Security Affairs

MARCH 13, 2025

Authenticated SSRF Attempt (No CVE Assigned; See Right Link) Zimbra Collaboration Suite SSRF Attempt Organizations should promptly patch and secure affected systems, apply mitigations for targeted CVEs, and restrict outbound access to necessary endpoints.

Authentication 72

Authentication Hacking Software Information Security 72

SecureWorld News

MARCH 10, 2025

There are 300% more remote opportunities now compared to 2020 , and many organizations are still unable to deal with this. Or consider a developer embedding subtle, AI-enhanced backdoors into critical software updates, remaining undetected by conventional security scans.

Risk 88

Risk Cybersecurity Healthcare Data breaches 88

SecureWorld News

JULY 17, 2025

For example, today's voice cloning software needs as little as 20 seconds of audio to produce a realistic imitation of someone's speech. financial institutions are heavily regulated and must follow strict security and authentication requirements. Financial regulators in the U.S. Regulatory and compliance challenges: U.S.

Banking 110

Banking Scams Social Engineering Financial Services 110

Security Boulevard

JUNE 27, 2025

CVE-2020-12812 Fortinet FortiOS Improper Authentication [ 1 ] [ 2 ] 9.8 CVE-2020-1472 Windows Netlogon Elevation of Privilege (EoP) Vulnerability (Zerologon) [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] 10 10 CVE-2021-31207 Microsoft Exchange Server Security Feature Bypass Vulnerability (Part of ProxyShell) [ 1 ] [ 2 ] [ 3 ] 6.6

Accountability 59

Accountability Passwords Authentication Energy and Utilities 59

Krebs on Security

NOVEMBER 5, 2024

At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). A segment of a lawsuit Binns filed in 2020 against the CIA, in which he alleges U.S.

Cybercrime 303

Cybercrime Mobile Hacking Telecommunications 303

Security Affairs

DECEMBER 11, 2024

has charged a Chinese national for hacking thousands of Sophos firewall devices worldwide in 2020. has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020. Passwords associated with external authentication systems such as AD or LDAP are unaffected.

Firewall 75

Firewall Hacking Malware Encryption 75

Security Boulevard

JANUARY 22, 2025

Misconfiguration of cloud environments (services or software) remained a significant security gap. As I said in other THR blogs, the main news here is that there is no news; a lot of cloud security problems in 2025 are 2020 problems, at best. Initial access vectors didnt change all that much.

Passwords 69

Passwords Social Engineering Accountability Encryption 69

SecureList

OCTOBER 15, 2024

RTF exploit RTF files were specifically crafted by the attacker to exploit CVE-2017-11882, a memory corruption vulnerability in Microsoft Office software. The Backdoor loader module has been observed since 2020, we covered it in our private APT reports. It has remained almost the same over the years.

Malware 142

Malware Encryption Architecture Phishing 142

Security Boulevard

APRIL 18, 2025

NIST first published the PFW in 2020, with the goal of helping organizations mitigate the privacy risks associated with the processing of personal data in their computer systems. However, in many cases, the software packages the generative AI tools mention dont exist. draft is open for public comment until June 13, 2025. (on-demand

Risk 59

Risk Cybersecurity Data privacy Software 59

NetSpi Executives

MARCH 11, 2025

. – Thomas Cumberland, Tier 3 Senior Analyst at Cyber Sainik Since the beginning of 2020, the external attack surface has become the primary exposure point for all organizations. We’ve actually helped customers find shadow IT, misconfigured clouds, exposed dev systems, and unpatched software.

Risk 40

Risk CISO Technology Firewall 40

Security Affairs

JULY 1, 2025

warns of rising Iranian cyber threats exploiting outdated software and weak passwords, with attacks likely to escalate due to recent events. These actors typically exploit outdated software, known vulnerabilities, and weak or default passwords on internet-connected systems. officials linked to a 2020 military commander’s death.

Cyber threats 67

Cyber threats Cyber Attacks Passwords Internet 67

Krebs on Security

JUNE 9, 2020

Microsoft today released software patches to plug at least 129 security holes in its Windows operating systems and supported software, by some accounts a record number of fixes in one go for the software giant. Trend Micro’s Zero Day Initiative June 2020 patch lowdown.

Authentication 358

Authentication Software Backups Accountability 358

Krebs on Security

AUGUST 11, 2020

Microsoft today released updates to plug at least 120 security holes in its Windows operating systems and supported software, including two newly discovered vulnerabilities that are actively being exploited. More information on CVE-2020-1337, including a video demonstration of a proof-of-concept exploit, is available here.

Backups 363

Backups Internet Internet Malware 363

Krebs on Security

SEPTEMBER 8, 2020

Microsoft today released updates to remedy nearly 130 security vulnerabilities in its Windows operating system and supported software. Among the chief concerns for enterprises this month is CVE-2020-16875 , which involves a critical flaw in the email software Microsoft Exchange Server 2016 and 2019.

Software 341

Software Backups Authentication Internet 341

Krebs on Security

APRIL 14, 2020

Microsoft today released updates to fix 113 security vulnerabilities in its various Windows operating systems and related software. Adobe did release security updates for its ColdFusion, After Effects and Digital Editions software. Further reading: Qualys breakdown on April 2020 Patch Tuesday.

Backups 343

Backups Software Internet Internet 343

Krebs on Security

JANUARY 14, 2020

Microsoft today released updates to plug 50 security holes in various flavors of Windows and related software. Such a weakness could be abused by attackers to make malware appear to be a benign program that was produced and signed by a legitimate software company. National Security Agency.

Backups 315

Backups Software Malware Banking 315

Krebs on Security

JANUARY 13, 2020

is slated to release a software update on Tuesday to fix an extraordinarily serious security vulnerability in a core cryptographic component present in all versions of Windows. 14, the first Patch Tuesday of 2020. 14, the first Patch Tuesday of 2020. Sources tell KrebsOnSecurity that Microsoft Corp.

Internet 286

Internet Internet Software Encryption 286

The Last Watchdog

MAY 26, 2020

Doing authentication well is vital for any company in the throes of digital transformation. Related: Locking down ‘machine identities’ At the moment, companies are being confronted with a two-pronged friction challenge, when it comes to authentication. We spoke at RSA 2020. And that’s not an easy task.

Authentication 280

Authentication Cloud Migration Accountability Digital transformation 280

Krebs on Security

FEBRUARY 26, 2023

But we do know the March 2020 attack was precipitated by a spear-phishing attack against a GoDaddy employee. GoDaddy described the incident at the time in general terms as a social engineering attack, but one of its customers affected by that March 2020 breach actually spoke to one of the hackers involved.

Hacking 346

Hacking Social Engineering Phishing Scams 346

Krebs on Security

DECEMBER 18, 2020

government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. National Security Agency (NSA) warned on Dec. National Security Agency (NSA) warned on Dec.

Software 363

Software Authentication Hacking Government 363

Schneier on Security

JANUARY 5, 2021

Initial estimates were that Russia sent its probes only into a few dozen of the 18,000 government and private networks they gained access to when they inserted code into network management software made by a Texas company named SolarWinds. There is also no indication yet that any human intelligence alerted the United States to the hacking.

Hacking 357

Hacking System Administration Surveillance Software 357

The Last Watchdog

AUGUST 29, 2023

Related: Pushing the fly-by-wire envelope This is especially true because systems are more interconnected and use more complex commercial software than ever before, meaning a vulnerability in one system could lead to a malicious actor gaining access to more important systems. Risks delineated Still, there have been many other incidents since.

Software 264

Software Risk Artificial Intelligence Cyber Attacks 264

Security Affairs

AUGUST 20, 2020

Cisco addressed a critical default credentials vulnerability (CVE-2020-3446) affecting some configurations of its ENCS 5400-W series and CSP 5000-W series appliances. “The vulnerability exists because the affected software has user accounts with default, static passwords. SecurityAffairs – hacking, CVE-2020-3446).

Hacking 141

Hacking Passwords Software Authentication 141

SecureList

MARCH 31, 2021

2020 was challenging for everyone: companies, regulators, individuals. As a result, 2020 was extremely eventful in terms of digital threats, in particular those faced by financial institutions. In 2020, the group tried its hand at the big extortion game with the VHD ransomware family. Methodology.

Banking 145

Banking Phishing Malware Mobile 145

Security Affairs

AUGUST 28, 2020

Cisco addressed ten high-risk vulnerabilities in NX-OS software, including some issues that could lead to code execution and privilege escalation. Cisco this week released security patches to address ten high-risk vulnerabilities in NX-OS software, including some flaws that could lead to code execution and privilege escalation.

Software 139

Software Risk Advertising Authentication 139

Krebs on Security

SEPTEMBER 24, 2020

DHS’s Cybersecurity and Infrastructure Agency (CISA) said in the directive that it expected imminent exploitation of the flaw — CVE-2020-1472 and dubbed “ZeroLogon” — because exploit code which can be used to take advantage of it was circulating online.

Antivirus 279

Antivirus Security Intelligence Authentication Engineering 279

Krebs on Security

FEBRUARY 8, 2021

Cyber cops in Ukraine carried out an arrest and several raids last week in connection with the author of a U-Admin , a software package used to administer what’s being called “one of the world’s largest phishing services.” Qbot) — to harvest one-time codes needed for multi-factor authentication.

Phishing 353

Phishing Scams Banking Mobile 353

Krebs on Security

FEBRUARY 9, 2021

Microsoft today rolled out updates to plug at least 56 security holes in its Windows operating systems and other software. A key concern for enterprises is another critical bug in the DNS server on Windows Server 2008 through 2019 versions that could be used to remotely install software of the attacker’s choice.

DNS 351

DNS Backups Software Phishing 351

SecureList

AUGUST 23, 2021

billion USD in 2021, which is slightly less than the total revenue in 2020 but still significantly above the pre-pandemic figures. We examined malware and unwanted software disguised as popular PC and mobile games. Most of the statistics presented in the report were collected between July 1, 2020 and June 30, 2021. Methodology.

Adware 139

Adware Mobile Phishing Malware 139

Krebs on Security

MAY 5, 2021

After logging in, the user might see a prompt that looks something like this: These malicious apps allow attackers to bypass multi-factor authentication, because they are approved by the user after that user has already logged in. “It’s just easier, and it’s a good way to bypass multi-factor authentication.”

Accountability 358

Accountability Advertising Passwords Phishing 358

Security Affairs

JUNE 2, 2020

This week Apple released security patches to address the CVE-2020-9859 zero-day vulnerability that had been used to jailbreak iPhones devices. Apple released security patches to address the CVE-2020-9859 zero-day vulnerability in the iOS kernel that had been used to jailbreak iPhones. the software did not work on iOS versions 12.3

Advertising 140

Advertising Mobile Authentication Software 140

The Last Watchdog

MARCH 10, 2020

I spoke with Maurice Côté, VP Business Solutions, and Martin Lemay, CISO, of Devolutions , at the RSA 2020 Conference in San Francisco recently. Poorly implemented authentication can also lead to network breaches and compliance headaches. Each connection needs to be authenticated and privileges enforced.

Authentication 170

Authentication Risk Digital transformation Passwords 170

Security Affairs

JULY 25, 2020

CISA is warning of the active exploitation of the unauthenticated remote code execution CVE-2020-5902 vulnerability affecting F5 Big-IP ADC devices. “CISA expects to see continued attacks exploiting unpatched F5 BIG-IP devices and strongly urges users and administrators to upgrade their software to the fixed versions.

Advertising 133

Advertising Government Healthcare Software 133

Krebs on Security

AUGUST 21, 2020

“In mid-July 2020, cybercriminals started a vishing campaign—gaining access to employee tools at multiple companies with indiscriminate targeting — with the end goal of monetizing the access.” authenticate the phone call before sensitive information can be discussed.

Social Engineering 363

Social Engineering VPN Authentication Engineering 363

The Last Watchdog

MAY 24, 2021

In 2020, it saw 193 billion credential stuffing attacks globally, with 3.4 Meanwhile, threat actors’ siege on web applications surged 62 percent in 2020 vs. 2019: Akamai observed nearly 6.3 Q: The scale of ‘attacks’ in 2020 is astronomical: 6.3 I’ve known Ragan for a long time and greatly respect his work. It is astronomical.

Financial Services 178

Financial Services Passwords Media Data breaches 178

Security Affairs

DECEMBER 30, 2020

US Cybersecurity and Infrastructure Security Agency (CISA) urges US federal agencies to update the SolarWinds Orion software by the end of the year. Agencies using non-affected versions must update to the new version: [link] pic.twitter.com/xdbSM9U3Oo — Cybersecurity and Infrastructure Security Agency (@CISAgov) December 30, 2020.

Software 134

Software Authentication Hacking Cybersecurity 134

Krebs on Security

APRIL 26, 2021

Last week, KrebsOnSecurity heard from a reader who had his freeze thawed without authorization through Experian’s website, and it reminded me of how truly broken authentication and security remains in the credit bureau space. Dune Thomas is a software engineer from Sacramento, Calif. and $24.99

Authentication 357

Authentication Accountability Identity Theft Account Security 357