Security Affairs

MARCH 27, 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during the Pwn2Own Vancouver 2024. The high-severity vulnerability CVE-2024-2886 is a use after free issue that resides in the WebCodecs. The flaw was demonstrated by Seunghyun Lee ( @0x10n ) of KAIST Hacking Lab during the Pwn2Own 2024.

Hacking 107

Hacking Mobile Information Security 107

Security Affairs

FEBRUARY 14, 2024

Zoom addressed seven vulnerabilities in its desktop and mobile applications, including a critical flaw (CVE-2024-24691) affecting the Windows software. The vulnerability CVE-2024-24691 is an improper input validation bug that could be exploited by an attacker with network access to escalate privileges. ” reads the advisory.

Software 126

Software Authentication Mobile Hacking 126

Security Affairs

MARCH 9, 2024

Researchers warn that the critical vulnerability CVE-2024-21762 in Fortinet FortiOS could potentially impact 150,000 exposed devices. In February, Fortinet warned that the critical remote code execution vulnerability CVE-2024-21762 (CVSS score 9.6) in FortiOS SSL VPN was actively exploited in attacks in the wild.

Internet 139

Internet Internet VPN Engineering 139

Security Affairs

MARCH 22, 2024

Pwn2Own Vancouver 2024 hacking competition has ended, and participants earned $1,132,500 for demonstrating 29 unique zero-days. Trend Micro’s Zero Day Initiative (ZDI) announced that participants earned $1,132,500 on the Pwn2Own Vancouver 2024 hacking competition for demonstrating 29 unique zero-days.

Hacking 130

Hacking Information Security 130

Security Affairs

APRIL 6, 2024

Shadowserver researchers reported that roughly 16,500 Ivanti Connect Secure and Poly Secure gateways are vulnerable to the recently reported RCE flaw CVE-2024-21894. The flaw CVE-2024-21894 (CVSS score 8.2) is a heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x,

VPN 116

VPN Internet Internet Hacking 116

Security Affairs

JANUARY 28, 2024

Multiple proof-of-concept (PoC) exploits for recently disclosed critical Jenkins vulnerability CVE-2024-23897 have been released. Researchers warn that several proof-of-concept (PoC) exploits targeting the recently disclosed critical Jenkins vulnerability, CVE-2024-23897 , have been made public. Exploits are already available.

Authentication 129

Authentication Internet Internet Hacking 129

Security Affairs

APRIL 26, 2024

Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks targeting the critical severity vulnerability CVE-2024-4040. CVE-2024-4040 is a CrushFTP VFS sandbox escape vulnerability.

Internet 96

Internet Internet Software Hacking 96

Security Affairs

FEBRUARY 20, 2024

Researchers from Shadowserver Foundation identified roughly 28,000 internet-facing Microsoft Exchange servers vulnerable to CVE-2024-21410. The IT giant addressed the issue with the release of Patch Tuesday security updates for February 2024. Out of 97,000 servers, 28,500 have been verified to be vulnerable to CVE-2024-21410.

Authentication 125

Authentication Internet Internet Ransomware 125

Heimadal Security

APRIL 3, 2024

This document provides a structured approach to establishing and maintaining robust information security measures, tailored to meet the specific needs of each organization while complying with relevant legal and federal guidelines.

Information Security 81

Information Security 81

Security Affairs

JANUARY 26, 2024

Researchers hacked the Tesla infotainment system and found 24 zero-days on day 2 of Pwn2Own Automotive 2024 hacking competition. White hat hackers from the Synacktiv Team ( @Synacktiv ) compromised the Tesla infotainment system on the second day of the Pwn2Own Automotive 2024 hacking competition. The team earned $35,000 for this hack.

Hacking 114

Hacking Information Security 114

Security Affairs

MARCH 21, 2024

Participants earned $732,500 on the first day of the Pwn2Own Vancouver 2024 hacking competition, a team demonstrated a Tesla hack. Participants earned $732,000 on the first day of the Pwn2Own Vancouver 2024 hacking competition for demonstrating 19 unique zero-days, announced Trend Micro’s Zero Day Initiative (ZDI).

Hacking 120

Hacking Engineering Software Information Security 120

Security Affairs

MARCH 12, 2024

Microsoft Patch Tuesday security updates for March 2024 addressed 59 security vulnerabilities in its products, including RCE flaws. Microsoft released Patch Tuesday security updates for March 2023 that address 59 security vulnerabilities in its products. The company also fixed five additional Chromium flaws.

Internet 118

Internet Internet Authentication Hacking 118

Security Affairs

FEBRUARY 28, 2024

VIPRE Security Group’s latest report, “Email Security in 2024: An Expert Insight into Email Threats,” delves into the cutting-edge tactics and technologies embraced by cybercriminals this year. Key Findings from the “Email Security in 2024” Report In an exhaustive review, VIPRE processed 7.2

Phishing 122

Phishing Identity Theft Scams Malware 122

Security Affairs

JANUARY 22, 2024

Apple released security updates to address a zero-day vulnerability, tracked as CVE-2024-23222, that impacts iPhones, Macs, and Apple TVs. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking , CVE-2024-23222) The issue is actively exploited in the wild.

Hacking 119

Hacking Information Security 119

Security Affairs

JANUARY 16, 2024

Google has released security updates to address the first Chrome zero-day vulnerability of the year that is actively being exploited in the wild. The high-serverity vulnerability, tracked as CVE-2024-0519 , is an out of bounds memory access in the Chrome JavaScript engine. The flaw was reported by Anonymous on January 11, 2024.

Engineering 117

Engineering Hacking Information Security 117

Security Affairs

DECEMBER 26, 2023

Cybersecurity company Resecurity has published the 2024 Cyber Threat Landscape Forecast. Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 100 and government agencies worldwide, has compiled a comprehensive forecast outlining the imminent threats and novel security challenges anticipated in the upcoming year.

Cyber threats 119

Cyber threats Energy and Utilities Artificial Intelligence Cyber Attacks 119

Security Affairs

JANUARY 9, 2024

Microsoft Patch Tuesday security updates for January 2024 addressed a total of 49 flaws, including two critical vulnerabilities. The critical vulnerabilities are: CVE-2024-20700 – Windows Hyper-V Remote Code Execution Vulnerability. CVE-2024-20674 – Windows Kerberos Security Feature Bypass Vulnerability.

Authentication 117

Authentication Internet Internet Hacking 117

Security Affairs

APRIL 2, 2024

Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer Andres Freund discovered a backdoor issue in the latest versions of the “xz” tools and libraries. The vulnerability was tracked as CVE-2024-3094 and received a CVSS score of 10.

Firmware 120

Firmware Authentication Engineering Hacking 120

Security Boulevard

MARCH 25, 2024

The event focused on addressing the increasingly complex cybersecurity environment influenced by AI technologies, gathering globally renowned information security vendors and experts to discuss new trends and models driven by AI in cybersecurity.

Cybersecurity 64

Cybersecurity Cyber Attacks Technology Information Security 64

Tech Republic Security

APRIL 11, 2024

Find the best open-source password managers to keep your sensitive information secure and easily accessible. Explore top options for protecting your passwords.

Password Management 141

Password Management Passwords Information Security 141

Security Boulevard

JANUARY 11, 2024

By: Gary Perkins, Chief Information Security Officer Welcome to 2024! A new year brings new change, so why not start 2024 with a rapid IT and security hygiene check? If you don’t know the answer, it’s […] The post Back to the Basics: Security Must-Haves for 2024, Part I appeared first on CISO Global.

CISO 59

CISO Information Security 59

Security Affairs

DECEMBER 27, 2023

Elections are scheduled in several countries worldwide in 2024, with potential geopolitical implications. The 2024 European Union elections face threats from content generated through these platforms. Key events include the European Parliament elections in June, the U.S.

Artificial Intelligence 120

Artificial Intelligence Media Government Technology 120

Thales Cloud Protection & Licensing

APRIL 24, 2024

Stronger Together: Join Thales & Imperva at RSA Conference 2024 Where the World Talks Security madhav Thu, 04/25/2024 - 05:17 In today’s increasingly connected and digital world, the cybersecurity industry stands as a bastion against a relentless tide of threats.

Telecommunications 104

Telecommunications Digital transformation Software Technology 104

Security Boulevard

DECEMBER 24, 2023

In addition, we give credit to Scott for […] The post The Year in Review and 2024 Predictions appeared first on Shared Security Podcast. The post The Year in Review and 2024 Predictions appeared first on Security Boulevard.

Ransomware 64

Ransomware Data privacy Technology InfoSec 64

Security Boulevard

DECEMBER 7, 2023

From the security challenges derived from the rise of artificial intelligence (AI) to the increasing legal liabilities placed on Chief Information Security Officers (CISOs), 2023 has been a busy year for the CISO community – and 2024 shows no signs of slowing down.

CISO 59

CISO Artificial Intelligence Information Security 59

Security Affairs

JANUARY 24, 2024

Researchers with cybersecurity firm Horizon3’s Attack Team published technical details of the recently disclosed vulnerability CVE-2024-0204 impacting Fortra GoAnywhere MFT. The security experts also published a proof-of-concept (PoC) exploit that allows the creation of new admin users on vulnerable instances exposed online.

Authentication 115

Authentication Hacking Engineering Encryption 115

Security Affairs

JANUARY 10, 2024

Cisco addressed a critical Unity Connection security flaw that can be exploited by an unauthenticated attacker to get root privileges. Cisco has addressed a critical flaw, tracked as CVE-2024-20272, in its Unity Connection that can be exploited by a remote, unauthenticated attacker to gain root privileges on vulnerable devices.

Authentication 115

Authentication Hacking Software Information Security 115

Security Affairs

MAY 10, 2024

Google this week released security updates to address a zero-day flaw, tracked as CVE-2024-467, in Chrome browser. The flaw was reported by an anonymous researcher on May 7, 2024. “Google is aware that an exploit for CVE-2024-4671 exists in the wild.” ” reads the advisory published by Google. .

Engineering 105

Engineering Hacking Information Security 105

Security Affairs

NOVEMBER 14, 2023

Resecurity uncovered several episodes of attacks against nuclear operators – area of major concern for national security.

Ransomware 113

Ransomware Cyber threats Government Hacking 113

BH Consulting

MARCH 21, 2024

Returning to the healthcare space, the Irish Pharmacy Union has a guide to avoiding ransomware, produced by BH Consulting’s information security consultant Brendan Mooney. Sign up here The post Security Roundup March 2024 appeared first on BH Consulting. MORE Have you signed up to our monthly newsletter?

Cyber threats 69

Cyber threats Ransomware Healthcare Risk 69

Security Affairs

MARCH 30, 2024

The German Federal Office for Information Security (BSI) warned of thousands of Microsoft Exchange servers in the country vulnerable to critical flaws. The IT giant addressed the issue with the release of Patch Tuesday security updates for February 2024. In February 2024, the U.S.

Information Security 112

Information Security Internet Internet Healthcare 112

Security Affairs

APRIL 28, 2024

The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0 The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0 Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker.

Firewall 110

Firewall Authentication Architecture Backups 110

Security Affairs

FEBRUARY 15, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the following two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-21412 Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability CVE-2024-21351 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability This week.

Internet 112

Internet Internet Information Security Hacking 112

Security Affairs

APRIL 3, 2024

Google has addressed another zero-day vulnerability in the Chrome browser, tracked as CVE-2024-3159, that was exploited during the Pwn2Own hacking competition in March, 2024. The vulnerability CVE-2024-3159 is an out of bounds memory access in V8 JavaScript engine. The flaw was reported by Anonymous on January 11, 2024.

Hacking 120

Hacking Engineering Network Security Information Security 120

Security Affairs

FEBRUARY 18, 2024

Critical 02/06/2024 02/06/2024 SolarWinds Access Rights Manager (ARM) 2023.2.3 SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability CVE-2024-23476 9.6 Critical 02/06/2024 02/06/2024 SolarWinds Access Rights Manager (ARM) 2023.2.3 CVE-2024-23476 (CVSS score 9.6)

Cyber Attacks 126

Cyber Attacks Software Authentication Hacking 126

Security Affairs

APRIL 3, 2024

Two issues fixed by the IT giant, tracked as CVE-2024-29745 and CVE-2024-29748, are actively exploited in the wild. “The most severe of these issues is a high security vulnerability in the System component that could lead to local escalation of privilege with no additional execution privileges needed.”

Spyware 110

Spyware Firmware Hacking Information Security 110

Security Affairs

APRIL 29, 2024

FBCS, a third-party debt collection agency, collects personal information from its clients to facilitate debt collection activities on behalf of those clients. According to the agency, compromised information may include names, dates of birth, Social Security numbers, and account information.

Data breaches 109

Data breaches Hacking Accountability Cybercrime 109