Penetration Testing

OCTOBER 20, 2024

The vulnerability, tracked as CVE-2024-30090 and assigned a CVSS score of 7.0, could... The post Microsoft Windows Flaw: CVE-2024-30090 PoC Exploit Published, Posing SYSTEM Privilege Threat appeared first on Cybersecurity News.

Cybersecurity 144

Cybersecurity 144

Penetration Testing

OCTOBER 23, 2024

Fortinet has issued a security advisory for its FortiManager platform, addressing a critical vulnerability—CVE-2024-47575—which has been actively exploited in the wild. arises from a... The post Fortinet Warns of Actively Exploited Flaw in FortiManager: CVE-2024-47575 (CVSS 9.8) This vulnerability, rated at CVSS 9.8,

Cybersecurity 132

Cybersecurity 132

Security Affairs

NOVEMBER 12, 2024

Microsoft Patch Tuesday security updates for November 2024 addressed 89 vulnerabilities, including two actively exploited zero-day flaws. CVE-2024-49039 : A Windows Task Scheduler privilege escalation flaw allows AppContainer escape, enabling low-privileged users to run code at Medium integrity. Immediate patching is recommended.

Internet 127

Internet Internet Hacking Data breaches 127

Penetration Testing

DECEMBER 10, 2024

The update, rolling out progressively to Windows, Mac, and Linux... The post Google Chrome Patches High-Severity Vulnerabilities – CVE-2024-12381 & CVE-2024-12382 appeared first on Cybersecurity News.

Cybersecurity 127

Cybersecurity 127

Penetration Testing

DECEMBER 8, 2024

A critical use-after-free vulnerability, identified as CVE-2024-38193, has been discovered in the afd.sys Windows driver. poses a significant threat to Windows systems,... The post Windows Zero-Day Vulnerability CVE-2024-38193 Exploited in the Wild: PoC Published appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

Penetration Testing

NOVEMBER 14, 2024

A critical security vulnerability, CVE-2024-52301, has been identified in the Laravel framework, a popular web application framework known for its elegant syntax and comprehensive toolset for building robust applications.

Cybersecurity 145

Cybersecurity 145

Penetration Testing

OCTOBER 30, 2024

ServiceNow, a leading cloud-based enterprise platform, has recently addressed two significant vulnerabilities, CVE-2024-8923 and CVE-2024-8924, which posed serious risks to organizations using its Now Platform. appeared first on Cybersecurity News.

Risk 141

Risk Cybersecurity 141

Penetration Testing

NOVEMBER 19, 2024

CVE-2024-47533 exposes Cobbler servers to unauthorized access and control, enabling attackers to manipulate system configurations.

Cybersecurity 132

Cybersecurity 132

Penetration Testing

DECEMBER 22, 2024

The Apache Software Foundation recently released a critical security update to address a remote code execution (RCE) vulnerability in Apache Tomcat, identified as CVE-2024-56337.

Software 141

Software Cybersecurity 141

Penetration Testing

OCTOBER 30, 2024

In a thrilling showdown at the recent Pwn2Own Ireland 2024 hacking competition, white hat hackers YingMuo (@YingMuo), in collaboration with the DEVCORE Internship Program, successfully exploited a critical zero-day vulnerability... The post CVE-2024-50387: Critical QNAP Flaw Exploited in Hacking Contest, Patch Now!

Hacking 127

Hacking Cybersecurity 127

Security Affairs

OCTOBER 22, 2024

VMware failed to fully address a remote code execution flaw, tracked as CVE-2024-38812 (CVSS score: 9.8), in its vCenter Server platform. In September, Broadcom released security updates to the vulnerability CVE-2024-38812. During the 2024 Matrix Cup hacking contest in China, zbl & srs of team TZL demonstrated the vulnerability.

Hacking 141

Hacking Government Software Information Security 141

Penetration Testing

NOVEMBER 7, 2024

Veeam recently disclosed a new security vulnerability, tracked as CVE-2024-40715, that impacts Veeam Backup Enterprise Manager. this flaw is classified as a high-severity vulnerability,... The post CVE-2024-40715: Authentication Bypass Threat in Veeam Backup Enterprise Manager appeared first on Cybersecurity News.

Backups 118

Backups Authentication Cybersecurity 118

Penetration Testing

DECEMBER 31, 2024

A security researcher published a proof-of-concept (PoC) exploit for CVE-2024-21182, a critical vulnerability in Oracle WebLogic Server. Rated at CVSS 7.5,

Cybersecurity 119

Cybersecurity 119

Penetration Testing

NOVEMBER 11, 2024

A newly discovered security vulnerability, CVE-2024-47295, affecting multiple SEIKO EPSON products, could allow attackers to take control of devices with administrative privileges.

Risk 123

Risk Passwords Cybersecurity 123

Penetration Testing

DECEMBER 3, 2024

One of these... The post CVE-2024-42448 (CVSS 9.9): Critical RCE Vulnerability in Veeam VSPC appeared first on Cybersecurity News. Veeam Software, a prominent provider of backup and disaster recovery solutions, has released urgent security updates to address two critical vulnerabilities in its Service Provider Console (VSPC).

Backups 137

Backups Software Cybersecurity 137

Penetration Testing

NOVEMBER 15, 2024

A critical vulnerability (CVE-2024-49369) has been discovered in Icinga 2, a... The post CVE-2024-49369 (CVSS 9.8): Critical Flaw in Icinga 2 Allows for Impersonation and RCE appeared first on Cybersecurity News.

Cybersecurity 129

Cybersecurity 129

Penetration Testing

NOVEMBER 25, 2024

The vulnerability, identified as... The post Palo Alto Networks Warns of GlobalProtect App Flaw with Public Exploit Code (CVE-2024-5921) appeared first on Cybersecurity News.

Software 137

Software Cybersecurity 137

SecureList

MARCH 3, 2025

The statistics for previous years may differ from earlier publications due to a data and methodology revision implemented in 2024. The year in figures According to Kaspersky Security Network, in 2024: A total of 33.3 The year’s trends In 2024, cybercriminals launched a monthly average of 2.8 A total of 1.1

Mobile 116

Mobile Malware Adware Banking 116

The Last Watchdog

DECEMBER 5, 2024

5, 2024, CyberNewswire — One Identity proudly announces it has been named a winner in the Hot Company: Privileged Access Management (PAM) category in the 12th annual Cyber Defense Awards by Cyber Defense Magazine (CDM), the industrys leading information security magazine. Alisa Viejo, Calif.,

InfoSec 130

InfoSec Cyber Risk CISO Cybersecurity 130

SecureList

NOVEMBER 28, 2024

This is our latest roundup, covering activity we observed during Q3 2024. Earlier in 2024, a secure USB drive was found to be compromised and malicious code was injected into the access management software installed on the USB drive. After that, we did not observe any new activity related to this actor until mid-July 2024.

Malware 118

Malware Government Software Spyware 118

Google Security

MARCH 7, 2025

Posted by Dirk Ghmann In 2024, our Vulnerability Reward Program confirmed the ongoing value of engaging with the security research community to make Google and its products safer. Chrome Chrome did some remodeling in 2024 as we updated our reward amounts and structure to incentivize deeper research. million in total.

Mobile 100

Mobile Hacking Engineering Technology 100

Security Boulevard

FEBRUARY 7, 2025

Law enforcement actions, better defenses, and a refusal by victims to pay helped to reduce the amount of ransoms paid in 2024 by $35%, a sharp decline from the record $1.25 The post Ransom Payments Fell 35% in 2024 After LockBit, BlackCat Takedowns appeared first on Security Boulevard.

Mobile 113

Mobile Ransomware Malware Cybersecurity 113

Security Affairs

MARCH 10, 2025

Threat actors exploit PHP flaw CVE-2024-4577 for remote code execution. GreyNoise researchers warn of a large-scale exploitation of a critical vulnerability, tracked as CVE-2024-4577 (CVSS 9.8), in PHP. The flaw CVE-2024-4577 (CVSS score: 9.8) Over 1,000 attacks detected globally. is a PHP-CGI OS Command Injection Vulnerability.

DDOS 92

DDOS Security Intelligence Malware Hacking 92

Adam Shostack

JANUARY 2, 2025

The most important stories around threat modeling, appsec and secure by design for June, 2024.

Scams 130

Scams Mobile Engineering Software 130

Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. ” reads the report published by Microsoft Threat Intelligence. “Microsoft assesses with medium confidence that Storm-2372 aligns with Russian interests, victimology, and tradecraft.”

Phishing 113

Phishing Authentication Telecommunications Accountability 113

Schneier on Security

MARCH 25, 2025

This person received an Apple threat notification in November 2024, but no WhatsApp notification. Our analysis showed an attempt to infect the device with novel spyware in June 2024. We shared details with Apple, who confirmed they had patched the attack in iOS 18. Other Surveillance Tech Deployed Against The Same Italian Cluster.

Spyware 223

Spyware Surveillance Technology 223

Security Affairs

JANUARY 15, 2025

Microsoft disclosed details of a now-patched macOS flaw, tracked as CVE-2024-44243 (CVSS score: 5.5), that allows attackers with “root” access to bypass System Integrity Protection ( SIP ). SIP in macOS safeguards the system by blocking the execution of unauthorized code.

Malware 107

Malware Hacking Information Security 107

Krebs on Security

OCTOBER 30, 2024

Change Healthcare says it has notified approximately 100 million Americans that their personal, financial and healthcare records may have been stolen in a February 2024 ransomware attack that caused the largest ever known data breach of protected health information. A post about the Change breach from RansomHub on April 8, 2024.

Healthcare 294

Healthcare Insurance Computers and Electronics Data breaches 294

Adam Shostack

JANUARY 2, 2025

If you say liability three times, it appears! Secure by Design, threat modeling and appsec Loren Kohnfelder wrote a longish, excellent post Flaunt your threat models. Weve been talking about this, and I think flaunting models at the level of the one released by Curl make so much sense its hard to see why its not standard.

Manufacturing 130

Manufacturing Data breaches Software Cybersecurity 130

Krebs on Security

DECEMBER 3, 2024

Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as.shop ,top ,xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds.

Cybercrime 283

Cybercrime Phishing Accountability Internet 283

Krebs on Security

DECEMBER 29, 2024

Maybe it’s indelicate to celebrate the birthday of a cybercrime blog that mostly publishes bad news, but happily many of 2024’s most engrossing security stories were about bad things happening to bad guys. In case you missed any of them, here’s a recap of 2024’s most-read stories.

Scams 222

Scams Cybercrime Cryptocurrency Social Engineering 222

Adam Shostack

JANUARY 2, 2025

A less busy month in appsec, AI, and regulation, but still interesting stories Im going to kick off with two interesting engineering stories. First, the Washington Post reports on how Officials studied Baltimore bridge risks but didnt prepare for ship strike that discusses the challenges of securing bridges against modern cargo ships.

Engineering 130

Engineering Software Cybersecurity Risk 130

Adam Shostack

JANUARY 2, 2025

A busy month in appsec, AI, and regulation. Breaking: Alec Muffett reports that Ross Anderson has passed away. Ross was a giant of the field and Im shocked. Regulation The White House released a report on memory safe languages. Stop, read those words again. Press release , technical report.)

Software 130

Software Advertising Hacking 130

Krebs on Security

FEBRUARY 11, 2025

Tenable senior staff research engineer Satnam Narang noted that since 2022, there have been nine elevation of privilege vulnerabilities in this same Windows component — three each year — including one in 2024 that was exploited in the wild as a zero day (CVE-2024-38193).

Artificial Intelligence 197

Artificial Intelligence Engineering Software Internet 197

Security Affairs

JANUARY 23, 2025

A CISA and FBI published a joint advisory warning that Chinese hackers exploited four Ivanti flaws ( CVE-2024-8963 , CVE-2024-9379 , CVE-2024-8190 , CVE-2024-9380 ) to achieve remote code execution, steal credentials, and deploy webshells. In one confirmed compromise, the actors moved laterally to two servers.”

Hacking 116

Hacking Government Cybersecurity Information Security 116

Malwarebytes

NOVEMBER 6, 2024

If your Android phone shows patch level 2024-11-05 or later then the issues discussed below have been fixed. The CVEs that look the most important are: CVE-2024-43047 : a high-severity use-after-free issue in closed-source Qualcomm components within the Android kernel that elevates privileges.

Encryption 136

Encryption Mobile Technology Software 136

Krebs on Security

MARCH 14, 2025

In November 2024, KrebsOnSecurity reported that hundreds of hotels that use booking.com had been subject to targeted phishing attacks. An alert (PDF) released in October 2024 by the U.S. Some of those lures worked, and allowed thieves to gain control over booking.com accounts.

Phishing 269

Phishing Malware Scams Passwords 269