Security Affairs

APRIL 26, 2024

Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks targeting the critical severity vulnerability CVE-2024-4040. CVE-2024-4040 is a CrushFTP VFS sandbox escape vulnerability.

Internet 86

Internet Internet Software Hacking 86

Security Affairs

MARCH 9, 2024

Researchers warn that the critical vulnerability CVE-2024-21762 in Fortinet FortiOS could potentially impact 150,000 exposed devices. In February, Fortinet warned that the critical remote code execution vulnerability CVE-2024-21762 (CVSS score 9.6) in FortiOS SSL VPN was actively exploited in attacks in the wild.

Internet 140

Internet Internet VPN Engineering 140

Security Affairs

MARCH 22, 2024

Pwn2Own Vancouver 2024 hacking competition has ended, and participants earned $1,132,500 for demonstrating 29 unique zero-days. Trend Micro’s Zero Day Initiative (ZDI) announced that participants earned $1,132,500 on the Pwn2Own Vancouver 2024 hacking competition for demonstrating 29 unique zero-days.

Hacking 132

Hacking Information Security 132

Security Affairs

APRIL 6, 2024

Shadowserver researchers reported that roughly 16,500 Ivanti Connect Secure and Poly Secure gateways are vulnerable to the recently reported RCE flaw CVE-2024-21894. The flaw CVE-2024-21894 (CVSS score 8.2) is a heap overflow vulnerability in IPSec component of Ivanti Connect Secure (9.x,

VPN 118

VPN Internet Internet Hacking 118

Security Affairs

JANUARY 28, 2024

Multiple proof-of-concept (PoC) exploits for recently disclosed critical Jenkins vulnerability CVE-2024-23897 have been released. Researchers warn that several proof-of-concept (PoC) exploits targeting the recently disclosed critical Jenkins vulnerability, CVE-2024-23897 , have been made public. Exploits are already available.

Authentication 131

Authentication Internet Internet Hacking 131

Security Affairs

FEBRUARY 20, 2024

Researchers from Shadowserver Foundation identified roughly 28,000 internet-facing Microsoft Exchange servers vulnerable to CVE-2024-21410. The IT giant addressed the issue with the release of Patch Tuesday security updates for February 2024. Out of 97,000 servers, 28,500 have been verified to be vulnerable to CVE-2024-21410.

Authentication 128

Authentication Internet Internet Ransomware 128

Security Affairs

MARCH 21, 2024

Participants earned $732,500 on the first day of the Pwn2Own Vancouver 2024 hacking competition, a team demonstrated a Tesla hack. Participants earned $732,000 on the first day of the Pwn2Own Vancouver 2024 hacking competition for demonstrating 19 unique zero-days, announced Trend Micro’s Zero Day Initiative (ZDI).

Hacking 119

Hacking Engineering Software Information Security 119

Security Affairs

JANUARY 26, 2024

Researchers hacked the Tesla infotainment system and found 24 zero-days on day 2 of Pwn2Own Automotive 2024 hacking competition. White hat hackers from the Synacktiv Team ( @Synacktiv ) compromised the Tesla infotainment system on the second day of the Pwn2Own Automotive 2024 hacking competition. The team earned $35,000 for this hack.

Hacking 120

Hacking Information Security 120

Heimadal Security

APRIL 3, 2024

This document provides a structured approach to establishing and maintaining robust information security measures, tailored to meet the specific needs of each organization while complying with relevant legal and federal guidelines.

Information Security 75

Information Security 75

Security Affairs

MARCH 12, 2024

Microsoft Patch Tuesday security updates for March 2024 addressed 59 security vulnerabilities in its products, including RCE flaws. Microsoft released Patch Tuesday security updates for March 2023 that address 59 security vulnerabilities in its products. The company also fixed five additional Chromium flaws.

Internet 121

Internet Internet Authentication Hacking 121

Security Affairs

FEBRUARY 28, 2024

VIPRE Security Group’s latest report, “Email Security in 2024: An Expert Insight into Email Threats,” delves into the cutting-edge tactics and technologies embraced by cybercriminals this year. Key Findings from the “Email Security in 2024” Report In an exhaustive review, VIPRE processed 7.2

Phishing 124

Phishing Identity Theft Scams Malware 124

Security Affairs

JANUARY 22, 2024

Apple released security updates to address a zero-day vulnerability, tracked as CVE-2024-23222, that impacts iPhones, Macs, and Apple TVs. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs – hacking , CVE-2024-23222) The issue is actively exploited in the wild.

Hacking 123

Hacking Information Security 123

Security Affairs

JANUARY 16, 2024

Google has released security updates to address the first Chrome zero-day vulnerability of the year that is actively being exploited in the wild. The high-serverity vulnerability, tracked as CVE-2024-0519 , is an out of bounds memory access in the Chrome JavaScript engine. The flaw was reported by Anonymous on January 11, 2024.

Engineering 122

Engineering Hacking Information Security 122

Security Affairs

DECEMBER 26, 2023

Cybersecurity company Resecurity has published the 2024 Cyber Threat Landscape Forecast. Resecurity, a Los Angeles-based cybersecurity company protecting Fortune 100 and government agencies worldwide, has compiled a comprehensive forecast outlining the imminent threats and novel security challenges anticipated in the upcoming year.

Cyber threats 123

Cyber threats Energy and Utilities Artificial Intelligence Cyber Attacks 123

Security Affairs

APRIL 2, 2024

Researchers from the firmware security firm Binarly released a free online scanner to detect the CVE-2024-3094 Backdoor Last week, Microsoft engineer Andres Freund discovered a backdoor issue in the latest versions of the “xz” tools and libraries. The vulnerability was tracked as CVE-2024-3094 and received a CVSS score of 10.

Firmware 121

Firmware Authentication Engineering Hacking 121

Security Affairs

JANUARY 9, 2024

Microsoft Patch Tuesday security updates for January 2024 addressed a total of 49 flaws, including two critical vulnerabilities. The critical vulnerabilities are: CVE-2024-20700 – Windows Hyper-V Remote Code Execution Vulnerability. CVE-2024-20674 – Windows Kerberos Security Feature Bypass Vulnerability.

Authentication 119

Authentication Internet Internet Hacking 119

Tech Republic Security

APRIL 11, 2024

Find the best open-source password managers to keep your sensitive information secure and easily accessible. Explore top options for protecting your passwords.

Password Management 149

Password Management Passwords Information Security 149

Security Boulevard

MARCH 25, 2024

The event focused on addressing the increasingly complex cybersecurity environment influenced by AI technologies, gathering globally renowned information security vendors and experts to discuss new trends and models driven by AI in cybersecurity.

Cybersecurity 61

Cybersecurity Cyber Attacks Technology Information Security 61

Security Boulevard

JANUARY 11, 2024

By: Gary Perkins, Chief Information Security Officer Welcome to 2024! A new year brings new change, so why not start 2024 with a rapid IT and security hygiene check? If you don’t know the answer, it’s […] The post Back to the Basics: Security Must-Haves for 2024, Part I appeared first on CISO Global.

CISO 57

CISO Information Security 57

Security Affairs

DECEMBER 27, 2023

Elections are scheduled in several countries worldwide in 2024, with potential geopolitical implications. The 2024 European Union elections face threats from content generated through these platforms. Key events include the European Parliament elections in June, the U.S.

Artificial Intelligence 124

Artificial Intelligence Media Government Technology 124

Security Boulevard

DECEMBER 24, 2023

In addition, we give credit to Scott for […] The post The Year in Review and 2024 Predictions appeared first on Shared Security Podcast. The post The Year in Review and 2024 Predictions appeared first on Security Boulevard.

Ransomware 61

Ransomware Data privacy Technology InfoSec 61

Security Boulevard

DECEMBER 7, 2023

From the security challenges derived from the rise of artificial intelligence (AI) to the increasing legal liabilities placed on Chief Information Security Officers (CISOs), 2023 has been a busy year for the CISO community – and 2024 shows no signs of slowing down.

CISO 57

CISO Artificial Intelligence Information Security 57

Security Affairs

JANUARY 24, 2024

Researchers with cybersecurity firm Horizon3’s Attack Team published technical details of the recently disclosed vulnerability CVE-2024-0204 impacting Fortra GoAnywhere MFT. The security experts also published a proof-of-concept (PoC) exploit that allows the creation of new admin users on vulnerable instances exposed online.

Authentication 119

Authentication Hacking Engineering Encryption 119

Security Affairs

JANUARY 10, 2024

Cisco addressed a critical Unity Connection security flaw that can be exploited by an unauthenticated attacker to get root privileges. Cisco has addressed a critical flaw, tracked as CVE-2024-20272, in its Unity Connection that can be exploited by a remote, unauthenticated attacker to gain root privileges on vulnerable devices.

Authentication 120

Authentication Hacking Software Information Security 120

Thales Cloud Protection & Licensing

APRIL 24, 2024

Stronger Together: Join Thales & Imperva at RSA Conference 2024 Where the World Talks Security madhav Thu, 04/25/2024 - 05:17 In today’s increasingly connected and digital world, the cybersecurity industry stands as a bastion against a relentless tide of threats.

Telecommunications 62

Telecommunications Digital transformation Software Technology 62

BH Consulting

MARCH 21, 2024

Returning to the healthcare space, the Irish Pharmacy Union has a guide to avoiding ransomware, produced by BH Consulting’s information security consultant Brendan Mooney. Sign up here The post Security Roundup March 2024 appeared first on BH Consulting. MORE Have you signed up to our monthly newsletter?

Cyber threats 69

Cyber threats Ransomware Healthcare Risk 69

Security Affairs

NOVEMBER 14, 2023

Resecurity uncovered several episodes of attacks against nuclear operators – area of major concern for national security.

Ransomware 119

Ransomware Cyber threats Government Hacking 119

Security Affairs

MARCH 30, 2024

The German Federal Office for Information Security (BSI) warned of thousands of Microsoft Exchange servers in the country vulnerable to critical flaws. The IT giant addressed the issue with the release of Patch Tuesday security updates for February 2024. In February 2024, the U.S.

Information Security 118

Information Security Internet Internet Healthcare 118

Security Affairs

APRIL 3, 2024

Google has addressed another zero-day vulnerability in the Chrome browser, tracked as CVE-2024-3159, that was exploited during the Pwn2Own hacking competition in March, 2024. The vulnerability CVE-2024-3159 is an out of bounds memory access in V8 JavaScript engine. The flaw was reported by Anonymous on January 11, 2024.

Hacking 121

Hacking Engineering Network Security Information Security 121

Security Affairs

FEBRUARY 15, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the following two vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-21412 Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability CVE-2024-21351 Microsoft Windows SmartScreen Security Feature Bypass Vulnerability This week.

Internet 117

Internet Internet Information Security Hacking 117

Security Affairs

APRIL 25, 2024

Early in 2024, a customer contacted Cisco to report a suspicious related to its Cisco Adaptive Security Appliances (ASA). On April 19, 2024, CrushFTP advised of a virtual file system escape present in their FTP software that could allows users to download system files. reads a post published by Crowdstrike on Reddit.

VPN 117

VPN Software Firewall Authentication 117

Security Affairs

APRIL 3, 2024

Two issues fixed by the IT giant, tracked as CVE-2024-29745 and CVE-2024-29748, are actively exploited in the wild. “The most severe of these issues is a high security vulnerability in the System component that could lead to local escalation of privilege with no additional execution privileges needed.”

Spyware 116

Spyware Firmware Hacking Information Security 116

Security Affairs

FEBRUARY 18, 2024

Critical 02/06/2024 02/06/2024 SolarWinds Access Rights Manager (ARM) 2023.2.3 SolarWinds Access Rights Manager (ARM) Directory Traversal Remote Code Execution Vulnerability CVE-2024-23476 9.6 Critical 02/06/2024 02/06/2024 SolarWinds Access Rights Manager (ARM) 2023.2.3 CVE-2024-23476 (CVSS score 9.6)

Cyber Attacks 129

Cyber Attacks Software Authentication Hacking 129

Security Affairs

APRIL 21, 2024

One of these vulnerabilities is a critical issue, tracked as CVE-2024-28890 (CVSS v3: 9.8) “A remote attacker may obtain sensitive information by accessing files on the server, alter the site that uses the plugin and cause a denial-of-service (DoS) condition (CVE-2024-28890)” read the security bulletin published by the JPCERT. .

Cyber Attacks 113

Cyber Attacks Hacking Information Security 113

Security Affairs

APRIL 11, 2024

The flaw CVE-2024-3272 is a Command Injection Vulnerability impacting D-Link Multiple NAS Devices. Chaining CVE-2024-3272 and CVE-2024-3273 an attacker can achieve remote, unauthorized code execution. CISA orders federal agencies to fix this vulnerability by May 2, 2024.

DNS 118

DNS Authentication Hacking Cybersecurity 118

Security Affairs

MARCH 14, 2024

Researchers recently uncovered a DarkGate campaign in mid-January 2024, which exploited Microsoft zero-day vulnerability. Researchers at the Zero Day Initiative (ZDI) recently uncovered a DarkGate campaign in mid-January 2024, which exploited the Windows zero-day flaw CVE-2024-21412 using fake software installers.

Phishing 112

Phishing Malware Software Internet 112

Security Affairs

FEBRUARY 5, 2024

The Ivanti SSRF vulnerability tracked as CVE-2024-21893 is actively exploited in attacks in the wild by multiple threat actors. The Ivanti Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2024-21893 , is currently being actively exploited in real-world attacks by various threat actors. x), Policy Secure (9.x,

Software 108

Software Authentication Internet Internet 108