Security Affairs

APRIL 25, 2023

VMware released security updates to address two zero-day vulnerabilities ( CVE-2023-20869, CVE-2023-20870 ) that were chained by the STAR Labs team during the Pwn2Own Vancouver 2023 hacking contest against Workstation and Fusion software hypervisors. They earned $80,000 and 8 Master of Pwn points.

Hacking 94

Hacking Education Software Media 94

Security Affairs

APRIL 12, 2023

SAP April 2023 security updates include a total of 24 notes, 19 of which are new vulnerabilities. CVE-2023-28765 : An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) – versions 420, 430, can exploit the issue to access to lcmbiar file and further decrypt the file.

Education 78

Education Media Authentication Passwords 78

Security Affairs

APRIL 19, 2023

Google rolled out emergency fixes to address another actively exploited high-severity zero-day flaw, tracked as CVE-2023-2136 , in its Chrome web browser. The vulnerability is an Integer overflow in the Skia graphics library, the issue was reported by Clément Lecigne of Google’s Threat Analysis Group on April 12, 2023.

Education 86

Education Media Engineering Hacking 86

Security Affairs

APRIL 14, 2023

Google released an emergency security update to address the first Chrome zero-day vulnerability (CVE-2023-2033) in 2023, the company is aware of attacks in the wild exploiting the issue. The vulnerability was reported by Clément Lecigne of Google’s Threat Analysis Group on 2023-04-11. “Type Confusion in V8.

Education 78

Education Media Engineering Hacking 78

Heimadal Security

AUGUST 23, 2023

The scraped DuoLingo data was previously for sale on another dark forum, in January 2023, at a cost of $1,500. Million DuoLingo Users` Data on Hacking Forum appeared first on Heimdal Security Blog. How Did Hackers Obtain the Data The […] The post Threat Actors Leak 2.6

Hacking 91

Hacking Cybersecurity 91

Heimadal Security

SEPTEMBER 15, 2023

The year 2022 witnessed an alarming increase in the number of incidents where hospitals and other healthcare facilities were hacked, resulting in data breaches, system shutdowns, and compromised patient care.

Data breaches 59

Data breaches Healthcare Hacking 59

Graham Cluley

MAY 10, 2024

Boeing has confirmed that it received a demand for a massive $200 million after a ransomware attack by the notorious LockBit hacking group in October 2023. Read more in my article on the Hot for Security blog.

Ransomware 104

Ransomware Hacking Data breaches Malware 104

Graham Cluley

JUNE 20, 2023

In the 12 months running up to May 2023, the login credentials of over 100,000 hacked ChatGPT accounts found their way onto dark web marketplaces. Read more in my article on the Hot for Security blog.

Accountability 75

Accountability Hacking Malware 75

SecureList

JANUARY 18, 2023

Last year, the cybersecurity of corporations and government agencies was more significant than ever before, and will become even more so in 2023. The trend for personal data leaks grew rapidly in 2022 and will continue into 2023. The number of posts in those blogs grew in 2022, both in open sources and on the dark web.

Media 106

Media Social Engineering Ransomware Hacking 106

Security Affairs

MAY 11, 2023

Industrial and IoT cybersecurity firm Claroty disclosed technical details of five vulnerabilities that be exploited to hack some Netgear router models. “Team82 disclosed five vulnerabilities in NETGEAR’s Nighthawk RAX30 routers as part of its research and participation in last December’s Pwn2Own Toronto hacking competition.”

Hacking 92

Hacking Firmware Authentication DNS 92

NetSpi Executives

DECEMBER 28, 2023

Before we dive into the new year, we’re taking a moment to reflect on 2023—a year that passed by in a blur of milestones and moments. Our Favorite #TeamNetSPI Moments Marking milestones and welcoming new furry faces was all part of an exciting 2023 for our team. Here are the top three technical articles our audience loved in 2023.

Education 93

Education Penetration Testing CISO Cybersecurity 93

Security Affairs

MAY 24, 2023

The vulnerability, tracked as CVE-2023-2868, resides in the module for email attachment screening, the issue was discovered on May 19 and the company fixed it with the release of two security patches on May 20 and 21. “Barracuda identified a vulnerability ( [link] ) in our Email Security Gateway appliance (ESG) on May 19, 2023.

Hacking 96

Hacking Network Security Cybersecurity Information Security 96

Heimadal Security

APRIL 10, 2023

The law firm informed its clients on March 30, 2023, that on November 15, 2022, an unauthorized third party acquired remote access to the firm’s computers.

Hacking 87

Hacking Cybersecurity 87

Security Affairs

MAY 9, 2023

Microsoft Patch Tuesday Security updates for May 2023 address a total of 40 vulnerabilities, including two zero-day actively exploited in attacks. Microsoft’s May 2023 security updates address 40 vulnerabilities, including two zero-day flaws actively exploited in attacks. This vulnerability is actively exploited in attacks.

Antivirus 94

Antivirus Malware Hacking Cybersecurity 94

eSecurity Planet

FEBRUARY 2, 2024

Teslas Get the Spotlight in Recent Ethical Hacking Efforts Researchers have discovered multiple vulnerabilities within Teslas since March 2023. Rapid7’s Zero Day Initiative hosts an event called Pwn2Own, and at the 2023 event, computer security firm Synactiv hacked a Tesla computer within two minutes.

Hacking 122

Hacking IoT Firmware Cybersecurity 122

SecureList

MAY 11, 2023

Although early 2023 saw a slight decline in the number of ransomware attacks, they were more sophisticated and better targeted. A few months after last year’s blog post came out, we stumbled across a new multi-platform ransomware family, which targeted both Linux and Windows. In 2022, Kaspersky solutions detected over 74.2M

Ransomware 120

Ransomware Malware Architecture Telecommunications 120

Security Affairs

MAY 1, 2023

T-Mobile disclosed the second data breach of 2023, threat actors had access to the personal information of hundreds of customers since February. T-Mobile suffered the second data breach of 2023, threat actors had access to the personal information of hundreds of customers starting in late February 2023.

Data breaches 67

Data breaches Mobile Identity Theft Accountability 67

Security Affairs

AUGUST 24, 2023

Proof-of-concept exploit code for critical Ivanti Sentry authentication bypass flaw CVE-2023-38035 has been released. Researchers released a proof-of-concept (PoC) exploit code for critical Ivanti Sentry authentication bypass vulnerability CVE-2023-38035 (CVSS score 9.8). The vulnerability CVE-2023-38035 impacts Sentry versions 9.18

Internet 76

Internet Internet Authentication Risk 76

Security Affairs

APRIL 6, 2023

Ransomware gang Money Message claims to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International). Ransomware gang Money Message announced to have hacked the Taiwanese multinational IT corporation MSI (Micro-Star International).

Hacking 73

Hacking Ransomware Manufacturing Education 73

Security Boulevard

FEBRUARY 16, 2023

It involves thoroughly examining the codebase to detect and address potential security risks, for instance, vulnerabilities to hacking, data breaches, and other malicious attacks. The review needs to be conducted by a team of security experts, developers, […] The post Top Secure Code Review Companies in 2023 appeared first on Kratikal Blogs.

Data breaches 52

Data breaches Software Risk Hacking 52

eSecurity Planet

NOVEMBER 6, 2023

30, 2023 NGINX Ingress Controller for Kubernetes Flaws Can Lead to Credential Theft Type of Attack: Path sanitization bypass and injection vulnerabilities discovered in the NGINX Ingress controller can allow for credential theft, arbitrary command execution, and critical data access. CVE-2023-5044 (Code Injection): This CVSS score 7.6

Software 110

Software Education Ransomware Firmware 110

Security Affairs

MAY 16, 2023

affected by CVE-2023-32346, CVE-2023-32347, CVE-2023-32348, CVE-2023-2587, CVE-2023-2588) Remote Management System (RMS): Versions prior to 4.14.0 affected by CVE-2023-2586) RUT model routers: Version 00.07.00 affected by CVE-2023-32349) RUT model routers: Version 00.07.00 through 00.07.03.4

Hacking 88

Hacking Internet Internet Manufacturing 88

SecureList

NOVEMBER 14, 2022

We polled our experts from the GReAT team and have gathered a small number of key insights about what APT actors are likely to focus on in 2023. Last June, Google’s TAG team released a blog post documenting attacks on Italian and Kazakh users that they attribute to RCS Lab, an Italian offensive software vendor.

Firmware 110

Firmware Surveillance Mobile Telecommunications 110

Security Affairs

MAY 15, 2023

DRM Dashboard Ransomware Monitor released the first quarterly report for the year 2023 about the activities of ransomware groups globally. DRM Dashboard Ransomware Monitor, an independent platform of cybersecurity monitoring, is pleased to release the quarterly the DRM-Report for the first quarter of 2023.

Ransomware 73

Ransomware Cybercrime Cybersecurity Hacking 73

Security Through Education

JANUARY 18, 2023

Perhaps we thought, who would want to hack a completely unknow person like me? What are some personal cybersecurity concerns for 2023? Business email compromise (BEC) attacks have been predicted to soar in 2023 according to Forbes Advisor. The truth is technology has grown at an exponential rate and so has cybercrime.

Cybersecurity 98

Cybersecurity Social Engineering Scams IoT 98

Pen Test Partners

JANUARY 31, 2024

22 nd Feb 2023 : We contacted the Airbus VDP team to ask if the fix had been pushed in the latest version of Flysmart+, given we were well in to the new year. 26 th May 2023: Airbus replied, confirming that the ‘mitigation measure’ had been communicated to customers. The post Hacking Electronic Flight Bags.

Hacking 120

Hacking Engineering Encryption Software 120

Quick Heal Antivirus

MAY 21, 2023

We’re Midway into 2023, and the threat landscape is evolving with new variants of viruses and malware that. The post The Threat Landscape: Emerging Viruses and Malware to Watch Out For in 2023 appeared first on Quick Heal Blog.

Malware 64

Malware Social Engineering Antivirus Banking 64

Security Boulevard

NOVEMBER 16, 2023

What the MOVEit Breach Tells Us About the Challenges of Patching On May 31, 2023, little-known software developer Progress Software published details of a critical vulnerability in MOVEit Transfer, a popular managed file transfer service.

Hacking 69

Hacking Software 69

Security Affairs

JUNE 1, 2023

The BlackCat ransomware gang claims to have hacked the Casepoint legal technology platform used US agencies, including SEC and FBI. pic.twitter.com/g5jpz2Rtm6 — Dominic Alvieri (@AlvieriD) May 30, 2023 The gang claims to have stolen 2TB of sensitive data, belonging to lawyers, SEC, DoD, FBI, Police and more.

Technology 76

Technology Hacking Ransomware Manufacturing 76

Heimadal Security

OCTOBER 13, 2023

A new Balada Injector campaign used known WordPress plugin and theme vulnerabilities to hack over 17,000 websites during September 2023. Threat actors exploited the CVE-2023-3169 cross-site scripting (XSS) vulnerability in tagDiv Composer. Composer is a tool for the tagDiv’s Newspaper and Newsmag WordPress themes.

Malware 104

Malware Hacking Cybersecurity 104

Security Affairs

MAY 12, 2023

Recently, VIPRE Security Group published their Email Security in 2023 report , where they shared insights on the development of email-based threats and how they can impact organizations. What Can We Expect in 2023? It’s not likely to stop there. QR code spoofing. 1 There will be more remote work-based attacks.

Phishing 84

Phishing Social Engineering Small Business B2B 84

Malwarebytes

JANUARY 31, 2024

In this blog post, we look at a recent Nitrogen campaign and specifically at how the initial payload is being served onto victims. The threat actors seem to have a preference for hosting their payloads on compromised WordPress sites, many of which are already hacked with malicious PHP shell scripts.

Malware 79

Malware Hacking System Administration Ransomware 79

Security Affairs

APRIL 9, 2023

The Estonian man is accused of having helped the Russian government and military to purchase US-made electronics and hacking tools. “Shevlyakov also attempted to acquire computer hacking tools.” hacking tools and electronics appeared first on Security Affairs. ” reads a press release published by DoJ.

Computers and Electronics 78

Computers and Electronics Hacking Penetration Testing Manufacturing 78

Heimadal Security

NOVEMBER 24, 2023

Notorious North Korean hacking group, Lazarus, breached Taiwanese multimedia software company CyberLink and trojanized an installer to instead push malware in a complex supply chain attack, with the possibility of a worldwide reach.

Malware 95

Malware Software Hacking Cybersecurity 95

BH Consulting

DECEMBER 11, 2023

Cloud security was also a theme in Microsoft’s ‘Cybersecurity Trends in Ireland 2023’ report. It’s the SANS Holiday Hack Challenge. Sign up here The post Security Roundup December 2023 appeared first on BH Consulting. Links we liked A fun new Yuletide game? MORE Have you signed up to our monthly newsletter?

Surveillance 52

Surveillance Cybersecurity DDOS Data breaches 52

Security Affairs

APRIL 20, 2023

VMware fixed two severe flaws, tracked as CVE-2023-20864 and CVE-2023-20865, impacting the VMware Aria Operations for Logs product. The vulnerability CVE-2023-20864 (CVSSv3 base score of 9.8)

Education 86

Education Media Hacking Accountability 86

Malwarebytes

JUNE 29, 2023

Stalkerware-type app LetMeSpy says it has been hacked, with the attacker taking user data with it. From the message posted to the login screen on the LetMeSpy website: On June 21, 2023, a security incident occurred involving obtaining unauthorized access to the data of website users.

Spyware 88

Spyware Hacking Antivirus Passwords 88