Security Affairs

MAY 22, 2022

The Pwn2Own Vancouver 2022 hacking contest ended, Trend Micro and ZDI awarded a total of $1,155,000 for successful attempts! During the third day of the Pwn2Own Vancouver 2022 hacking competition, white hat hackers demonstrated a working exploit against Microsoft Windows 11 OS. To nominate, please visit:?

Hacking 118

Hacking Cybersecurity Information Security 118

Security Affairs

JUNE 22, 2022

I’m proud to announce that SecurityAffairs was awarded as the Best European Personal Cybersecurity Blog 2022 at European Cybersecurity Blogger Awards 2022. The winners of the annual European Cybersecurity Blogger Awards have been announced. SecurityAffairs – hacking, #EUSecBloggersAwards22 ).

Cybersecurity 67

Cybersecurity Hacking Information Security Malware 67

Security Affairs

DECEMBER 13, 2022

LockBit ransomware gang hacked the California Department of Finance and threatens to leak data stolen from its systems. On December 12, the California Department of Finance confirmed the security incident with a statement. “The intrusion was proactively identified through coordination with state and federal security partners.

Hacking 121

Hacking Ransomware Cybersecurity Technology 121

Security Affairs

MAY 19, 2022

White hat hackers earned a total of $800,000 on the first day of the Pwn2Own Vancouver 2022, $450,000 for exploits targeting Microsoft Teams. Pwn2Own Vancouver 2022 hacking contest has begun, it is the 15th edition of this important event organized by Trend Micro’s Zero Day Initiative (ZDI). To nominate, please visit:?

Hacking 115

Hacking Cybersecurity Information Security 115

SecureWorld News

FEBRUARY 10, 2022

Cybersecurity continues to be one of the hottest industries to be in, and that's not just because of ransomware and crypto hacks. Momentum Cyber has released its Cybersecurity Almanac 2022 , a comprehensive report providing strategic insights into the industry. Outlook on cybersecurity in 2022.

Cybersecurity 78

Cybersecurity Digital transformation Cryptocurrency Marketing 78

Security Affairs

MAY 26, 2022

Security researchers released PoC exploit code for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products. The virtualization giant recently warned that a threat actor can exploit the CVE-2022-22972 flaw (CVSSv3 base score of 9.8) using CVE-2022-22972. states VMware.

Authentication 136

Authentication Healthcare Education Cybersecurity 136

Security Affairs

MAY 20, 2022

During the second day of the Pwn2Own Vancouver 2022 hacking competition, contestants demonstrated a working exploit for Microsoft Windows 11. During the second day of the Pwn2Own Vancouver 2022 hacking competition, white hat hackers demonstrated a working exploit against Microsoft Windows 11 OS. Pierluigi Paganini.

Hacking 83

Hacking Cybersecurity Information Security 83

Security Boulevard

OCTOBER 17, 2022

The post BSidesLV 2022 Lucky13 Hire Ground – Tom Eston’s ‘Management Hacking 101: Leading High Performance Teams’ appeared first on Security Boulevard. Our sincere thanks to BSidesLV for publishing their outstanding conference videos on the organization's YouTube channel.

Hacking 78

Hacking Education Information Security Cybersecurity 78

Security Boulevard

NOVEMBER 4, 2022

Our sincere thanks to BSidesPDX 2022 for publishing their outstanding conference videos on the organization's YouTube channel. The post BSidesPDX 2022 – Nate Norton’s ‘Live, Laugh, Lyrical Injection: Hacking Karaoke For Fun And Profit’ appeared first on Security Boulevard.

Hacking 69

Hacking Education Information Security Cybersecurity 69

Security Affairs

SEPTEMBER 16, 2022

We are currently responding to a cybersecurity incident. — Uber Comms (@Uber_Comms) September 16, 2022. Someone hacked an Uber employees HackerOne account and is commenting on all of the tickets. pic.twitter.com/00j8V3kcoE — Sam Curry (@samwcyo) September 16, 2022. SecurityAffairs – hacking, Uber).

Hacking 127

Hacking Data breaches Engineering Information Security 127

Security Affairs

JUNE 12, 2022

Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134 , affecting Atlassian Confluence Server and Data Center.

Ransomware 122

Ransomware Encryption Malware Hacking 122

Security Boulevard

NOVEMBER 16, 2022

Our sincere thanks to BSidesKC 2022 for publishing their outstanding conference videos on the organization's YouTube channel. The post BSidesKC 2022 – Vincent Matteo’s ‘I Know What You Did Last Summer… I’m Still Hacking Your Small Business’ appeared first on Security Boulevard.

Small Business 72

Small Business Hacking Education Information Security 72

Security Affairs

JUNE 5, 2022

Proof-of-concept exploits for the critical CVE-2022-26134 vulnerability in Atlassian Confluence and Data Center servers are available online. Proof-of-concept exploits for the critical CVE-2022-26134 flaw, affecting Atlassian Confluence and Data Center servers, have been released. 23 unique IPs so far.

VPN 122

VPN IoT Cybersecurity Engineering 122

Security Affairs

DECEMBER 2, 2022

Below are the details of the critical vulnerabilities: CVE-2022-45477 Telepad allows remote unauthenticated users to send instructions to the server to execute arbitrary code without any previous authorization or authentication. This is the timeline for these vulnerabilities: August 13, 2022: Initial disclosure. Pierluigi Paganini.

Hacking 132

Hacking Authentication Mobile Passwords 132

Security Boulevard

MAY 22, 2022

Our sincere thanks to BSides Prishtina for publishing their Presenter’s BSides Prishtina 2022 Information Security Conference videos on the organization’s’ YouTube channel.

Hacking 53

Hacking Information Security Education InfoSec 53

Security Affairs

OCTOBER 18, 2022

Fortinet confirmed that many systems are still vulnerable to attacks exploiting the CVE-2022-40684 zero-day vulnerability. Fortinet is urging customers to address the recently discovered CVE-2022-40684 zero-day vulnerability. The cybersecurity firm addressed the vulnerability with the release of FortiOS/FortiProxy versions 7.0.7

Authentication 129

Authentication Firewall Hacking Risk 129

Security Affairs

MAY 18, 2022

CISA orders federal agencies to fix VMware CVE-2022-22972 and CVE-2022-22973 vulnerabilities by May 23, 2022. The virtualization giant warns that a threat actor can exploit the flaw, tracked as CVE-2022-22972 (CVSSv3 base score of 9.8), to obtain admin privileges and urges customers to install patches immediately.

Cybersecurity 81

Cybersecurity Hacking Software Information Security 81

Security Affairs

APRIL 6, 2023

The Threat Report Portugal: H2 2022 compiles data collected on the malicious campaigns that occurred from July to December, H2, 2022. The Threat Report Portugal: Q3 & Q4 2022 compiles data collected on the malicious campaigns that occurred from Jully to December, Q3 and Q4, 2022. in Q2 2022.

Threat Reports 76

Threat Reports Phishing Malware Banking 76

Approachable Cyber Threats

DECEMBER 6, 2023

The 2023 update to our research on the perception of cybersecurity incident and data breach causes that’s helped organizations re-evaluate how they are at risk of a cybersecurity incident or data breach instead of what feels right. Source: Verizon DBIR [1] Patterns over time in cybersecurity data breaches. Keep reading below!

Cybersecurity 106

Cybersecurity Social Engineering Data breaches Engineering 106

Security Affairs

APRIL 11, 2022

Easy Appointments contained a very dangerous Broken Access Control vulnerability tracked as CVE-2022-0482 that was exposing PII. The recently discovered CVE-2022-0482 is a Broken Access Control vulnerability affecting Easy Appointments, a popular open-source web app written in PHP, used by thousands of sites to manage their online bookings.

Software 77

Software Cybersecurity Hacking Information Security 77

Security Affairs

JANUARY 23, 2023

Apple has backported the security updates for the zero-day vulnerability CVE-2022-42856 to older iPhones and iPads. On December 2022, Apple released security updates to address a new zero-day vulnerability, tracked as CVE-2022-42856 , that is actively exploited in attacks against iPhones.

Engineering 90

Engineering Hacking Cybersecurity Mobile 90

Security Affairs

JUNE 15, 2023

According to a joint advisory published by cybersecurity agencies, the LockBit ransomware group has successfully extorted roughly $91 million in about 1,700 attacks against U.S. Lockbit was responsible for 18% of the total reported Australian ransomware incidents from April 1, 2022, to March 31, 2023. organizations since 2020.

Ransomware 82

Ransomware Cybersecurity Education Government 82

Security Affairs

APRIL 25, 2024

CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-38028 Microsoft Windows Print Spooler Privilege Escalation vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

Education 117

Education Government Hacking Risk 117

Security Boulevard

NOVEMBER 6, 2022

Our sincere thanks to BSidesPDX 2022 for publishing their outstanding conference videos on the organization's YouTube channel. The post BSidesPDX 2022 – Ben Kendall’s ‘Breaking Into Infosec Or, How I Hacked My Way Out Of Poverty’ appeared first on Security Boulevard.

InfoSec 52

InfoSec Hacking Education Information Security 52

Security Affairs

MAY 25, 2022

Tracked from CVE-2022-22784 through CVE-2022-22787, the issues range between 5.9 Ivan Fratric of Google Project Zero has been credited with discovering and reporting all the four flaws in February 2022. ” reads the advisory for the CVE-2022-22786 issue. SecurityAffairs – hacking, video conferencing service).

Hacking 136

Hacking Cybersecurity Information Security 136

Security Affairs

OCTOBER 10, 2022

Fortinet has confirmed that the recently disclosed critical authentication bypass issue (CVE-2022-40684) is being exploited in the wild. Last week, Fortinet addressed a critical authentication bypass flaw, tracked as CVE-2022-40684 , that impacted FortiGate firewalls and FortiProxy web proxies. SecurityAffairs – hacking, Fortinet).

Authentication 98

Authentication Firewall Hacking Risk 98

SecureWorld News

FEBRUARY 23, 2023

In a breach that's making headlines, hackers managed to steal data from the company, including sensitive employee information and upcoming game content. The news was first reported by cybersecurity and malware research group vx-underground, which posted screenshots of data purportedly stolen from the company.

Hacking 77

Hacking Phishing Data breaches Information Security 77

Security Affairs

FEBRUARY 23, 2023

Threat actors are actively exploiting the Fortinet FortiNAC vulnerability CVE-2022-39952 a few hours after the publication of the PoC exploit code. Last week, Fortinet has released security updates to address two critical vulnerabilities in FortiNAC and FortiWeb solutions. The CVE-2022-39952 flaw (CVSS score of 9.8) through 9.2.5

Hacking 85

Hacking Cybersecurity Information Security 85

Security Affairs

FEBRUARY 26, 2023

In February 2022, the American media and publishing giant News Corp revealed it was the victim of a cyber attack from an advanced persistent threat actor that took place in January 2022. Initial investigation into the hack revealed that the attack was carried out by a nation-state actor for cyber espionage purposes.

Identity Theft 83

Identity Theft Data breaches Insurance Hacking 83

Security Affairs

APRIL 14, 2022

Threat actors are actively exploiting a critical flaw, tracked as CVE-2022-22954 , in VMware Workspace ONE Access and Identity Manager recently patched by the vendor. CVE-2022-22954 event detected Source IP: 178.176.202.121 ( ) Target: VMware Workspace ONE Access and Identity Manager servers vulnerable to remote code execution ( [link] ).

Cyber threats 95

Cyber threats Hacking Cybersecurity Information Security 95

Security Affairs

AUGUST 3, 2023

CISA, the FBI, and NSA, along with Five Eyes cybersecurity agencies published a list of the 12 most exploited vulnerabilities of 2022. The knowledge of the 12 most exploited vulnerabilities of 2022 allows organizations to prioritize their patch management operations to minimize the attack surface.

Authentication 78

Authentication VPN Internet Internet 78

Security Affairs

JANUARY 11, 2023

US CISA added Microsoft Exchange elevation of privileges bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog. Cybersecurity and Infrastructure Security Agency (CISA) added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog. SecurityAffairs – hacking, Cisa). Pierluigi Paganini.

Ransomware 87

Ransomware Hacking Government Risk 87

Security Affairs

JULY 5, 2023

Researchers from the cybersecurity firm VulnCheck reported that the vulnerability CVE-2022-29303 in the solar power monitoring Contec SolarView product can be exploited in attacks targeting organizations in the energy sector. A vulnerability in SolarView product can be exploited in attacks targeting organizations in the energy sector.

Internet 78

Internet Internet IoT Cyber Attacks 78

Security Affairs

DECEMBER 14, 2021

The DHS has launched a new bug bounty program dubbed ‘Hack DHS’ to discover security vulnerabilities in external DHS systems. As the federal government’s cybersecurity quarterback, DHS must lead by example and constantly seek to strengthen the security of our own systems,” said Secretary Alejandro N. “As

Hacking 98

Hacking Government Cybersecurity Technology 98

Security Affairs

APRIL 20, 2022

Synesis Surveillance System – Anonymous claims to have hacked the Synesis and Kipod surveillance systems. OpRussia #StandWithUkraine #FckPutin [link] — Anonymous TV (@YourAnonTV) April 19, 2022. OpRussia #FckPutin #StandWithUkraine pic.twitter.com/ps95L7gWeN — Anonymous TV (@YourAnonTV) April 19, 2022.

Hacking 127

Hacking Banking Surveillance Engineering 127

Security Affairs

MAY 16, 2022

Apple released security updates to address a zero-day bug actively exploited in attacks against Macs and Apple Watch devices. Apple has addressed a zero-day vulnerability, tracked as CVE-2022-22675, actively exploited in attacks aimed at Macs and Apple Watch devices. February 2022: CVE-2022-22620. Pierluigi Paganini.

Hacking 87

Hacking Cybersecurity Information Security 87

Security Affairs

MARCH 21, 2023

Experts warn that 55 zero-day vulnerabilities were exploited in attacks carried out by ransomware and cyberespionage groups in 2022. Cybersecurity firm Mandiant reported that ransomware and cyberespionage groups exploited 55 zero-day flaws in attacks in the wild. ” reads the report published by Mandiant.

Ransomware 75

Ransomware Mobile Hacking Software 75