Schneier on Security
DECEMBER 12, 2023
Interesting attack based on malicious pre-OS logo images : LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux… The vulnerabilities are the subject of a coordinated mass disclosure released Wednesday.
Krebs on Security
DECEMBER 12, 2023
The final Patch Tuesday of 2023 is upon us, with Microsoft Corp. today releasing fixes for a relatively small number of security holes in its Windows operating systems and other software. Even more unusual, there are no known “zero-day” threats targeting any of the vulnerabilities in December’s patch batch. Still, four of the updates pushed out today address “critical” vulnerabilities that Microsoft says can be exploited by malware or malcontents to seize complete c
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Tech Republic Security
DECEMBER 12, 2023
Recruiters and anyone else involved in hiring processes should be knowledgeable about this social engineering attack threat. Get the details.
Bleeping Computer
DECEMBER 12, 2023
Roughly 1,450 pfSense instances exposed online are vulnerable to command injection and cross-site scripting flaws that, if chained, could enable attackers to perform remote code execution on the appliance. [.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Tech Republic Security
DECEMBER 12, 2023
Mozilla VPN’s fast performance may not be enough to make up for its small server network and lack of features. Learn more about it in our full review below.
Bleeping Computer
DECEMBER 12, 2023
Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs. [.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Bleeping Computer
DECEMBER 12, 2023
Since Friday, Windows users have reported problems with the operating system freezing shortly after booting, an issue linked to a faulty update for Avira's security software. [.
Security Affairs
DECEMBER 12, 2023
The Dubai Taxi Company (DTC) app, which provides taxi, limousine, and other transport services, left a database open to the public, exposing sensitive customer and driver data. Dubai Taxi Company, a subsidiary of Dubai’s Roads and Transport Authority, leaked a trove of sensitive information from the DTC app, the Cybernews research team has found. Over 197K app users and nearly 23K drivers were exposed.
Bleeping Computer
DECEMBER 12, 2023
Miklos Daniel Brody, a cloud engineer, was sentenced to two years in prison and a restitution of $529,000 for wiping the code repositories of his former employer in retaliation for being fired by the company. [.
The Last Watchdog
DECEMBER 12, 2023
Stockhom, Sweden & Boston, Mass., Dec. 12, 2023 – Detectify , the External Attack Surface Management platform powered by elite ethical hackers, has today released its “ State of EASM 2023 ” report. The research incorporates insights from Detectify’s customer base and provides a snapshot of the threat landscape faced by core industries and regions that Detectify serves.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Bleeping Computer
DECEMBER 12, 2023
The Ukrainian government's military intelligence service says it hacked the Russian Federal Taxation Service (FNS), wiping the agency's database and backup copies. [.
We Live Security
DECEMBER 12, 2023
The past year has seen over 10,000 downloads of malicious packages hosted on the official Python package repository, ESET research finds
Security Boulevard
DECEMBER 12, 2023
By following some of the top CISOs in the USA, you can gain valuable insights into developing a robust cybersecurity strategy. The post Top CISOs in the USA to Follow in 2024 appeared first on Scytale. The post Top CISOs in the USA to Follow in 2024 appeared first on Security Boulevard.
Bleeping Computer
DECEMBER 12, 2023
Microsoft warns that financially-motivated threat actors are using OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining. [.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Affairs
DECEMBER 12, 2023
Apple rolled out emergency security updates to backport patches for two actively exploited zero-day flaws to older devices. The company released iOS 17.2 and iPadOS 17.2 which address a dozen of security flaws. The most severe flaw is a memory corruption issue that resides in the ImageIO. Successful exploitation of the flaw may lead to arbitrary code execution.
Bleeping Computer
DECEMBER 12, 2023
Microsoft has released the KB5033372 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes Copilot for Windows and nineteen other changes to the operating system. [.
Security Affairs
DECEMBER 12, 2023
Kyivstar, the largest Ukraine service provider, was hit by a cyber attack that paralyzed its services. The attack is linked to the ongoing conflict. Kyivstar , the largest Ukraine service provider was down after a major cyber attack. The Ukrainian telecommunications company provides communication services and data transmission based on a broad range of fixed and mobile technologies, including 4G (LTE) in Ukraine.
Bleeping Computer
DECEMBER 12, 2023
Sophos was forced to backport a security update for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering hackers actively exploiting the flaw in attacks. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
Security Boulevard
DECEMBER 12, 2023
A new threat has emerged, sending shockwaves through the cybersecurity industry – the LogoFAIL attack. This vulnerability targets the image-parsing components within the UEFI code, affecting a multitude of devices and posing a serious risk to the booting process. LogoFAIL is not just another cybersecurity buzzword; it represents a tangible threat to the integrity of […] The post LogoFAIL Attack: A Deep Dive into UEFI Vulnerabilities appeared first on TuxCare.
Security Affairs
DECEMBER 12, 2023
North Korea-linked APT group Lazarus was spotted exploiting Log4j vulnerabilities to deploy previously undocumented remote access trojans. The North Korea-linked APT group Lazarus is behind a new hacking campaign that exploits Log4j vulnerabilities to deploy previously undocumented remote access trojans (RATs). Cisco Talos researchers tracked the campaign as Operation Blacksmith, the nation-state actors are employing at least three new DLang -based malware families.
Security Boulevard
DECEMBER 12, 2023
As organizations continue their migration to the cloud, threat groups are not far behind. According to a report earlier this year from cybersecurity firm CrowdStrike, the number of attacks against cloud environments in 2022 jumped 95% year-over-year, and those involved cloud-conscious bad actors almost tripled. “As cloud integration continues to increase across business environments, adversaries.
Bleeping Computer
DECEMBER 12, 2023
Kyivstar, Ukraine's largest telecommunications service provider serving over 25 million mobile and home internet subscribers, has suffered a cyberattack impacting mobile and data services. [.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Boulevard
DECEMBER 12, 2023
Introduction Recently researcher Steven Seeley discovered a way to abuse the popular Apache Struts frameworks’ file upload functionality to achieve remote code execution. This bug, known as CVE-2023-50164, has been assigned a 9.8 CVSS score. No doubt this is causing some security practitioners to have flashbacks of the “good times” that a serious Struts bug […] The post Understanding the Impact of the new Apache Struts File Upload Vulnerability appeared first on Praetorian.
Malwarebytes
DECEMBER 12, 2023
Healthcare company Norton says a May breach led to the theft of data of around 2.5 million of its patients, as well as employees and their dependents. Norton has more than 40 clinics and hospitals in and around Louisville, Kentucky. In a filing with Maine’s attorney general on Friday, Norton said that on May 9, 2023, it discovered an “external system breach.
Security Affairs
DECEMBER 12, 2023
The Ukrainian government’s military intelligence service announced the hack of the Russian Federal Taxation Service (FNS). Hackers of the Main Intelligence Directorate of the Ministry of Defense of Ukraine announced they have compromised the Russian Federal Taxation Service (FNS). The military intelligence service said that the hack was the result of a successful special operation on the territory of Russia.
Security Boulevard
DECEMBER 12, 2023
In the ever-evolving landscape of software development, it’s become absolutely paramount to ensure robust security measures throughout the Software Development Lifecycle (SDLC). Need proof? In the last three years alone, we’ve witnessed a surge of high-profile supply chain attacks including SolarWinds, the Codecov, and the breach of Nissan’s Global Network.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Graham Cluley
DECEMBER 12, 2023
A malicious hacking group, thought to have been operating since at least 2013, may have suffered a significant blow after the arrest of a suspected leading member by Spanish police late last week. Read more in my article on the Tripwire State of Security blog.
Penetration Testing
DECEMBER 12, 2023
A recent ESET research study has shed light on a disturbing development in the Python Package Index (PyPI), the official repository for the Python programming language. The study uncovers a sophisticated web of malicious... The post PyPI Poisoned: 116 Malicious Packages Target Windows and Linux appeared first on Penetration Testing.
Malwarebytes
DECEMBER 12, 2023
Apple has issued emergency updates that include patches for older iOS devices concerning the two actively used zero-day vulnerabilities that were patched last week in newer devices. Updates are available for: Safari 17.2 macOS Monterey and macOS Ventura iOS 17.2 and iPadOS 17.2 iPhone XS and later, iPad Pro 12.9-inch 2nd generation and later, iPad Pro 10.5-inch, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 6th generation and later, and iPad mini 5th generati
Penetration Testing
DECEMBER 12, 2023
Attention website owners and developers using Apache Struts 2! Brace yourselves, as the Proof of Concept (PoC) for the recently disclosed critical vulnerability, CVE-2023-50164, has been released. This means malicious actors now have the... The post Patch Now! PoC for Apache Struts 2 RCE (CVE-2023-50164) Flaw Released appeared first on Penetration Testing.
Speaker: Erika R. Bales, Esq.
When we talk about “compliance and security," most companies want to ensure that steps are being taken to protect what they value most – people, data, real or personal property, intellectual property, digital assets, or any other number of other things - and it’s more important than ever that safeguards are in place. Let’s step back and focus on the idea that no matter how complicated the compliance and security regime, it should be able to be distilled down to a checklist.
Expert insights. Personalized for you.
294 
Let's personalize your content