Security Affairs

MARCH 30, 2024

Red Hat warns of a backdoor in XZ Utils data compression tools and libraries in Fedora development and experimental versions. Red Hat Information Risk and Security and Red Hat Product Security determined that Fedora Linux 40 beta does use two versions of xz libraries – xz-libs-5.6.0-1.fc40.x86_64.rpm x versions.

Libraries 129

Libraries Authentication Access Risk 129

Security Affairs

JANUARY 9, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Apache Superset vulnerability to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added an Apache Superset flaw, tracked as CVE-2023-27524 , to its Known Exploited Vulnerabilities (KEV) catalog.

IT 98

IT Cybersecurity Authentication Ransomware 98

Security Affairs

FEBRUARY 17, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco ASA and FTD bug, tracked as CVE-2020-3259 (CVSS score: 7.5), to its Known Exploited Vulnerabilities catalog. The vulnerability CVE-2020-3259 is an information disclosure issue that resides in the web services interface of ASA and FTD. . in attacks in the wild.

Ransomware 129

Ransomware Education Cybersecurity Passwords 129

Thales Cloud Protection & Licensing

JANUARY 10, 2024

Navigating the EU-US Data Protection Framework sparsh Thu, 01/11/2024 - 05:26 On 10 July 2023, the European Commission adopted a new adequacy decision regarding the Data Privacy Framework (“DPF”). However, European organizations need to dive with eyes wide open when transferring personal data to the US under the DPF.

Data Privacy 83

Data Privacy Personal data Privacy Cloud 83

Security Affairs

JANUARY 23, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds VMware vCenter Server Out-of-Bounds Write bug to its Known Exploited Vulnerabilities catalog. It serves as a centralized and comprehensive management platform for VMware’s virtualized data centers. CISA orders federal agencies to fix this vulnerability by February 12, 2024.

IT 115

IT Cybersecurity Cloud Risk 115

Security Affairs

MAY 19, 2024

Researchers from South Korean security firm S2W first uncovered the compaign in February 2024, the threat actors were observed delivering a new malware family named Troll Stealer using Trojanized software installation packages. The WIZVERA VeraPort integration installation program is used to manage additional security software (e.g.,

Communications 113

Communications Government Encryption IT 113

Security Affairs

FEBRUARY 4, 2024

Every week the best security articles from Security Affairs are free for you in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security 107

Security Ransomware Passwords Data breaches 107

Security Affairs

APRIL 15, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Palo Alto Networks PAN-OS Command Injection flaw to its Known Exploited Vulnerabilities catalog. Palo Alto Networks and Unit 42 are investigating the activity related to CVE-2024-3400 PAN-OS flaw and discovered that threat actors have been exploiting it since March 26, 2024.

IT 123

IT Cybersecurity Access Risk 123

Security Affairs

MARCH 21, 2024

Researchers from the CISPA Helmholtz Center for Information Security (Germany) devised a new denial-of-service (DoS) attack, called loop DoS attack, that hundreds of thousands of internet-facing systems from major vendors. Instead, it simply sends packets without waiting for acknowledgment or establishing a connection.

Communications 120

Communications Information Security Risk IT 120