Krebs on Security

APRIL 11, 2023

Microsoft today released software updates to plug 100 security holes in its Windows operating systems and other software, including a zero-day vulnerability that is already being used in active attacks. CVE-2023-28205 can be used by a malicious or hacked website to install code. iOS 15.5.7, and macOS 12.6.5 and 11.7.6.

Social Engineering 303

Social Engineering Ransomware Internet Internet 303

Krebs on Security

FEBRUARY 14, 2023

Microsoft is sending the world a whole bunch of love today, in the form of patches to plug dozens of security holes in its Windows operating systems and other software. The zero-day CVE-2023-21715 is a weakness in Microsoft Office that Redmond describes as a “security feature bypass vulnerability.”

Internet 61

Internet Internet Cyber threats Malware 61

Krebs on Security

DECEMBER 12, 2023

The final Patch Tuesday of 2023 is upon us, with Microsoft Corp. today releasing fixes for a relatively small number of security holes in its Windows operating systems and other software. For example, CVE-2023-35636 , which Microsoft says is an information disclosure vulnerability in Outlook.

Internet 291

Internet Internet Engineering Malware 291

Schneier on Security

MARCH 22, 2024

The highest reward for a vulnerability report in 2023 was $113,337, while the total tally since the program’s launch in 2010 has reached $59 million. Google’s other big software project, the Chrome browser, was the subject of 359 security bug reports that paid out a total of $2.1 BleepingComputer has the details.

Mobile 328

Mobile Software 328

Krebs on Security

JUNE 13, 2023

today released software updates to fix dozens of security vulnerabilities in its Windows operating systems and other software. ” Top of the list on that front is CVE-2023-29357 , which is a “critical” bug in Microsoft SharePoint Server that can be exploited by an unauthenticated attacker on the same network.

Social Engineering 271

Social Engineering System Administration Authentication Internet 271

Krebs on Security

JANUARY 25, 2024

Google continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications. And by most accounts, the threat from bad ads leading to backdoored software has subsided significantly compared to a year ago. com , filezillasoft[.]com

Software 325

Software Advertising Malware Accountability 325

Krebs on Security

JULY 11, 2023

today released software updates to quash 130 security bugs in its Windows operating systems and related software, including at least five flaws that are already seeing active exploitation. Almost as soon as the patch went out, Apple pulled the software because it was reportedly causing problems loading certain websites.

Software 254

Software Malware Antivirus Ransomware 254

Schneier on Security

JANUARY 16, 2025

According to the FBI , at least 45,000 IP addresses in the US had back-and-forths with the command-and-control server since September 2023. It was that very server that allowed the FBI to finally kill this pesky bit of malicious software.

Malware 244

Malware Hacking Software 244

Krebs on Security

MARCH 15, 2023

Microsoft on Tuesday released updates to quash at least 74 security bugs in its Windows operating systems and software. The Outlook vulnerability ( CVE-2023-23397 ) affects all versions of Microsoft Outlook from 2013 to the newest.

Passwords 282

Passwords Cyber threats Authentication Internet 282

Krebs on Security

AUGUST 8, 2023

today issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including multiple zero-day vulnerabilities currently being exploited in the wild. They were assigned a single placeholder designation of CVE-2023-36884. Microsoft Corp.

Engineering 240

Engineering Accountability Passwords Software 240

Krebs on Security

DECEMBER 19, 2024

The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. According to an August 2023 report (PDF) from the U.S. co — first came online in February 2023. 2023 on the forum Cracked.

Hacking 248

Hacking Cybercrime Advertising Data breaches 248

SecureList

NOVEMBER 6, 2024

It spreads via forums posts, torrent trackers and blogs, imitating popular software like Foxit PDF Editor and AutoCAD. During our investigation, we found out that the campaign started in February 2023. These posts refer to the SteelFox dropper as an efficient way to activate a legitimate software product for free.

Software 123

Software Cryptocurrency Malware DNS 123

Tech Republic Security

MARCH 3, 2023

Many software companies rely on open-source code but lack consistency in how they measure and handle risks and vulnerabilities associated with open-source software, according to a new report. The post Top 10 open-source security and operational risks of 2023 appeared first on TechRepublic.

Risk 210

Risk Software Cybersecurity 210

The Last Watchdog

DECEMBER 12, 2023

A look back at the cybersecurity landscape in 2023 rings all-too familiar: cyber threats rapidly evolved and scaled up , just as they have, year-to-year, for the past 20 years. Eyal Benishti , CEO, IRONSCALES Benishti Generative AI (GenAI) reshaped cybersecurity in 2023. What should I be most concerned about – and focus on – in 2024?

Cybersecurity 258

Cybersecurity Social Engineering Cyber threats Software 258

Tech Republic Security

JANUARY 24, 2023

From ransomware to third-party vendor security to software-defined perimeters, these cybersecurity topics should be on IT leaders’ radar. The post 10 cybersecurity predictions for tech leaders in 2023 appeared first on TechRepublic.

Cybersecurity 203

Cybersecurity Ransomware Software 203

Security Affairs

JANUARY 21, 2025

The experts used a diagnostic software to analyze the vehicle architecture, scan the Electronic Control Unit (ECU), identify its version, and test diagnostic functions. The research combined hardware interfaces and software to communicate with the vehicle via Diagnostic Over Internet Protocol (DoIP).

Software 134

Software Architecture Media Engineering 134

SecureList

APRIL 7, 2025

Such software enjoys the trust of monitoring tools and doesn’t raise suspicions. The contents of the TCESB CSV fully match the CSV data in the EDRSandBlast version of August 13, 2022, while the original malware commit of October 6, 2023 adds lines that are missing in the TCESB resource.

Software 107

Software Encryption Malware Firmware 107

Tech Republic Security

NOVEMBER 21, 2023

Looking for a trustworthy password recovery tool? Use our guide to review our editorial picks and compare pricing, features, pros and cons.

Passwords 179

Passwords Software Password Management 179

The Last Watchdog

OCTOBER 9, 2023

This software writing principle cropped up some 50 years ago and might seem quaint in today’s era of speedy software development. What’s more, Clean Code improves security — by reinforcing “ shift left ,” the practice of testing as early as feasible in the software development lifecycle. The transformation progresses.

Software 231

Software IoT Internet Internet 231

The Hacker News

MAY 14, 2025

A cyber espionage group known as Earth Ammit has been linked to two related but distinct campaigns from 2023 to 2024 targeting various entities in Taiwan and South Korea, including military, satellite, heavy industry, media, technology, software services, and healthcare sectors.

Healthcare 101

Healthcare Media Software Technology 101

Krebs on Security

MAY 15, 2025

In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted for sale on the forum in 2023. Conor Brian Fitzpatrick , a.k.a. Image: Ke-la.com.

Healthcare 207

Healthcare Insurance Data breaches Government 207

Krebs on Security

SEPTEMBER 12, 2023

Microsoft today issued software updates to fix at least five dozen security holes in Windows and supported software, including patches for two zero-day vulnerabilities that are already being exploited. Tracked as CVE-2023-36761 , it is flagged as an “information disclosure” vulnerability.

Spyware 314

Spyware Software Surveillance Authentication 314

Security Affairs

APRIL 29, 2025

Google tracked 75 zero-day flaws exploited in 2024, down from 98 in 2023, according to its Threat Intelligence Group’s latest analysis. In 2024, Google tracked 75 exploited zero-day vulnerabilities, down from 98 in 2023 but up from 63 in 2022. In 2023, 37% of zero-day vulnerabilities targeted enterprise products.”

Surveillance 110

Surveillance Mobile Software Hacking 110

Tech Republic Security

JUNE 23, 2023

Cyber resilience, recovery and streamlined software make the list. The post Dell Technologies World 2023: Interview with Rob Emsley on data protection, recovery and more appeared first on TechRepublic. Explore what matters in data protection today.

Technology 186

Technology Software Big data Backups 186

Security Affairs

JANUARY 25, 2025

. “A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.” In February 2023, Cisco fixed a critical flaw, tracked as CVE-2023-20032(CVSS score: 9.8), in ClamAV product. Medium CSCwm89778 1.25.1 Secure Endpoint Connector for Mac 6.9

Antivirus 135

Antivirus Software Engineering Malware 135

The Last Watchdog

OCTOBER 23, 2024

INE Security advises businesses to secure their network by using firewalls, encrypting data, and regularly updating security software. The cost of ignoring such measures can be substantial, as noted in IBM’s 2023 Cost of a Data Breach Report, which found the average impact of a data breach on small businesses can exceed $3.31

Small Business 162

Small Business Data breaches Backups Passwords 162

The Last Watchdog

APRIL 18, 2023

One of the nascent security disciplines already getting a lot of buzz as RSA Conference 2023 gets ready to open next week at San Francisco’s Moscone Center is “software supply chain security,” or SSCS. True software supply chain security is about looking at the application in a holistic way just prior to deployment,” Rose observes.

Software 200

Software CISO Internet Internet 200

The Last Watchdog

JULY 11, 2023

Boston, July 7, 2023 — CybSafe, the human risk management platform, has today announced CEO Oz Alashe MBE has been named as a SecurityInfoWatch.com , Security Business and Security Technology Executive magazines’ 2023 Security Industry Innovator Award winner. We are developing intelligent software to help them.”

Cyber Risk 178

Cyber Risk Cyber threats Risk Technology 178

The Hacker News

JULY 10, 2024

A now-patched security flaw in Veeam Backup & Replication software is being exploited by a nascent ransomware operation known as EstateRansomware. Singapore-headquartered Group-IB, which discovered the threat actor in early April 2024, said the modus operandi involved the exploitation of CVE-2023-27532 (CVSS score: 7.5)

Backups 142

Backups Software Ransomware 142

Tech Republic Security

MAY 16, 2023

The post The top 6 enterprise VPN solutions to use in 2023 appeared first on TechRepublic. Enterprise VPNs are critical for connecting remote workers to company resources via reliable and secure links to foster communication and productivity. Read about six viable choices for businesses.

VPN 187

VPN Software 187

Krebs on Security

SEPTEMBER 13, 2023

11, 2023, USDoD resurfaced after a lengthy absence to leak sensitive employee data stolen from the aerospace giant Airbus , while promising to visit the same treatment on top U.S. In June 2023, the FBI seized the BreachForums domain name , but the forum has since migrated to a new domain. But on Sept. defense contractors. .”

Cybercrime 343

Cybercrime Passwords Authentication Malware 343

Tech Republic Security

APRIL 26, 2024

Refreshed software and collaboration with the security researcher community may have contributed to the 5% drop.

Software 206

Software 206

The Hacker News

AUGUST 4, 2024

The China-linked threat actor known as Evasive Panda compromised an unnamed internet service provider (ISP) to push malicious software updates to target companies in mid-2023, highlighting a new level of sophistication associated with the group.

Software 142

Software Internet Internet 142

SecureWorld News

NOVEMBER 13, 2024

The MOVEit vulnerability (CVE-2023-34362), first exploited in May 2023, allowed unauthenticated attackers to gain unauthorized access to vulnerable systems. The MOVEit data theft and extortion attacks in May 2023 impacted a significant number of individuals and organizations globally.

Data breaches 117

Data breaches Identity Theft Education Software 117

Krebs on Security

DECEMBER 4, 2024

Russia’s interior ministry last week issued a statement saying a 32-year-old hacker had been charged with violating domestic laws against the creation and use of malicious software. The announcement didn’t name the accused, but the Russian state news agency RIA Novosti cited anonymous sources saying the man detained is Matveev.

Cybercrime 250

Cybercrime Ransomware Cryptocurrency Government 250

Adam Shostack

JANUARY 2, 2025

External changes will be driving appsec in 2023. 2023 brings new challenges and new opportunities for software companies, and all companies are now software companies. Over the next few years, you should expect regulation to cover more software more stringently. Its the measure twice, cut once of software.

Engineering 130

Engineering Software Architecture Manufacturing 130

SecureList

APRIL 23, 2025

We have been tracking the latest attack campaign by the Lazarus group since last November, as it targeted organizations in South Korea with a sophisticated combination of a watering hole strategy and vulnerability exploitation within South Korean software. We found that the malware was running in the memory of a legitimate SyncHost.

Malware 144

Malware Software Encryption Internet 144