Security Boulevard

DECEMBER 30, 2024

In December 2023, as cyberattacks surged, the U.S. Securities and Exchange Commission (SEC)began enforcing new cybersecurity disclosure rules. Recognizing the critical need for transparency and robust cybersecurity measures, the U.S. This pushed C-level executives and boards to adopt measures for compliance and transparency.

Cybersecurity 85

Cybersecurity Cyber Risk CISO Risk 85

The Last Watchdog

APRIL 30, 2023

The theme of RSA Conference 2023 — ‘stronger together’ — was certainly well chosen. It certainly was terrific to see the cybersecurity industry’s premier trade event fully restored to its pre-Covid grandeur at San Francisco’s Moscone Center last week.

Mobile 238

Mobile Cloud Migration Penetration Testing Authentication 238

Security Affairs

OCTOBER 12, 2024

Since April 2021, Russian state-sponsored hackers have exploited vulnerabilities, including Zimbra’s CVE-2022-27924 for injecting commands to access credentials and emails, and JetBrains TeamCity’s CVE-2023-42793 for arbitrary code execution through an authentication bypass.

Data collection 137

Data collection Authentication Hacking Government 137

Malwarebytes

MAY 1, 2025

Without robust IT budgets or fully staffed cybersecurity departments, small businesses often rely on their own small stable of workers (including sole proprietors with effectively zero employees) to stay safe online. That means that what worries these businesses most in cybersecurity is what is most likely to work against them.

Small Business 88

Small Business Cybersecurity Scams Passwords 88

Security Affairs

JANUARY 31, 2025

In October 2024, VMware warned customers of the availability of a proof-of-concept (PoC) exploit code for another authentication bypass vulnerability, tracked as CVE-2023-34051 , in VMware Aria Operations for Logs (formerly known as vRealize Log Insight). The vulnerability CVE-2023-34051 (CVSS score 8.1)

Authentication 107

Authentication Hacking Cybersecurity Information Security 107

Security Affairs

FEBRUARY 26, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Partner Center and Synacor Zimbra Collaboration Suitevulnerabilities to its Known Exploited Vulnerabilities catalog. A remote authenticated attacker could exploit the vulnerability to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.

Authentication 102

Authentication Hacking Cybersecurity Risk 102

Jane Frankland

NOVEMBER 20, 2023

So, having just written my predictions for cybersecurity for the coming year, which will be coming to you shortly, I thought I’d look back at the ones I made for this year (for the International Security Journal (ISJ) ) and discover how accurate they were. Here are my predictions for 2023. Types of attacks.

Cybersecurity 130

Cybersecurity Digital transformation Artificial Intelligence Architecture 130

IT Security Guru

MARCH 14, 2025

Cybercrime is a growing problem, with 39% of UK businesses experiencing cyber attacks in 2023. Wordfence Security Wordfence Security is one of the most popular cybersecurity plugins for WordPress. Another feature is two-factor authentication, which adds an extra layer of protection when logging in.

Cybersecurity 74

Cybersecurity Firewall Cyber Attacks Passwords 74

The Last Watchdog

SEPTEMBER 25, 2023

If you’re a small business looking for the secret sauce to cybersecurity, the secret is out: start with a cybersecurity policy and make the commitment to security a business-wide priority. The average cost of a cybersecurity breach was $4.45 The average cost of a cybersecurity breach was $4.45 Stay proactive.

Small Business 222

Small Business Cybersecurity Technology Accountability 222

Krebs on Security

NOVEMBER 9, 2024

For example, in its most recent transparency report (PDF) Verizon said it received more than 127,000 law enforcement demands for customer data in the second half of 2023 — including more than 36,000 EDRs — and that the company provided records in response to approximately 90 percent of requests. dot-gov emails get hacked.

Hacking 294

Hacking Accountability Government Social Engineering 294

Security Affairs

JANUARY 12, 2024

Researchers published a proof-of-concept (PoC) code for the recently disclosed critical flaw CVE-2023-51467 in the Apache OfBiz. Researchers from cybersecurity firm VulnCheck have created a proof-of-concept (PoC) exploit code for the recently disclosed critical flaw CVE-2023-51467 (CVSS score: 9.8) in the Apache OfBiz.

Authentication 144

Authentication Software Passwords Hacking 144

Security Affairs

DECEMBER 17, 2024

In March 2023, Lumen Black Lotus Labs researchers uncovered a sophisticated campaign called HiatusRAT that infected over 100 edge networking devices globally. Starting in mid-June through August 2023, Black Lotus Labs observed multiple newly compiled versions of the HiatusRAT malware discovered in the wild.

Architecture 109

Architecture Internet Internet Malware 109

The Last Watchdog

MARCH 1, 2023

The IT world relies on digital authentication credentials, such as API keys, certificates, and tokens, to securely connect applications, services, and infrastructures. In January 2023, CircleCI was breached. Cybersecurity teams are taking hard-coded secrets in source code seriously.

Authentication 222

Authentication CISO Software Passwords 222

Security Affairs

OCTOBER 2, 2023

Experts warn of threat actors actively exploiting CVE-2023-40044 flaw in recently disclosed flaw in Progress Software’s WS_FTP products. The vulnerability was discovered by researchers at the cybersecurity firm Assetnote. It was a bit shocking that we were able to reach the deserialization sink without any authentication.”

Authentication 130

Authentication Software Internet Internet 130

Security Affairs

NOVEMBER 1, 2023

Experts warn that threat actors started exploiting the critical flaw CVE-2023-46747 in F5 BIG-IP installs less than five days after PoC exploit disclosure. F5 this week warned customers about a critical security vulnerability, tracked as CVE-2023-46747 (CVSS 9.8), that impacts BIG-IP and could result in unauthenticated remote code execution.

Authentication 132

Authentication Hacking Cybersecurity Information Security 132

The Last Watchdog

SEPTEMBER 24, 2024

The breach was initially caused by a third-party malicious actor who infiltrated NPD’s systems in December 2023. Related: Class-action lawsuits pile up in wake of NPD hack So what’s the connection? NPD reported the exposure of over 2.7 billion records. Canadian, and British citizens.

Authentication 216

Authentication Identity Theft Banking Data breaches 216

SecureWorld News

FEBRUARY 13, 2025

According to a 2023 study by Sumsub , deepfake fraud attempts increased by 704% between 2022 and 2023. Traditionally, attackers relied on phishing emails to impersonate executives, but deepfakes now enable fraudsters to conduct real-time video and voice calls that appear authentic.

Social Engineering 85

Social Engineering Authentication Identity Theft Engineering 85

Security Affairs

OCTOBER 9, 2023

IBM observed a credential harvesting campaign that is targeting Citrix NetScaler gateways affected by the CVE-2023-3519 vulnerability. IBM’s X-Force researchers reported that threat actors are conducting a large-scale credential harvesting campaign exploiting the recent CVE-2023-3519 vulnerability (CVSS score: 9.8)

VPN 135

VPN Authentication Cyber Attacks Hacking 135

SecureList

MAY 14, 2024

Incident response analyst report 2023 As an information security company, our services include incident response and investigation, and malware analysis. Our annual Incident Response Report presents anonymized statistics on the cyberattacks we investigated in 2023. This attack vector was among the three most frequently seen in 2023.

Ransomware 131

Ransomware Authentication Passwords Government 131

Thales Cloud Protection & Licensing

JANUARY 22, 2025

HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA madhav Thu, 01/23/2025 - 06:25 Data Breaches in Healthcare: Why Stronger Regulations Matter A data breach involving personal health information isnt just about stolen filesits a gut punch to trust and a serious shake-up to peoples lives.

Healthcare 62

Healthcare Cybersecurity Data breaches Encryption 62

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Broken Authentication 5. Broken Authentication 5. Mitigation: implement authentication and authorization controls according to the role-based access model.

Passwords 140

Passwords Authentication Architecture Risk 140

Thales Cloud Protection & Licensing

OCTOBER 24, 2024

New Cybersecurity Rules for Financial Institutions in New York State Take Effect November 1, 2024 madhav Fri, 10/25/2024 - 06:09 The next major deadline for compliance with the updated cybersecurity rules from the New York State Department of Financial Services (NYDFS) is November 1, 2024.

Financial Services 62

Financial Services Cybersecurity CISO Backups 62

The Last Watchdog

JULY 11, 2024

Passwords have been the cornerstone of basic cybersecurity hygiene for decades. But as secure and user-friendly as these authentication methods are, cybercriminals are already busily sidestepping all forms of authentication – passwords, MFA, and passkeys – to sometimes devastating effect. And this attack method is on the rise.

Authentication 124

Authentication Passwords Malware Accountability 124

Anton on Security

JANUARY 3, 2023

We anticipate an increase in targeting of identities that allow cross-platform authentication as actors recognise the value in compromising identities rather than endpoints. ” [A.C. — this this data point is from 2020 , so treat this as a low boundary in 2023. Google Cybersecurity Action Team Threat Horizons Report #3 Is Out!

Cybersecurity 185

Cybersecurity Backups DDOS Accountability 185

Tech Republic Security

APRIL 25, 2023

Cisco took the stage at RSA 2023 to tout extended detection and response as key to a unified cross-domain security platform, plus new Duo MFA features. The post RSA: Cisco launches XDR, with focus on platform-based cybersecurity appeared first on TechRepublic.

Cybersecurity 170

Cybersecurity Authentication 170

SecureWorld News

NOVEMBER 13, 2024

The MOVEit vulnerability (CVE-2023-34362), first exploited in May 2023, allowed unauthenticated attackers to gain unauthorized access to vulnerable systems. The MOVEit data theft and extortion attacks in May 2023 impacted a significant number of individuals and organizations globally. Public advisories: The U.S.

Data breaches 117

Data breaches Identity Theft Education Software 117

Krebs on Security

APRIL 4, 2023

When Genesis customers purchase a bot, they’re purchasing the ability to have all of the victim’s authentication cookies loaded into their browser, so that online accounts belonging to that victim can be accessed without the need of a password, and in some cases without multi-factor authentication. Image: KrebsOnSecurity.

Marketing 363

Marketing Cybercrime Passwords Banking 363

SecureWorld News

APRIL 23, 2025

The United States Cybersecurity and Infrastructure Security Agency (CISA) is confronting a pivotal moment following the recent resignations of two senior officials who were instrumental in the agency's Secure by Design initiative. Zabierek, who previously led the Cyber Security Project at Harvard's Belfer Center, joined CISA in 2023.

Manufacturing 93

Manufacturing Software Cybersecurity Authentication 93

Security Affairs

DECEMBER 3, 2024

The ‘Bootkitty’ Linux UEFI bootkit exploits the LogoFAIL flaws (CVE-2023-40238) to target systems using vulnerable firmware. Cybersecurity researchers from ESET recently discovered the first UEFI bootkit designed to target Linux systems, called by its authors Bootkitty.

Firmware 107

Firmware Manufacturing Malware Authentication 107

Security Affairs

OCTOBER 31, 2023

Researchers publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. ai publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. “[the PoC code] is an example request that bypasses authentication on vulnerable instances of IOS-XE.

Internet 140

Internet Internet Software Accountability 140

Security Affairs

MAY 2, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA100 and Apache HTTP Server flaws to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! The company addressed the flaws with the following releases: CVE-2023-44221 10.2.1.10-62sv

Firmware 70

Firmware Authentication VPN Mobile 70

Joseph Steinberg

JANUARY 4, 2023

Zero Trust is a term that is often misunderstood and misused, which is why I wrote an article not long ago entitled Zero Trust: What These Overused Cybersecurity Buzz Words Actually Mean – And Do Not Mean. appeared first on Joseph Steinberg: CyberSecurity Expert Witness, Privacy, Artificial Intelligence (AI) Advisor.

Architecture 361

Architecture Artificial Intelligence Encryption Cybersecurity 361

Security Affairs

NOVEMBER 9, 2024

Florian Hauser, cybersecurity researcher at CODE WHITE Gmbh, reported this vulnerability. Attackers accessed targets via VPN gateways lacking multifactor authentication, some of which ran outdated software. Akira was first seen in 2023 and appears to be inactive since mid-October with its information leak site now offline.”

Backups 133

Backups Ransomware VPN Accountability 133

SecureWorld News

NOVEMBER 22, 2024

Scattered Spider has gained infamy for its high-profile cyberattacks, including the ransomware assault on MGM Casino in 2023 , which caused widespread disruption. This case highlights the critical role of employee awareness and robust cybersecurity measures.

Phishing 108

Phishing Identity Theft Cryptocurrency Cybercrime 108

SecureWorld News

JANUARY 16, 2025

This article delves deeper into the challenges faced by the oil and gas industry, highlighting practical strategies to safeguard critical infrastructure through cybersecurity, data analytics, and regulatory compliance. Enhanced authentication protocols: Using MFA could have prevented unauthorized access.

Energy and Utilities 109

Energy and Utilities IoT Artificial Intelligence Backups 109

The Last Watchdog

DECEMBER 8, 2022

This overconfidence is cause for concern for many cybersecurity professionals as humans are the number one reason for breaches (how many of your passwords are qwerty or 1234five?). Only 33 percent consistently use two-factor authentication (2FA). Only 28 percent don’t use repeated passwords•Only 20 percent use a password manager.

Cybersecurity 203

Cybersecurity Passwords Password Management Ransomware 203

Security Affairs

OCTOBER 15, 2024

The cybersecurity researcher HaxRob analyzed a new variant of the FASTCash “payment switch” malware which targets Linux systems. The previously undetected Linux variant was first submitted to VirusTotal in June 2023, however it was likely developed on a VMware VM for Ubuntu 20.04 LTS distributions. post-April 2022.

Malware 133

Malware Banking Hacking Accountability 133