2024, Data, Information Security and Security - Information Management Today

2024

Data

Information Security

Security

Zoom fixed critical flaw CVE-2024-24691 in Windows software

Security Affairs

FEBRUARY 14, 2024

Zoom addressed seven vulnerabilities in its desktop and mobile applications, including a critical flaw (CVE-2024-24691) affecting the Windows software. The vulnerability CVE-2024-24691 is an improper input validation bug that could be exploited by an attacker with network access to escalate privileges. ” reads the advisory.

Authentication

Authentication Access IT Security

Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers

Security Affairs

FEBRUARY 20, 2024

Researchers from Shadowserver Foundation identified roughly 28,000 internet-facing Microsoft Exchange servers vulnerable to CVE-2024-21410. The IT giant addressed the issue with the release of Patch Tuesday security updates for February 2024. Out of 97,000 servers, 28,500 have been verified to be vulnerable to CVE-2024-21410.

Authentication

Authentication Ransomware Cybersecurity Security

Join 55,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Improving the Accuracy of Generative AI Systems: A Structured Approach

MORE WEBINARS

Trending Sources

SolarWinds addressed critical RCEs in Access Rights Manager (ARM)

Security Affairs

FEBRUARY 18, 2024

This type of tool is crucial for maintaining security, compliance, and efficient administration of user access to various resources, systems, and data. Critical 02/06/2024 02/06/2024 SolarWinds Access Rights Manager (ARM) 2023.2.3 Critical 02/06/2024 02/06/2024 SolarWinds Access Rights Manager (ARM) 2023.2.3

Access

Access Authentication Compliance IT

Webinars

Improving the Accuracy of Generative AI Systems: A Structured Approach

MORE WEBINARS

German BSI warns of 17,000 unpatched Microsoft Exchange servers

Security Affairs

MARCH 30, 2024

The German Federal Office for Information Security (BSI) warned of thousands of Microsoft Exchange servers in the country vulnerable to critical flaws. The BSI urges operators running vulnerable instances to install available security updates and configure them securely. In February 2024, the U.S.

Information Security

Information Security Cybersecurity Education Authentication

LockBit ransomware gang claims the attack on the sandwich chain Subway

Security Affairs

JANUARY 21, 2024

The Lockbit ransomware group added Subway to the list of victims on its Tor data leak site and threatened to leak the stolen data on February 02, 2024 at 21:44:16 UTC. The group claims to have stolen hundreds of gigabytes of sensitive data. ” reads the message published on the Tor leak site.

Ransomware

Ransomware IT Data breaches Information Security

Expert found a backdoor in XZ tools used many Linux distributions

Security Affairs

MARCH 30, 2024

Red Hat warns of a backdoor in XZ Utils data compression tools and libraries in Fedora development and experimental versions. Red Hat Information Risk and Security and Red Hat Product Security determined that Fedora Linux 40 beta does use two versions of xz libraries – xz-libs-5.6.0-1.fc40.x86_64.rpm x versions.

Libraries

Libraries Authentication Access Risk

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

Security Affairs

JULY 30, 2024

Researchers from Kaspersky discovered a new version of the Mandrake Android spyware in five app on Google Play, totaling over 32,000 downloads between 2022 and 2024. “In April 2024, we found a suspicious sample that turned out to be a new version of Mandrake.

Libraries

Libraries Communications Encryption IT

North Korea-linked Kimsuky used a new Linux backdoor in recent attacks

Security Affairs

MAY 19, 2024

Researchers from South Korean security firm S2W first uncovered the compaign in February 2024, the threat actors were observed delivering a new malware family named Troll Stealer using Trojanized software installation packages. The WIZVERA VeraPort integration installation program is used to manage additional security software (e.g.,

Communications

Communications Government IT Encryption

New Loop DoS attack may target 300,000 vulnerable hosts

Security Affairs

MARCH 21, 2024

Researchers from the CISPA Helmholtz Center for Information Security (Germany) devised a new denial-of-service (DoS) attack, called loop DoS attack, that hundreds of thousands of internet-facing systems from major vendors. Instead, it simply sends packets without waiting for acknowledgment or establishing a connection.

Communications

Communications Information Security Risk IT

Zoom fixed critical flaw CVE-2024-24691 in Windows software

Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers

Webinars

Trending Sources

SolarWinds addressed critical RCEs in Access Rights Manager (ARM)

Webinars

German BSI warns of 17,000 unpatched Microsoft Exchange servers

LockBit ransomware gang claims the attack on the sandwich chain Subway

Expert found a backdoor in XZ tools used many Linux distributions

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

North Korea-linked Kimsuky used a new Linux backdoor in recent attacks

New Loop DoS attack may target 300,000 vulnerable hosts

Stay Connected