Penetration Testing

NOVEMBER 12, 2024

The vulnerabilities, tracked as CVE-2024-8534 and... The post Citrix NetScaler ADC and Gateway Vulnerabilities Put Organizations at Risk appeared first on Cybersecurity News.

Risk 136

Risk Cybersecurity 136

Security Affairs

OCTOBER 29, 2024

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. reads the SonicWall’s advisory.

VPN 131

VPN Ransomware Firewall Internet 131

The Last Watchdog

DECEMBER 5, 2024

5, 2024, CyberNewswire — One Identity proudly announces it has been named a winner in the Hot Company: Privileged Access Management (PAM) category in the 12th annual Cyber Defense Awards by Cyber Defense Magazine (CDM), the industrys leading information security magazine. Alisa Viejo, Calif.,

InfoSec 130

InfoSec Cyber Risk CISO Cybersecurity 130

Krebs on Security

AUGUST 13, 2024

CVE-2024-38106 , CVE-2024-38107 and CVE-2024-38193 all allow an attacker to gain SYSTEM level privileges on a vulnerable machine, although the vulnerabilities reside in different parts of the Windows operating system. The final zero-day this month is CVE-2024-38189 , a remote code execution flaw in Microsoft Project.

Internet 317

Internet Internet Malware Software 317

Krebs on Security

OCTOBER 8, 2024

One of the zero-day flaws — CVE-2024-43573 — stems from a security weakness in MSHTML , the proprietary engine of Microsoft’s Internet Explorer web browser. If that sounds familiar it’s because this is the fourth MSHTML vulnerability found to be exploited in the wild so far in 2024.

Engineering 276

Engineering System Administration Internet Internet 276

SecureList

NOVEMBER 29, 2024

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Quarterly figures In Q3 2024: Kaspersky solutions successfully blocked more than 652 million cyberattacks originating from various online resources. 2 China 0.95 3 Libya 0.68 4 South Korea 0.66

Mobile 107

Mobile Adware Ransomware Malware 107

Security Affairs

MAY 16, 2025

Over half of firms adopted AI in 2024, but cloud tools like Azure OpenAI raise growing concerns over data security and privacy risks. In 2024 alone, over half of organizations adopted AI to build custom applications. In 2024 alone, over half of organizations adopted AI to build custom applications.

Risk 110

Risk Artificial Intelligence Government Hacking 110

Security Boulevard

JANUARY 10, 2025

According to a Netskope report, phishing attacks surged in 2024, with enterprise employees clicking on phishing links at a rate nearly three times higher than in 2023. The post Phishing Threats, GenAI Among Top Cybersecurity Risks in 2025 appeared first on Security Boulevard. The study found phishing campaigns have evolved.

Phishing 122

Phishing Risk Cybersecurity Security Awareness 122

Penetration Testing

NOVEMBER 21, 2024

A newly discovered vulnerability in popular remote desktop software AnyDesk could allow attackers to uncover users’ IP addresses, posing significant privacy risks.

Software 98

Software Risk Cybersecurity 98

Adam Shostack

JANUARY 2, 2025

The most important stories around threat modeling, appsec and secure by design for June, 2024. A group of leading AI researchers have released a letter about a Right to Warn , advocating that staff can warn the public about risks from their employers products, without being sued for disparagement or retaliated against.

Scams 130

Scams Mobile Engineering Software 130

Responsible Cyber

NOVEMBER 23, 2024

Overview of Vendor Breaches in 2024 In 2024, the cybersecurity landscape has faced an alarming rise in vendor-related breaches, underscoring the vulnerabilities associated with third-party service providers. A common characteristic among the vendor breaches reported in 2024 is the exploitation of weak security protocols.

Risk 81

Risk Healthcare Education Cybersecurity 81

Penetration Testing

MAY 25, 2025

A recently disclosed vulnerability in WSO2 products, identified as CVE-2024-6914, poses a severe security threat to organizations using The post Critical WSO2 Flaw: Unauthenticated Account Takeover Risk (CVSS 9.8) appeared first on Daily CyberSecurity.

Accountability 82

Accountability Risk Cybersecurity 82

Security Affairs

OCTOBER 23, 2024

It becomes increasingly difficult to gain complete visibility or transparency that could help security and privacy teams discover sensitive data, identify its security and compliance postures, and mitigate risks. To add to the difficulty, the advent of Generative AI (GenAI) has brought unprecedented security and privacy risks.

Data privacy 127

Data privacy Unstructured Data Risk Data breaches 127

Malwarebytes

DECEMBER 31, 2024

It may sound weird when I say that I would like to remember 2024 as the year of the biggest breaches. Huge increase in numbers As we reported in July , the number of data breach victims went up 1,170% in Q2 2024, compared to Q2 2023 (from 81,958,874 victims to 1,041,312,601). Remember these headlines? Heres what you need to know.

Data breaches 112

Data breaches Healthcare Passwords Banking 112

Adam Shostack

JANUARY 2, 2025

First, the Washington Post reports on how Officials studied Baltimore bridge risks but didnt prepare for ship strike that discusses the challenges of securing bridges against modern cargo ships. A less busy month in appsec, AI, and regulation, but still interesting stories Im going to kick off with two interesting engineering stories.

Engineering 130

Engineering Software Cybersecurity Risk 130

The Last Watchdog

MARCH 19, 2025

SpyCloud , the leading identity threat protection company, today released its 2025 SpyCloud Annual Identity Exposure Report , highlighting the rise of darknet-exposed identity data as the primary cyber risk facing enterprises today. It requires organizations to rethink the risks posed by employees, consumers, partners and suppliers.

Cyber Risk 113

Cyber Risk Risk Phishing Cybercrime 113

Penetration Testing

NOVEMBER 4, 2024

has been identified, posing a significant security risk that could allow attackers to execute arbitrary web scripts or HTML on... The post CVE-2024-46538: Unpatched XSS Flaw in pfSense Allows Remote Exploits, PoC Published appeared first on Cybersecurity News.

Risk 92

Risk Cybersecurity 92

Security Affairs

NOVEMBER 7, 2024

Google as usual did not share details about the attacks exploiting the above vulnerability, however, it added that another issue, tracked as CVE-2024-43047, is actively exploited in the wild. CVE-2024-43093 CVE-2024-43047″ reads the security bulletin published by Google. Versions up to 2.3.6 and unpatched 2.3.7

Firewall 127

Firewall Authentication Accountability Risk 127

Malwarebytes

OCTOBER 30, 2024

Technical details One of the vulnerabilities was reported to Google by Apple Security Engineering and Architecture (SEAR), which reported the issue on October 23, 2024. This vulnerability, tracked as CVE-2024-10487 , can be used by cybercriminals as a drive-by download. It could be used for potential data theft or system crashes.

Spyware 144

Spyware Architecture Advertising Engineering 144

Malwarebytes

NOVEMBER 6, 2024

If your Android phone shows patch level 2024-11-05 or later then the issues discussed below have been fixed. The CVEs that look the most important are: CVE-2024-43047 : a high-severity use-after-free issue in closed-source Qualcomm components within the Android kernel that elevates privileges.

Encryption 139

Encryption Mobile Technology Software 139

Security Affairs

NOVEMBER 2, 2024

Hackers are exploiting two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, in PTZOptics cameras. Threat actors are attempting to exploit two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957 , in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras, GretNoise researchers warn.

Firmware 123

Firmware Manufacturing IoT Healthcare 123

The Last Watchdog

AUGUST 12, 2024

LAS VEGAS – Here’s what I discovered last week here at Black Hat USA 2024 : GenAI is very much in the mix as a potent X-factor in cybersecurity. When you add AI into the mix, it further intensifies the challenge of managing data sprawl and the associated risks.” Those are my big takeaways from Black Hat USA 2024. Roger that.

Software 290

Software Technology Mobile Cybersecurity 290

Thales Cloud Protection & Licensing

NOVEMBER 26, 2024

Protecting Retailers Against Cyber Risks on Black Friday and Cyber Monday josh.pearson@t… Tue, 11/26/2024 - 08:01 As Black Friday and Cyber Monday loom, the stakes for retailers extend far beyond enticing deals and record sales. With retail sales during 2024 set to grow to between $5.23 trillion and $5.28 trillion and $5.28

Retail 71

Retail Cyber Risk Risk DDOS 71

Security Affairs

OCTOBER 19, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the Veeam Backup and Replication flaw CVE-2024-40711 (CVSS score of 9.8) This week, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware.

Backups 132

Backups Ransomware VPN Authentication 132

The Last Watchdog

DECEMBER 13, 2023

We drilled down on a few significant developments expected to play out in 2024 and beyond. What’s more, a fresh layer of risks posed by the rise of quantum computing looms large. A we turn the corner into 2024, Digital Trust is in sight. We met at DigiCert Trust Summit 2023. This is something we’ve come to take for granted.

Encryption 311

Encryption Technology CISO IoT 311

Krebs on Security

FEBRUARY 26, 2025

But in a response filed today (PDF), prosecutors in Seattle said Wagenius was a flight risk, partly because prior to his arrest he was searching online for how to defect to countries that do not extradite to the United States. government military which country will not hand me over” -“U.S. million customers.

Hacking 259

Hacking Government Identity Theft Accountability 259

The Last Watchdog

OCTOBER 23, 2024

22, 2024, CyberNewswire — INE Security offers essential advice to protect digital assets and enhance security. As small businesses increasingly depend on digital technologies to operate and grow, the risks associated with cyber threats also escalate. Cary, NC, Oct.

Small Business 162

Small Business Data breaches Backups Passwords 162

Security Affairs

NOVEMBER 7, 2024

SentinelLabs researchers identified a North Korea-linked threat actor targeting crypto businesses with new macOS malware as part of a campaign tracked as “Hidden Risk.” SentinelLabs researchers speculate DPRK-linked actors targeting the crypto industry since July 2024 as part of the Hidden Risk campaign.

Malware 124

Malware Risk Architecture Cryptocurrency 124

Security Affairs

NOVEMBER 6, 2024

Taiwanese vendor Synology has addressed a critical security vulnerability, tracked as CVE-2024-10443, that impacts DiskStation and BeePhotos. Security researcher Rick de Jager demonstrated the vulner ability, called RISK:STATION by cybersecurity firm Midnight Blue, at the Pwn2Own Ireland 2024 hacking contest.

Firmware 126

Firmware Manufacturing Hacking Media 126

Security Affairs

OCTOBER 22, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the ScienceLogic SL1 flaw CVE-2024-9537 (CVSS v4 score: 9.3) ” On September 24, 2024, cloud hosting provider Rackspace reported an issue with its ScienceLogic EM7 monitoring tool. CISA orders federal agencies to fix this vulnerability by November 11, 2024.

Encryption 124

Encryption Hacking Accountability Cybersecurity 124

SecureWorld News

NOVEMBER 14, 2024

Ransomware attacks on healthcare organizations have sharply increased in 2024, as shown by recent research from Safety Detectives. Escalating Frequency and Impact: Healthcare services have become one of the most targeted industries, moving from the fifth most attacked sector in 2023 to third in 2024.

Healthcare 119

Healthcare Ransomware Identity Theft Data breaches 119

Krebs on Security

DECEMBER 11, 2024

Peter German , a former deputy commissioner for the Royal Canadian Mounted Police who authored two reports on money laundering in British Columbia, told the publicationsit goes against the spirit of Canadas registration requirements for such businesses, which are considered high-risk for money laundering and terrorist financing. ”

Cryptocurrency 288

Cryptocurrency Banking Cybercrime Advertising 288

Security Affairs

NOVEMBER 9, 2024

Below are the vulnerabilities reported by ZDI: CVE-2024-8355 : SQL injection in DeviceManager, enabling database manipulation or code execution via spoofed Apple device connections. CVE-2024-8358 : Command injection in UPDATES_ExtractFile , enabling command execution via file paths during updates.

Hacking 131

Hacking Firmware Software Manufacturing 131

Security Affairs

DECEMBER 17, 2024

Cybersecurity and Infrastructure Security Agency (CISA)added the Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference ( CVE-2024-35250 ) and Adobe ColdFusion Improper Access Control ( CVE-2024-20767 ) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability CVE-2024-35250 (CVSS score 7.8)

Hacking 108

Hacking Cybersecurity Ransomware Risk 108

Security Affairs

OCTOBER 16, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-30088 (CVSS score 7.0) Microsoft Windows Kernel TOCTOU Race Condition Vulnerability CVE-2024-9680 Mozilla Firefox Use-After-Free Vulnerability CVE-2024-28987 (CVSS score 9.1)

Software 120

Software Hacking Government Cybersecurity 120

Malwarebytes

APRIL 8, 2025

Technical details The zero-days are both located in the kernel: CVE-2024-53150 : an out-of-bounds flaw in the USB sub-component of the Linux Kernel that could result in information disclosure. CVE-2024-53197 : a privilege escalation flaw in the USB audio sub-component of the Linux Kernel. Again, no user interaction is required.

Spyware 127

Spyware Software Mobile Risk 127

Security Affairs

NOVEMBER 19, 2024

CVE-2024-0012 is a vulnerability in Palo Alto Networks PAN-OS that allows unauthenticated attackers with network access to the management web interface to bypass authentication and gain administrator privileges. This access enables administrative actions, configuration tampering, or exploitation of other vulnerabilities like CVE-2024-9474.

Firewall 110

Firewall Authentication Risk Hacking 110