Enterprise software maker SAP announced the release of 13 new and three updated security notes as part of its February 2024 Security Patch Day, including one addressing a critical vulnerability in the SAP ABA cross-application component. The critical issue, a code injection bug tracked as CVE-2024-22131 (CVSS score of 9.1), could be exploited by an attacker that has remote execution authorization … [Read more...]
Tech Companies Plan to Sign Accord to Combat AI-Generated Election Trickery
At least six major technology companies are planning to sign an agreement this week that would guide how they try to put a stop to the use of artificial intelligence tools to disrupt democratic elections. The upcoming event at the Munich Security Conference in Germany comes as more than 50 countries are due to hold national elections in 2024. Attempts at AI-generated election interference have … [Read more...]
Microsoft Confirms Windows Exploits Bypassing Security Features
Microsoft on Tuesday rolled out a massive batch of security-themed software updates and called urgent attention to at least three vulnerabilities being exploited in live malware attacks. The world’s largest software maker documented 72 security vulnerabilities in the Windows ecosystem and warned users of the risk of remote code execution, security feature bypass, information disclosure and … [Read more...]
Patch Tuesday: Adobe Warns of Critical Flaws in Widely Deployed Software
Software maker Adobe on Tuesday released patches for at least 30 documented security flaws in multiple products, warning that users are exposed to code execution, security feature bypass and application denial-of-service attacks. As part of its scheduled Patch Tuesday releases, Adobe called urgent attention to critical flaws in the Adobe Acrobat and Reader, Adobe Commerce and Magento Open Source, … [Read more...]
French Healthcare Payments Processor Breaches Affect Half of Population
France’s data protection agency CNIL is investigating massive data breaches at two companies that manage third-party healthcare payments, warning that more than 33 million people may be affected. A notice from CNIL said two French service providers — Viamedis and Almerys — were targeted in a cyberattack that puts almost half of the French population at risk. The agency said the two companies … [Read more...]
Willis Lease Finance Corp Discloses Cyberattack
Aircraft parts dealer Willis Lease Finance Corporation (WLFC) has informed the US Securities and Exchange Commission that it fell victim to a cyberattack. According to the SEC filing, the incident was flagged on January 31, when unauthorized activity was detected on portions of its systems. “An investigation into the nature and scope of the incident was launched with the assistance of leading … [Read more...]
Bank of America Customer Data Stolen in Data Breach
Bank of America is sending notification letters to 57,000 customers to inform them that their personal information was stolen in a data breach at third-party services provider Infosys McCamish System (IMS). The incident was disclosed on November 3, 2023, when IMS parent company Infosys said in a filing with the US Securities and Exchange Commission that it fell victim to a cyberattack resulting in … [Read more...]
JFK Airport Taxi Hackers Sentenced to Prison
Two cab drivers accused of being involved in a hacking scheme targeting the taxi dispatch system at John F. Kennedy International Airport have been sentenced to prison, the US Justice Department announced on Monday. The individuals are Daniel Abayev, who has been sentenced to four years in prison, and Peter Leyman, sentenced to two years in prison. They have also been sentenced to three years of … [Read more...]
Ivanti Vulnerability Exploited to Deliver New ‘DSLog’ Backdoor
A recently patched zero-day vulnerability in Ivanti enterprise VPNs has been exploited in attacks deploying a backdoor named ‘DSLog’, security services provider Orange Cyberdefense reports. The issue, tracked as CVE-2024-21893, is a server-side request forgery (SSRF) bug identified in the SAML component of Ivanti Connect Secure, Policy Secure, and Neurons for ZTA that could be exploited without … [Read more...]
ICS Patch Tuesday: Siemens Addresses 270 Vulnerabilities
Industrial giants Siemens and Schneider Electric have published a total of 18 new security advisories for the February 2024 ICS Patch Tuesday. Siemens Siemens has published 15 new advisories that describe — based on SecurityWeek’s analysis — a whopping total of 270 unique vulnerabilities found in the company’s products. The advisory covering more than half of them describes vulnerabilities … [Read more...]
Seeing is Believing… and Securing
According to financial market analyst firm Fitch Ratings, cyber insurance premium costs increased 178% from 2017 to 2022, including a 51% year-over-year increase in 2022 alone. Fitch says costs are expected to moderate in the coming quarters as profits and competition influence pricing, and as customers adjust to their own situations by improving cybersecurity measures, or abandoning cyber … [Read more...]
Ransomware Attack Knocks 100 Romanian Hospitals Offline
Romanian hospitals turned to using pen and paper for record keeping on Monday morning after a file-encrypting ransomware attack on a widely used healthcare management system. Over the weekend, a threat actor targeted the Hipocrate Information System (HIS) and deployed the Backmydata ransomware, which encrypted data pertaining to 26 hospitals across the country. The HIS system was knocked offline … [Read more...]
CISA Warns of Roundcube Webmail Vulnerability Exploitation
The US security agency CISA has added another Roundcube flaw to its known exploited vulnerabilities (KEV) catalog, urging government agencies and other entities to address it as soon as possible. The security hole, tracked as CVE-2023-43770, was patched by the developers of the open source webmail solution in September 2023. The issue has been described as a persistent cross-site scripting … [Read more...]
Hunter-Killer Malware Tactic Growing: Stealthy, Persistent and Aggressive
A malware tactic dubbed ‘hunter-killer’ is growing, based on an analysis of more than 600,000 malware samples. This may become the standard approach for advanced attacks. There has been a notable rise in a malware tactic dubbed ‘hunter-killer’ malware. The name comes from modern submarine warfare: submarines remain hidden until they strike. The use of hunter-killer malware grew over 2023, and it … [Read more...]
Ongoing Azure Cloud Account Takeover Campaign Targeting Senior Personnel
An active cloud account takeover (ATO) campaign has already impacted dozens of Azure environments and compromised hundreds of user accounts on the cloud computing platform run by Microsoft. Proofpoint researchers detected an integrated credential phishing and cloud ATO campaign in late November 2023. It is still active. Individualized phishing lures are used within shared documents, including … [Read more...]
ExpressVPN User Data Exposed Due to Bug
ExpressVPN last week disabled split tunneling on its Windows clients to prevent an issue where DNS requests were not properly directed to its servers. The issue, introduced in May 2022 in version 12.23.1 of ExpressVPN, resulted in DNS requests remaining unprotected in certain conditions, the VPN solutions provider announced. Normally, when a user is connected to ExpressVPN, their DNS requests are … [Read more...]
Stealthy Cyberespionage Campaign Remained Undiscovered for Two Years
A non-profit organization in Saudi Arabia has been targeted in a stealthy cyberespionage campaign that remained undetected for two years, Cisco’s Talos security researchers report. The campaign is characterized by a custom backdoor dubbed Zardoor, modified reverse proxies (such as Fast Reverse Proxy, sSocks, and Venom), and the abuse of legitimate tools for malware delivery, persistence, and … [Read more...]
Bugcrowd Raises $102 Million
Bug bounty platform provider Bugcrowd announced on Monday that it has raised $102 million in strategic growth funding from General Catalyst, Rally Ventures, and Costanoa Ventures. The new investment will be used to accelerate growth, to continue enhancing its crowdsourced security platform, and for strategic M&A opportunities. Bugcrowd’s previous funding round was announced in 2020, when … [Read more...]
Exploitation of Another Ivanti VPN Vulnerability Observed
Exploitation of a recently disclosed XML external entity (XXE) vulnerability impacting Ivanti enterprise VPN and network access products has commenced, multiple security researchers warned over the weekend. Affecting the SAML component of Ivanti Connect Secure, Policy Secure, and ZTA gateway appliances and tracked as CVE-2024-22024 (CVSS score of 8.3), the issue can be exploited to access certain … [Read more...]
Warzone RAT Shut Down by Law Enforcement, Two Arrested
The US Justice Department announced on Friday that the Warzone RAT cybercrime enterprise has been dismantled as a result of an international law enforcement operation. US authorities have also unsealed charges brought against two individuals allegedly selling the malware and offering support to users. On the technical side, authorities have seized four internet domains that were used to sell … [Read more...]
- « Previous Page
- 1
- …
- 31
- 32
- 33
- 34
- 35
- …
- 146
- Next Page »