Security Boulevard

DECEMBER 10, 2023

SOC 2 is the gold standard in Information Security certifications and shows the world just how seriously your company takes Information Security. Originally established by the American […] The post The SOC 2 Compliance Checklist for 2023 appeared first on Centraleyes.

Information Security 67

Information Security 67

Security Affairs

SEPTEMBER 28, 2023

Google released security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-5217, in the Chrome browser. Google on Wednesday released security updates to address a new actively exploited zero-day flaw in the Chrome browser which is tracked as CVE-2023-5217.

Surveillance 118

Surveillance Spyware Passwords Hacking 118

Security Affairs

JANUARY 12, 2024

Researchers published a proof-of-concept (PoC) code for the recently disclosed critical flaw CVE-2023-51467 in the Apache OfBiz. Researchers from cybersecurity firm VulnCheck have created a proof-of-concept (PoC) exploit code for the recently disclosed critical flaw CVE-2023-51467 (CVSS score: 9.8) in the Apache OfBiz.

Authentication 132

Authentication Software Passwords Hacking 132

Security Affairs

SEPTEMBER 11, 2023

Google rolled out emergency security updates to address a new Chrome zero-day (CVE-2023-4863) actively exploited in the wild. Google rolled out emergency security updates to address a zero-day vulnerability that has been actively exploited in attacks in the wild since the start of the year.

Architecture 121

Architecture Engineering Hacking Information Security 121

Security Affairs

OCTOBER 4, 2023

The DRM Report Q2 2023 report provides a detailed insight into the ransomware threat landscape during the period between May and August 2023. Ransomware, a menace that has evolved into a formidable adversary, takes center stage in our examination of the cyber threat landscape during the second quarter of 2023.

Ransomware 114

Ransomware Data collection Cyber threats Hacking 114

Security Affairs

FEBRUARY 13, 2024

Maintainers behind the Ransomfeed platform have released Q3 Report 2023 including activities of 185 criminal groups operating worldwide. This report offers an exhaustive account of ransomware threats in the third quarter of 2023, spotlighting activities monitored by the OSINT Ransomfeed platform.

Ransomware 113

Ransomware Data collection Hacking Cybersecurity 113

Security Affairs

OCTOBER 18, 2023

Google’s Threat Analysis Group (TAG) reported that in recent weeks multiple nation-state actors were spotted exploiting the vulnerability CVE-2023-38831 in WinRAR. The researchers reported that several cybercrime groups began exploiting the flaw in early 2023, when the bug was still a zero-day. ” reported Google TAG.

Cybercrime 127

Cybercrime Malware Software Hacking 127

Security Affairs

NOVEMBER 28, 2023

Threat actors started exploiting a critical ownCloud vulnerability (CVE-2023-49103) that can lead to sensitive information disclosure. The vulnerability, tracked as CVE-2023-49103 , resides in the Graphapi app, which relies on a third-party GetPhpInfo.php library that provides a URL. ” reported the company.

Cybersecurity 118

Cybersecurity Passwords Internet Internet 118

Security Affairs

MARCH 13, 2024

Threat actors behind the ransomware attacks that hit Stanford University in 2023 gained access to 27,000 people. Stanford University confirmed that threat actors behind the September 2023 ransomware attack had access to 27,000 people. 27, 2023. . Stanford was breached last year by Clop Ransomware.

Ransomware 115

Ransomware Data breaches Passwords Government 115

Security Affairs

JANUARY 19, 2024

Ransomware groups claimed that they successfully targeted 4191 victims in 2023, Cybernews researchers report. of attacks in 2023), while summer was the most active for ransomware attacks (30.4%). The top 10 groups, based on the number of victims, collectively account for 59% of the total victims in 2023.

Ransomware 127

Ransomware Manufacturing Retail Insurance 127

Security Affairs

SEPTEMBER 20, 2023

GitLab rolled out security patches to address a critical vulnerability, tracked as CVE-2023-5009, that can be exploited to run pipelines as another user. GitLab has released security patches to address a critical vulnerability, tracked as CVE-2023-5009 (CVSS score: 9.6), that allows an attacker to run pipelines as another user.

Hacking 115

Hacking Risk Information Security 115

SecureList

MARCH 12, 2024

Profile of participants and applications We collected the data from a sample of the application security assessment projects our team completed in 2021–2023. Recommendations provided in these rankings are general in nature and based on information security best practices standards and guidelines, such as OWASP and NIST.

Passwords 100

Passwords Authentication Architecture Risk 100

Security Affairs

SEPTEMBER 12, 2023

Microsoft September 2023 Patch Tuesday addressed 59 new flaws, including two vulnerabilities under active attack. Microsoft September 2023 Patch Tuesday security updates addressed 59 vulnerabilities, including two actively exploited zero-day. ” reported ZDI.

Hacking 126

Hacking Information Security 126

IT Security Guru

JANUARY 31, 2024

Nick Graham, Chief Technology Officer at information security software business Hicomply discusses the recent surge in interest around artificial intelligence. In 2023, we saw artificial intelligence gain a foothold in the public consciousness like never before.

Information Security 53

Information Security Artificial Intelligence Technology Risk 53

Security Affairs

SEPTEMBER 27, 2023

Google assigned a maximum score to a critical security flaw, tracked as CVE-2023-5129, in the libwebp image library for rendering images in the WebP format. Google assigned a new CVE identifier for a critical vulnerability, tracked as CVE-2023-5129 (CVSS score 10,0), in the libwebp image library for rendering images in the WebP format.

Spyware 123

Spyware Surveillance Software Hacking 123

Security Affairs

NOVEMBER 2, 2023

Rapid7 researchers warn of the suspected exploitation of a recently disclosed critical security flaw (CVE-2023-46604) in the Apache ActiveMQ. Cybersecurity researchers at Rapid7 are warning of the suspected exploitation of the recently disclosed critical vulnerability CVE-2023-46604 in the Apache ActiveMQ. before 5.18.3

Ransomware 122

Ransomware Cybercrime Software Encryption 122

Security Affairs

OCTOBER 2, 2023

Experts warn of threat actors actively exploiting CVE-2023-40044 flaw in recently disclosed flaw in Progress Software’s WS_FTP products. ” Cybersecurity firm Rapid7 reported that threat actors started exploiting the CVE-2023-40044 flaw shortly after the release of the PoC code by Assetnote.

Authentication 117

Authentication Software Internet Internet 117

CyberSecurity Insiders

MAY 1, 2023

Companies that fail to protect their customers’ information are likely to face lawsuits in the year 2023, as impacted customers are no longer willing to tolerate such acts at the expense of their privacy and financial losses. By the way, data spills occurring from state-funded hacks are no longer covered under cyber insurance.

Data breaches 138

Data breaches Cyber Insurance Insurance Technology 138

Security Affairs

JANUARY 1, 2024

These are the Top 2023 Security Affairs cybersecurity stories … enjoy it. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, Top 2023 Security Affairs cybersecurity stories) TB OF DATA STOLEN FROM DIGITAL INTELLIGENCE FIRM CELLEBRITE LEAKED ONLINE 1.7

Cybersecurity 115

Cybersecurity Spyware Data breaches Passwords 115

CyberSecurity Insiders

APRIL 11, 2023

As the world continues to face unprecedented cyber threats, Chief Information Security Officers (CISOs) are facing a growing number of challenges in their roles. In 2023, these challenges are likely to increase, and CISOs will have to be well-equipped to overcome them.

CISO 104

CISO Data privacy Cyber threats Cybersecurity 104

CyberSecurity Insiders

DECEMBER 6, 2022

Compliance, regulatory, and critical services will triage to the top of the priority and budget list for most IT security teams. Automation of processes previously done by staffing and manual efforts will be one of the top projects in 2023 to remedy resource reduction and constraints. CISO shortage. CISO exodus.

Cybersecurity 126

Cybersecurity CISO InfoSec Technology 126

Security Affairs

JANUARY 19, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti EPMM flaw CVE-2023-35082 to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the Ivanti EPMM flaw CVE-2023-35082 (CVSS score: 9.8) and below). .

Mobile 107

Mobile Internet Internet Hacking 107

Security Affairs

APRIL 29, 2024

Google announced that in 2023, they have prevented 2.28 This amazing result was possible thanks to the introduction of enhanced security features, policy updates, and advanced machine learning and app review processes. . Google announced they have prevented 2.28 million policy-violating apps from being published on Google Play.

Accountability 93

Accountability Malware Hacking Risk 93

Security Affairs

OCTOBER 31, 2023

Researchers publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. ai publicly released the exploit code for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198. We’ve developed a Proof of Concept for CVE-2023-20198 in #Cisco IOS XE. ” New POC Available!

Internet 129

Internet Internet Software Accountability 129

Security Affairs

OCTOBER 25, 2023

Citrix warned of attacks actively exploiting the vulnerability CVE-2023-4966 in NetScaler ADC and Gateway appliances. Citrix is urging administrators to secure all NetScaler ADC and Gateway appliances against the CVE-2023-4966 vulnerability, which is actively exploited in attacks. reported Citrix. reported Citrix.

Authentication 122

Authentication VPN Hacking Government 122

Security Affairs

OCTOBER 28, 2023

The Pwn2Own Toronto 2023 hacking competition is over, bug hunters earned $1,038,500 for 58 zero-day exploits. The Pwn2Own Toronto 2023 hacking competition is over, the organizers awarded $1,038,250 for 58 unique 0-days. That's a wrap on #Pwn2Own Toronto 2023! We awarded $1,038,250 for 58 unique 0-days during the event.

Hacking 134

Hacking Information Security 134

Security Affairs

OCTOBER 12, 2023

to address the CVE-2023-42824 vulnerability that has been actively exploited in attacks. to address the recently disclosed zero-day CVE-2023-42824. Last week, Apple released emergency security updates to address a new zero-day vulnerability, tracked as CVE-2023-42824, that is exploited in attacks targeting iPhone and iPad devices. “A

Hacking 113

Hacking Mobile Information Security 113

BH Consulting

NOVEMBER 22, 2023

IRISSCON , the annual cybercrime-themed conference organized by the Irish Reporting and Information Security Service (IRISS), was held in Dublin, Ireland, on November 16, 2023. Images > The post Photos: IRISSCON 2023 appeared first on BH Consulting.

Cybercrime 52

Cybercrime Information Security 52

Security Affairs

OCTOBER 9, 2023

IBM observed a credential harvesting campaign that is targeting Citrix NetScaler gateways affected by the CVE-2023-3519 vulnerability. IBM’s X-Force researchers reported that threat actors are conducting a large-scale credential harvesting campaign exploiting the recent CVE-2023-3519 vulnerability (CVSS score: 9.8)

VPN 117

VPN Authentication Cyber Attacks Passwords 117

Security Affairs

SEPTEMBER 4, 2023

Cybercrime will cost Germany 206 billion euros ($224 billion) in 2023, German digital association Bitkom told Reuters. According to the German digital association Bitkom, cybercrime will have a worrisome impact on the economy of the state in 2023.

Cybercrime 118

Cybercrime Cyber Attacks Cyber threats Hacking 118

Security Affairs

SEPTEMBER 3, 2023

Researcher released PoC exploit code for a recent critical flaw (CVE-2023-34039) in VMware Aria Operations for Networks. At the end of August, VMware released security updates to address two vulnerabilities in Aria Operations for Networks (formerly vRealize Network Insight), respectively tracked as CVE-2023-34039 (CVSS score: 9.8)

Authentication 124

Authentication Engineering Hacking Information Security 124

Security Affairs

OCTOBER 4, 2023

Software giant Atlassian released emergency security updates to address a critical zero-day vulnerability, tracked as CVE-2023-22515 (CVSS score 10), in its Confluence Data Center and Server software. The flaw CVE-2023-22515 is a privilege escalation vulnerability that affects Confluence Data Center and Server 8.0.0 and later.

Software 126

Software Accountability Authentication Internet 126

Security Boulevard

DECEMBER 25, 2022

And what are our cybersecurity and privacy predictions for 2023? The post The Year in Review and 2023 Predictions appeared first on The Shared Security Show. The post The Year in Review and 2023 Predictions appeared first on Security Boulevard. Thank you to all of our listeners for a great year!

Cybersecurity 98

Cybersecurity Data privacy Technology InfoSec 98

Security Affairs

SEPTEMBER 28, 2023

Cisco released security updates for an actively exploited zero-day flaw (CVE-2023-20109) that resides in the GET VPN feature of IOS and IOS XE software. The vulnerability resides in the Group Encrypted Transport VPN (GET VPN) feature of IOS and IOS XE.

VPN 116

VPN Software Encryption Authentication 116

Security Affairs

NOVEMBER 29, 2023

Cloud identity and access management solutions provider Okta revealed additional threat actor activity linked to the October 2023 breach. Okta provided additional details about the October 2023 breach and revealed additional threat actor malicious activities. On Thursday, October 19, Okta advised customers of a security incident.

Social Engineering 113

Social Engineering Authentication Engineering Accountability 113

Security Affairs

OCTOBER 11, 2023

Microsoft Patch Tuesday security updates for October 2023 fixed three actively exploited zero-day vulnerabilities. The three actively exploited zero-day vulnerabilities in today’s updates are: CVE-2023-36563 – Microsoft WordPad Information Disclosure Vulnerability An attacker can exploit this issue to disclose NTLM hashes.

Hacking 116

Hacking Information Security 116

Security Affairs

JANUARY 11, 2023

Microsoft Patch Tuesday security updates for January 2023 fixed 97 flaws and an actively exploited zero-day. One of the flaws addressed this month, tracked as CVE-2023-21674 (CVSS score 8.8), is listed as being in the wild at the time of release. Another issue fixed by Microsoft is the CVE-2023-21549 (CVSS Score 8.8)

Internet 98

Internet Internet Backups Hacking 98