Security Affairs

APRIL 6, 2024

Shadowserver researchers reported that roughly 16,500 Ivanti Connect Secure and Poly Secure gateways are vulnerable to the recently reported RCE flaw CVE-2024-21894. The flaw CVE-2024-21894 (CVSS score 8.2) is a heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x,

VPN 116

VPN Internet Internet Hacking 116

Security Affairs

FEBRUARY 14, 2024

Zoom addressed seven vulnerabilities in its desktop and mobile applications, including a critical flaw (CVE-2024-24691) affecting the Windows software. The vulnerability CVE-2024-24691 is an improper input validation bug that could be exploited by an attacker with network access to escalate privileges. ” reads the advisory.

Software 126

Software Authentication Mobile Hacking 126

Security Affairs

MAY 14, 2024

VMware fixed four flaws in its Workstation and Fusion desktop hypervisors, including three zero-days exploited at the Pwn2Own Vancouver 2024 VMware addressed four vulnerabilities in its Workstation and Fusion desktop hypervisors, including three zero-day flaws demonstrated at the Pwn2Own Vancouver 2024. ” reads the advisory. .

61

61

Security Affairs

APRIL 26, 2024

Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks targeting the critical severity vulnerability CVE-2024-4040. CVE-2024-4040 is a CrushFTP VFS sandbox escape vulnerability.

Internet 96

Internet Internet Software Hacking 96

Security Affairs

JANUARY 28, 2024

Multiple proof-of-concept (PoC) exploits for recently disclosed critical Jenkins vulnerability CVE-2024-23897 have been released. Researchers warn that several proof-of-concept (PoC) exploits targeting the recently disclosed critical Jenkins vulnerability, CVE-2024-23897 , have been made public.

Authentication 129

Authentication Internet Internet Hacking 129

Security Affairs

FEBRUARY 14, 2024

Microsoft Patch Tuesday security updates for February 2024 addressed 72 flaws, two of which are actively exploited in the wild. Microsoft Patch Tuesday security updates for February 2024 resolved a total of 72 vulnerabilities, including two actively exploited zero-days.

Information Security 119

Information Security Internet Internet Ransomware 119

Security Affairs

MARCH 12, 2024

Microsoft Patch Tuesday security updates for March 2024 addressed 59 security vulnerabilities in its products, including RCE flaws. Microsoft released Patch Tuesday security updates for March 2023 that address 59 security vulnerabilities in its products. The company also fixed five additional Chromium flaws.

Internet 118

Internet Internet Authentication Hacking 118

Security Affairs

JANUARY 22, 2024

Apple released security updates to address a zero-day vulnerability, tracked as CVE-2024-23222, that impacts iPhones, Macs, and Apple TVs. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking , CVE-2024-23222) The issue is actively exploited in the wild.

Hacking 120

Hacking Information Security 120

Security Affairs

JANUARY 16, 2024

Google has released security updates to address the first Chrome zero-day vulnerability of the year that is actively being exploited in the wild. The high-serverity vulnerability, tracked as CVE-2024-0519 , is an out of bounds memory access in the Chrome JavaScript engine. The flaw was reported by Anonymous on January 11, 2024.

Engineering 118

Engineering Hacking Information Security 118

Security Affairs

MAY 11, 2024

The threat actor IntelBroker announced on the cybercrime forum Breach the hack of the European law enforcement agency Europol. “In May 2024, Europol suffered a data breach and lead to the exposure of FOUO and classified data.” Thanks for reading, enjoy!” ” announced the hacker.

Hacking 100

Hacking Data breaches Cybercrime Cryptocurrency 100

Security Affairs

FEBRUARY 20, 2024

Researchers from Shadowserver Foundation identified roughly 28,000 internet-facing Microsoft Exchange servers vulnerable to CVE-2024-21410. The IT giant addressed the issue with the release of Patch Tuesday security updates for February 2024. Out of 97,000 servers, 28,500 have been verified to be vulnerable to CVE-2024-21410.

Authentication 126

Authentication Internet Internet Ransomware 126

Security Affairs

JANUARY 9, 2024

Microsoft Patch Tuesday security updates for January 2024 addressed a total of 49 flaws, including two critical vulnerabilities. The critical vulnerabilities are: CVE-2024-20700 – Windows Hyper-V Remote Code Execution Vulnerability. CVE-2024-20674 – Windows Kerberos Security Feature Bypass Vulnerability.

Authentication 117

Authentication Internet Internet Hacking 117

Security Affairs

FEBRUARY 28, 2024

VIPRE Security Group’s latest report, “Email Security in 2024: An Expert Insight into Email Threats,” delves into the cutting-edge tactics and technologies embraced by cybercriminals this year. Key Findings from the “Email Security in 2024” Report In an exhaustive review, VIPRE processed 7.2

Phishing 122

Phishing Identity Theft Scams Malware 122

Security Affairs

DECEMBER 26, 2023

Cybersecurity company Resecurity has published the 2024 Cyber Threat Landscape Forecast. Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 100 and government agencies worldwide, has compiled a comprehensive forecast outlining the imminent threats and novel security challenges anticipated in the upcoming year.

Cyber threats 119

Cyber threats Energy and Utilities Artificial Intelligence Cyber Attacks 119

Security Affairs

APRIL 2, 2024

Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer Andres Freund discovered a backdoor issue in the latest versions of the “xz” tools and libraries. The vulnerability was tracked as CVE-2024-3094 and received a CVSS score of 10.

Firmware 120

Firmware Authentication Engineering Hacking 120

Security Affairs

MAY 10, 2024

Google this week released security updates to address a zero-day flaw, tracked as CVE-2024-467, in Chrome browser. The flaw was reported by an anonymous researcher on May 7, 2024. “Google is aware that an exploit for CVE-2024-4671 exists in the wild.” ” reads the advisory published by Google. .

Engineering 115

Engineering Hacking Information Security 115

Security Affairs

JANUARY 4, 2024

The X account of cybersecurity giant Mandiant was hacked, attackers used it to impersonate the Phantom crypto wallet and push a cryptocurrency scam. Crooks hacked the X account of cybersecurity firm Mandiant and used it to impersonate the Phantom crypto platform and share a cryptocurrency scam.

Scams 110

Scams Cryptocurrency Accountability Hacking 110

Security Affairs

APRIL 9, 2024

December 14, 2023: Vendor requests extension March 22, 2024: Patch release April 09, 2024: Public release of this report Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking, smart TVs) running on LG43UM7000PLA webOS 5.5.0 – 04.50.51

Hacking 127

Hacking Internet Internet Authentication 127

Security Affairs

FEBRUARY 26, 2024

Recently the leak of a collection of files apparently stolen from the Chinese government hacking contractor, I-Soon, exposed Chinese hacking capabilities. Recently someone has leaked on GitHub [ 1 , 2 ] a collection of files apparently stolen from the Chinese hacking firm, I-Soon.

Hacking 111

Hacking Government Spyware Marketing 111

Security Affairs

JANUARY 24, 2024

Researchers with cybersecurity firm Horizon3’s Attack Team published technical details of the recently disclosed vulnerability CVE-2024-0204 impacting Fortra GoAnywhere MFT. The security experts also published a proof-of-concept (PoC) exploit that allows the creation of new admin users on vulnerable instances exposed online.

Authentication 115

Authentication Hacking Engineering Encryption 115

Security Affairs

DECEMBER 27, 2023

Elections are scheduled in several countries worldwide in 2024, with potential geopolitical implications. The 2024 European Union elections face threats from content generated through these platforms. Key events include the European Parliament elections in June, the U.S.

Artificial Intelligence 120

Artificial Intelligence Media Government Technology 120

Security Affairs

JANUARY 10, 2024

Cisco addressed a critical Unity Connection security flaw that can be exploited by an unauthenticated attacker to get root privileges. Cisco has addressed a critical flaw, tracked as CVE-2024-20272, in its Unity Connection that can be exploited by a remote, unauthenticated attacker to gain root privileges on vulnerable devices.

Authentication 115

Authentication Hacking Software Information Security 115

Security Affairs

FEBRUARY 26, 2024

The popular hacker IntelBroker announced that it had hacked the Los Angeles International Airport by exploiting a flaw in one of its CRM systems. The security breach did not impact travelers. Follow me on Twitter: @securityaffairs and Facebook Pierluigi Paganini ( SecurityAffairs – hacking, LA International Airport)

Hacking 121

Hacking Data breaches Cybercrime Information Security 121

Security Affairs

APRIL 3, 2024

Google fixed another Chrome zero-day vulnerability exploited during the Pwn2Own hacking competition in March. Google has addressed another zero-day vulnerability in the Chrome browser, tracked as CVE-2024-3159, that was exploited during the Pwn2Own hacking competition in March, 2024.

Hacking 120

Hacking Engineering Network Security Information Security 120

Security Affairs

MARCH 13, 2024

Acer Philippines disclosed a data breach after employee data was leaked by a threat actor on a hacking forum. In our commitment to full transparency, we wish to inform you of a recent security incident involving a third-party vendor managing employee attendance data.

Data breaches 112

Data breaches Computers and Electronics Hacking Cybercrime 112

Security Affairs

NOVEMBER 14, 2023

Resecurity uncovered several episodes of attacks against nuclear operators – area of major concern for national security.

Ransomware 113

Ransomware Cyber threats Government Hacking 113

Security Affairs

APRIL 14, 2024

A threat actor claimed the hack of the Canadian retail chain Giant Tiger and leaked 2.8 A threat actor, who goes online with the moniker ShopifyGUY, claimed responsibility for hacking the Canadian retail chain Giant Tiger and leaked 2.8 million records on a hacker forum. million records on a hacker forum. million clients.

Retail 123

Retail Data breaches Hacking Cybercrime 123

Security Affairs

MARCH 30, 2024

The German Federal Office for Information Security (BSI) warned of thousands of Microsoft Exchange servers in the country vulnerable to critical flaws. The IT giant addressed the issue with the release of Patch Tuesday security updates for February 2024. In February 2024, the U.S.

Information Security 113

Information Security Internet Internet Healthcare 113

Security Affairs

MAY 13, 2024

The issue impacts older iPhone devices, it is tracked as CVE-2024-23296 and is a memory corruption flaw in the RTKit. The company also addressed a logic issue, tracked as CVE-2024-27789, in the Foundation framework. “An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections.”

Hacking 103

Hacking Information Security 103

Security Affairs

APRIL 28, 2024

The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0 The following vulnerabilities, discovered by the security researcher Pierre Barre , impact all versions up to 2.3.0 Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker.

Firewall 110

Firewall Authentication Architecture Backups 110

Security Affairs

MAY 14, 2024

Google has released emergency security updates to address a high-severity zero-day vulnerability vulnerability, tracked as CVE-2024-4761, in the Chrome browser. “CVE-2024-4761: Out of bounds write in V8. Reported by Anonymous on 2024-05-09″ reads the advisory. 208 for Mac/Windows and 124.0.6367.207 for Linux.

Engineering 68

Engineering Hacking Information Security 68

BH Consulting

MARCH 21, 2024

Returning to the healthcare space, the Irish Pharmacy Union has a guide to avoiding ransomware, produced by BH Consulting’s information security consultant Brendan Mooney. Links we liked Say it with a headline: “We hacked Google A.I. Sign up here The post Security Roundup March 2024 appeared first on BH Consulting.

Cyber threats 69

Cyber threats Ransomware Healthcare Risk 69

Security Affairs

APRIL 29, 2024

FBCS, a third-party debt collection agency, collects personal information from its clients to facilitate debt collection activities on behalf of those clients. According to the agency, compromised information may include names, dates of birth, Social Security numbers, and account information.

Data breaches 109

Data breaches Hacking Accountability Cybercrime 109

Security Affairs

APRIL 3, 2024

Two issues fixed by the IT giant, tracked as CVE-2024-29745 and CVE-2024-29748, are actively exploited in the wild. “The most severe of these issues is a high security vulnerability in the System component that could lead to local escalation of privilege with no additional execution privileges needed.”

Spyware 110

Spyware Firmware Hacking Information Security 110

Security Affairs

FEBRUARY 15, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the following two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-21412 Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability CVE-2024-21351 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability This week.

Internet 112

Internet Internet Information Security Hacking 112

Security Affairs

APRIL 11, 2024

The flaw CVE-2024-3272 is a Command Injection Vulnerability impacting D-Link Multiple NAS Devices. Chaining CVE-2024-3272 and CVE-2024-3273 an attacker can achieve remote, unauthorized code execution. CISA orders federal agencies to fix this vulnerability by May 2, 2024.

DNS 117

DNS Authentication Hacking Cybersecurity 117

Security Affairs

APRIL 2, 2024

Threat actors claimed the hack of the PandaBuy online shopping platform and leaked data belonging to more than 1.3 At least two threat actors claimed the hack of the PandaBuy online shopping platform and leaked data of more than 1.3 million customers. million customers on a cybercrime forum.

Data breaches 125

Data breaches Cybercrime Hacking Information Security 125