE-2024-21351 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability This week.

IT 118

IT Cybersecurity Information Security Security 118

Security Affairs

APRIL 25, 2024

Early in 2024, a customer contacted Cisco to report a suspicious related to its Cisco Adaptive Security Appliances (ASA). On April 19, 2024, CrushFTP advised of a virtual file system escape present in their FTP software that could allows users to download system files. PSIRT and Talos launched an investigation to support the customer.

IT 117

IT Authentication Access Security 117

Security Affairs

MAY 17, 2024

CISA orders federal agencies to fix these vulnerabilities by June 6, 2024. CVE-2021-40655 An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.

IT 106

IT Authentication Passwords Cybersecurity 106

Security Affairs

FEBRUARY 16, 2024

The vulnerability CVE-2024-21410 is a bypass vulnerability that can be exploited by an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both. CISA orders federal agencies to fix this vulnerability by March 7, 2024.

IT 120

IT Cybersecurity Authentication Risk 120

Security Affairs

FEBRUARY 10, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added a Fortinet FortiOS Out-of-Bound write vulnerability, tracked as CVE-2024-21762 , to its Known Exploited Vulnerabilities (KEV) catalog. CISA orders federal agencies to fix this vulnerability by February 16, 2024. Version Affected Solution FortiOS 7.6 through 7.4.2

IT 122

IT Cybersecurity Risk Security 122

Security Affairs

APRIL 9, 2024

running on OLED55A23LA Below is the disclosure timeline: November 01, 2023: Vendor disclosure November 15, 2023: Vendor confirms the vulnerabilities. running on LG43UM7000PLA webOS 5.5.0 – 04.50.51 running on OLED55CXPUA webOS 6.3.3-442 442 (kisscurl-kinglake) – 03.36.50 running on OLED48C1PUB webOS 7.3.1-43

Authentication 128

Authentication Libraries Access Information Security 128

Security Affairs

FEBRUARY 22, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added a ConnectWise ScreenConnect vulnerability, tracked as CVE-2024-1709 , to its Known Exploited Vulnerabilities (KEV) catalog. CISA orders federal agencies to fix these vulnerabilities by February 29, 2024. ” said Sophos.

Authentication 115

Authentication Cybersecurity Cloud Ransomware 115

Security Affairs

MARCH 1, 2024

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

IT 127

IT Cybersecurity Risk Security 127

Security Affairs

JANUARY 11, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added an Ivanti Connect Secure and Policy Secure flaws, tracked as CVE-2024-21887 and CVE-2023-46805 , and Microsoft SharePoint Server flaw CVE-2023-29357 to its Known Exploited Vulnerabilities (KEV) catalog. The second flaw, tracked as CVE-2024-21887 (CVSS score 9.1)

IT 114

IT Authentication Cybersecurity Security 114

Security Affairs

JANUARY 18, 2024

CVE-2024-0519 – Google Chromium V8 Out-of-Bounds Memory Access Vulnerability. The high-serverity vulnerability, tracked as CVE-2024-0519 , is an out of bounds memory access in the Chrome JavaScript engine. The flaw was reported by Anonymous on January 11, 2024. reads the security advisory published by the IT giant.

IT 122

IT Authentication Cloud Access 122

Security Affairs

MARCH 27, 2024

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. ” reads the advisory published by Microsoft.

IT 118

IT Cybersecurity Authentication Cloud 118

Security Affairs

APRIL 25, 2024

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

IT 128

IT Education Cybersecurity Risk 128

Security Affairs

JANUARY 24, 2024

We are sharing instances vulnerable to CVE-2023-7028 (Account Takeover via Password Reset without user interactions) – 5379 instances found worldwide (on 2024-01-23).

Passwords 133

Passwords Security Information Security IT 133

Security Affairs

JANUARY 9, 2024

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. Improper Access Control Vulnerability CVE-2023-23752.

IT 107

IT Cybersecurity Authentication Ransomware 107

Security Affairs

MARCH 30, 2024

Microsoft engineer Andres Freund discovered the backdoor issue that was tracked as CVE-2024-3094 (CVSS score 10). uploaded on 2024-02-01), up to and including 5.6.1-1.” The experts added that Fedora 40 Linux does not appear to be affected, they encourage all Fedora 40 Linux beta users to revert to 5.4.x x versions.

Libraries 128

Libraries Authentication Access Risk 128

Security Affairs

MAY 2, 2024

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

IT 115

IT Passwords Access Cybersecurity 115

Security Affairs

MARCH 6, 2024

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. The exploitation can lead to complete system compromise.

IT 120

IT Cybersecurity Ransomware Risk 120

Security Affairs

JANUARY 31, 2024

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. ” reads the advisory.

Authentication 111

Authentication IT Cybersecurity Risk 111

Thales Cloud Protection & Licensing

JANUARY 21, 2024

Data Privacy: Why It Matters To The Rest Of Us madhav Mon, 01/22/2024 - 04:47 It seems that there are no limits to the number of data breaches. In our upcoming 2024 Digital Trust Index report, we reveal which companies are most trusted with data. Company size is not a determinant of victimization, nor is industry or sector.

Data Privacy 144

Data Privacy Privacy IT Artificial Intelligence 144

Security Affairs

FEBRUARY 7, 2024

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. reads the analysis published by Google TAG. “We

IT 112

IT Cybersecurity Risk Security 112

Security Affairs

JANUARY 19, 2024

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Cybersecurity 110

Cybersecurity Access Risk Security 110

Security Affairs

FEBRUARY 12, 2024

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. x before 1.5.4, x before 1.6.3.

IT 115

IT Cybersecurity Risk Access 115

Security Affairs

FEBRUARY 17, 2024

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Ransomware 130

Ransomware Education Cybersecurity Passwords 130

Security Affairs

JANUARY 24, 2024

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. Atlassian recommends customers to install the latest version.

IT 116

IT Cybersecurity Risk Security 116

Security Affairs

JANUARY 3, 2024

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog. At the time of this writing the issue has yet to be addressed.

Libraries 116

Libraries IT Cybersecurity Risk 116

Security Affairs

JANUARY 23, 2024

As of January 18, 2024 VMware is aware of exploitation “in the wild.”” reads the advisory. CISA orders federal agencies to fix this vulnerability by February 12, 2024. In October, VMware addressed the flaw CVE-2023-34048 (CVSS score 9.8).

IT 122

IT Cybersecurity Cloud Risk 122

National Archives Records Express

JANUARY 22, 2024

January 10, 2024 Webinar on Non-Compliant Digitization FAQ In May 2023, NARA issued regulations with digitization standards for permanent paper and photographic print records. On January 10, 2024, our office hosted a webinar to walk through the FAQ and discuss options and paths for non-compliant digitized permanent records.

Paper 52

Paper Archiving IT 52

Security Affairs

MARCH 25, 2024

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

IT 120

IT Cloud Cybersecurity Security 120

Thales Cloud Protection & Licensing

JANUARY 8, 2024

Thales + Imperva: Delivering the Next Generation of Data Security madhav Tue, 01/09/2024 - 05:13 We are pleased to share that Thales has completed its acquisition of Imperva. Imperva is now merging with our Thales Cloud Protection & Licensing Business Line. As we bring our teams together, we are committed to our strategic partners.

Security 83

Security Digital transformation Cybersecurity Analytics 83

National Archives Records Express

DECEMBER 27, 2022

This memo extends the M-19-21 deadlines to June 30, 2024. Information about exceptions is available in NARA Bulletin 2020-01 , Guidance on OMB/NARA Memorandum Transition to Electronic Records (M-19-21). OMB and NARA have just released a new memo, OMB/NARA M-23-07 , Update to Transition to Electronic Records , (December 23, 2022).

Records Management 45

Records Management Government 45

Security Affairs

MAY 19, 2024

Researchers from South Korean security firm S2W first uncovered the compaign in February 2024, the threat actors were observed delivering a new malware family named Troll Stealer using Trojanized software installation packages. including: Operation Description 01 Pauses communication with the C&C server for an arbitrary time duration.

Communications 121

Communications Government Encryption IT 121