Heimadal Security

NOVEMBER 8, 2023

Both flaws, CVE-2023-22518 and CVE-2023-22515, are ranked 10 which is the maximum risk level. CVE-2023-22515 enables hackers to create unauthorized Confluence administrator accounts.

Ransomware 105

Ransomware Accountability Risk Cybersecurity 105

eSecurity Planet

SEPTEMBER 5, 2023

Collectively, these episodes highlight the need for comprehensive cybersecurity defenses and timely patch management for risk mitigation. CVE-2023-3519 was used by the attackers to infect computers, including misleading PowerShell scripts, malware payloads within normal processes, and PHP web shells for remote control. are affected.

VPN 96

VPN Authentication Ransomware Antivirus 96

eSecurity Planet

NOVEMBER 6, 2023

30, 2023 NGINX Ingress Controller for Kubernetes Flaws Can Lead to Credential Theft Type of Attack: Path sanitization bypass and injection vulnerabilities discovered in the NGINX Ingress controller can allow for credential theft, arbitrary command execution, and critical data access. CVE-2023-5044 (Code Injection): This CVSS score 7.6

Software 91

Software Education Ransomware Firmware 91

The Last Watchdog

DECEMBER 14, 2022

Based on insights from our team of elite security researchers here at Bugcrowd, these are three trends gaining steam as 2022 comes to a close – trends that I expect to command much attention in 2023. Continuous pentesting. However, a longtime challenge with pentesting has been the “point-in-time” nature of the tests.

Penetration Testing 229

Penetration Testing Risk Marketing Cybersecurity 229

SecureList

JANUARY 18, 2023

Last year, the cybersecurity of corporations and government agencies was more significant than ever before, and will become even more so in 2023. More personal data leaks; corporate email at risk. The trend for personal data leaks grew rapidly in 2022 and will continue into 2023.

Media 99

Media Social Engineering Ransomware Hacking 99

Security Through Education

JANUARY 18, 2023

What are some personal cybersecurity concerns for 2023? We can benefit from these the most if we are aware of the possible risks and take measures to use them wisely. Business email compromise (BEC) attacks have been predicted to soar in 2023 according to Forbes Advisor. And what are some ways we can protect ourselves?

Cybersecurity 98

Cybersecurity Social Engineering Scams IoT 98

NopSec

MAY 31, 2023

May was a rather quiet month for security research, but an excellent write up filtered to the masses from the Pwn2own 2023 conference held in Vancouver, B.C. Finally, it wouldn’t be a worthy blog post if we didn’t include a nugget from patch Tuesday. tar file manipulation. tar file manipulation.

Risk 52

Risk Accountability Authentication Passwords 52

The Last Watchdog

SEPTEMBER 25, 2023

million in 2023, according to IBM’s Cost of a Data Breach Report, and over 700,000 small businesses were targeted in cybersecurity attacks in 2020, according to the Small Business Association. Nonprofits are equally at risk, and often lack cybersecurity measures. The average cost of a cybersecurity breach was $4.45

Small Business 222

Small Business Cybersecurity Technology Accountability 222

Security Affairs

APRIL 15, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added the following five new issues to its Known Exploited Vulnerabilities Catalog : CVE-2023-20963 – Android Framework Privilege Escalation Vulnerability. The bulletin confirmed that “there are indications that CVE-2023-20963 may be under limited, targeted exploitation.”

Education 79

Education Accountability Media Cybersecurity 79

Security Affairs

MAY 12, 2023

Recently, VIPRE Security Group published their Email Security in 2023 report , where they shared insights on the development of email-based threats and how they can impact organizations. What Can We Expect in 2023? 3 Small businesses are at risk. It’s not likely to stop there. 1 There will be more remote work-based attacks.

Phishing 88

Phishing Social Engineering Small Business B2B 88

Krebs on Security

SEPTEMBER 30, 2023

According to a September 20, 2023 joint advisory from the FBI and the U.S. was also used to register an account at the online game stalker[.]so The above accounts, as well as the email address semen_7907@mail.ru , were all registered or accessed from the same Yekaterinburg Internet address mentioned previously: 31.192.175.63.

Ransomware 218

Ransomware Accountability Cybercrime Backups 218

Centraleyes

FEBRUARY 1, 2024

2023 marked a surge in comprehensive state data privacy laws. State Privacy Laws That Took Effect in 2023 California Privacy Rights Act (CPRA) : Most provisions became effective on Jan. 1, 2023, with the remainder on July 1, 2023. 1, 2023, with the remainder on July 1, 2023.

Data privacy 52

Data privacy Consumer Protection Media Data collection 52

NopSec

JULY 28, 2023

We had the opportunity to be picky about our curated selection of critical risks to report. Good news for blog content, but less so for production networks. Seriously, who is using ColdFusion in 2023? Finally, we cover a pre-authentication RCE vulnerability identified in the business intelligence software Metabase.

Authentication 52

Authentication Encryption Risk Passwords 52

Security Affairs

APRIL 5, 2023

.” The researchers reported the issues to the United States Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA), which assigned the following five CVEs: Use of Hard-coded Credentials CWE-798 ( CVE-2023–1748 , CVSS3.0: Authorization Bypass Through User-Controlled Key CWE-639 ( CVE-2023–1749 , CVSS3.0:

Manufacturing 90

Manufacturing Media Firewall Education 90

BH Consulting

JUNE 13, 2023

Target the human, swipe the cash: Verizon DBIR 2023 highlights crime trends Manage the human risk and mind your money: those are two key takeaways from Verizon’s 2023 Data Breach Investigations Report. It said the criminals often take over victims’ accounts and empty them of funds.

Social Engineering 52

Social Engineering Data breaches Scams DDOS 52

Security Affairs

APRIL 22, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added the following three new issues to its Known Exploited Vulnerabilities Catalog : CVE-2023-28432 (CVSS score – 7.5) – MinIO Information Disclosure Vulnerability. CVE-2023-27350 (CVSS score – 9.8) – PaperCut MF/NG Improper Access Control Vulnerability.

Education 90

Education Media Authentication Cybersecurity 90

Pen Test

NOVEMBER 7, 2023

That is a very common mistake, and well-established Product Security Programs often implement controls, such as pre-commit hooks , or secret scanning tools like GitHub Secret Scanning or GitLab Secret Detection , to mitigate the risk of secret leaks.

Passwords 115

Passwords Software Engineering Government 115

Security Affairs

APRIL 18, 2023

CVE-2023-2033 – Google Chromium V8 Engine Type Confusion Vulnerability. The CVE-2023-2033 flaw is the first Chrome zero-day vulnerability addressed by Google in 2023. The vulnerability was reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-04-11.

Education 80

Education Media Engineering Cybersecurity 80

CyberSecurity Insiders

MARCH 28, 2023

The average enterprise storage and backup device typically has 15 vulnerabilities , researchers found, three of which are high or critical risk. The top risk is insecure network settings, followed by unaddressed common vulnerabilities and exposures (CVEs), access rights issues, as well as insecure user management and authentication.

Cybersecurity 52

Cybersecurity Small Business Backups Artificial Intelligence 52

The Last Watchdog

AUGUST 21, 2023

They may claim that a new credit card or checking account has been opened in the victim’s name, providing specific details such as addresses and alleged deposits to sound convincing. He received a call claiming a new checking account was opened in his name, complete with his correct address and a $5,000 deposit.

Scams 246

Scams Banking Accountability Authentication 246

Security Affairs

APRIL 30, 2023

ViperSoftX uses more sophisticated encryption and anti-analysis techniques Atomic macOS Stealer is advertised on Telegram for $1,000 per month CISA warns of a critical flaw affecting Illumina medical devices OpenAI reinstates ChatGPT service in Italy after meeting Garante Privacy’s demands Cisco discloses a bug in the Prime Collaboration Deployment (..)

Cybercrime 88

Cybercrime Malware Hacking Accountability 88

Security Affairs

MAY 2, 2023

Cybersecurity and Infrastructure Security Agency (CISA) has added the following three new issues to its Known Exploited Vulnerabilities Catalog : CVE-2023-1389 (CVSS score: 8.8) – TP-Link Archer AX-21 Command Injection Vulnerability. CVE-2023-21839 (CVSS score: 7.5) – Oracle WebLogic Server Unspecified Vulnerability.

Education 86

Education Media Cybersecurity Hacking 86

Malwarebytes

OCTOBER 9, 2023

On Friday October 6, 2023, 23andMe confirmed via a somewhat opaque blog post that threat actors had "obtained information from certain accounts, including information about users’ DNA Relatives profiles." However, the damage seems to go far beyond the accounts with reused passwords.

Passwords 134

Passwords Accountability Scams Social Engineering 134

NetSpi Executives

NOVEMBER 7, 2023

This delivers actionable results faster, enabling your team to mitigate vulnerabilities, reduce risk, and boost defenses. This blog post is a part of our offensive security solutions update series. A test that previously took three to five days can now be completed in two to three days.

Social Engineering 59

Social Engineering Engineering Phishing Security Awareness 59

Duo's Security Blog

FEBRUARY 6, 2024

According to Cisco Talos, three of the top five MITRE ATT@CK techniques used in 2023 were identity-based. Even before the high-profile attacks in 2023, the trend in adopting zero trust security principles already showed that identity security must be a major priority for organizations of all sizes.

Accountability 81

Accountability Authentication Risk Marketing 81

Duo's Security Blog

JANUARY 23, 2024

Throughout 2023, we’ve heard about many high-profile security incidents targeting a wide range of publicly listed companies. To add, Cisco Talos 2023 Year in Review (page 7) highlights hackers' use of “Valid Accounts” as the second most common attack technique observed for the year. WebAuthn is important.

Authentication 75

Authentication Accountability CISO Technology 75

eSecurity Planet

JULY 12, 2023

Microsoft’s Patch Tuesday for July 2023 includes nine critical flaws, and five are actively being exploited. ” The July 2023 fixes include updates for 130 vulnerabilities, a significant increase from last month’s total of 78. . Notably, one of those five remains unpatched at this point. Here are the details.

Encryption 95

Encryption Accountability VPN Engineering 95

Security Affairs

APRIL 10, 2023

The zero-day CVE-2023-28205 is a use after free issue that resides in the WebKit, its exploitation may lead to arbitrary code execution. The zero-day CVE-2023-28206 is an out-of-bounds write issue that resides in the IOSurfaceAccelerator. “An CISA orders federal agencies to fix this flaw by May 1st, 2023. reads the advisory.

Education 88

Education Media Cybersecurity Accountability 88

Centraleyes

DECEMBER 10, 2023

Many companies find the SOC 2 report a fundamental component of their vendor risk assessment when onboarding a new vendor. The audit itself is conducted by an official auditor, often from the “Big-4” (the 4 largest accounting firms in the US) but the preparation isn’t required to be. Take the opportunity to remediate and mitigate now!

Risk 59

Risk Data breaches Software Information Security 59

Security Affairs

APRIL 1, 2023

On March 29, 2023, The Lock Bit ransomware gang announced the hack of the South Korean National Tax Service. The group added the South Korean agency to its Tor leak site and announced the release of stolen data by April 1st, 2023 in case the ransom was not paid.

Identity Theft 87

Identity Theft Ransomware Scams Education 87

Security Affairs

APRIL 8, 2023

The CVE-2023-26083 flaw in the Arm Mali GPU driver is chained with other issues to install commercial spyware, as reported by Google’s Threat Analysis Group (TAG) in a recent report. CISA orders federal agencies to fix this flaw by April 28, 2023.

Backups 80

Backups Spyware Ransomware Education 80

Security Affairs

MAY 11, 2023

Researchers from PatchStack discovered that the plugin is affected by an unauthenticated privilege escalation issue, tracked as CVE-2023-32243, that can allow remote attackers to gain administrator rights on the website. The plugin has more than one million active installations. to 5.7.1. .”

Hacking 93

Hacking Risk Passwords Accountability 93

Duo's Security Blog

APRIL 20, 2023

Through the first two months of 2023 alone, the Australian Competition and Consumer Commission’s Scamwatch reported more than 19,000 phishing reports with estimated financial losses of more than $5.2 Accounting for nearly a quarter of reported incidents in Australia, phishing is a broad category of social engineering with several variations.

Phishing 77

Phishing Social Engineering Authentication Engineering 77

Security Affairs

APRIL 5, 2023

The JCDC has seen the benefits of collaboration for exigent risks (such as the heightened awareness and protection related to Russia’s invasion of Ukraine and the Log4Shell vulnerability) but sees a remaining gap when it comes to imminent risk. To address this gap, the JCDC is planning proactive measures for future cyber risks.

Energy and Utilities 77

Energy and Utilities Cyber threats Risk Cyber Risk 77

Security Affairs

APRIL 4, 2023

The attacker can also use the compromised accounts to carry out lateral phishing attacks and further infiltrate the target organizations TA473 targeted US elected officials and staffers since at least February 2023. CISA orders federal agencies to fix this flaw by April 24, 2023.

Phishing 91

Phishing Spyware Government Passwords 91

Security Affairs

MAY 4, 2023

Cybersecurity researchers from VulnCheck have developed a new exploit for the recently disclosed critical flaw in PaperCut servers, tracked as CVE-2023-27350 (CVSS score: 9.8), that bypasses all current detections. The CVE-2023-27350 flaw is a PaperCut MF/NG Improper Access Control Vulnerability. ” states VulnCheck.

Education 92

Education Malware Software Cybersecurity 92

Security Affairs

APRIL 5, 2023

The STYX marketplace was launched at the beginning of 2023. The discovery of STYX coincides with Resecurity financial crime risk analysts observing a significant increase in threat actors offering money-laundering services that exploit digital banking and cryptocurrency accounts.

Banking 79

Banking Cybercrime Accountability Risk 79