Data Breach Today

JANUARY 23, 2019

The coming end-of-support for Windows Server 2008 leaves IT organizations with few viable options to receive security updates beyond the cut-off date of January 14, 2020. Upgrading will be no small feat as roughly 70% of enterprise Windows applications run on Windows Server 2008 or earlier versions*.

Security 147

Security IT 147

Krebs on Security

JUNE 8, 2021

Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks. June’s Patch Tuesday addresses just 49 security holes — about half the normal number of vulnerabilities lately.

Security 345

Security Ransomware Phishing Cloud 345

Security Affairs

NOVEMBER 29, 2020

Every week the best security articles from Security Affairs free for you in your email box. The post Security Affairs newsletter Round 291 appeared first on Security Affairs. A new round of the weekly SecurityAffairs newsletter arrived! Pierluigi Paganini. SecurityAffairs – hacking, newsletter).

Security 266

Security Data breaches Ransomware Retail 266

Security Affairs

FEBRUARY 13, 2020

Since 2016, Microsoft is urging admins to stop using SMBv1, later versions of the protocol implemented security enhancements, such as encryption, pre- authentication integrity checks to prevent man-in-the-middle (MiTM) attacks, and insecure guest authentication blocking. It also provides an authenticated inter-process communication mechanism.

Authentication 363

Authentication Communications Encryption IT 363

Security Affairs

AUGUST 20, 2020

Microsoft released an Out-of-Band security update to address privilege escalation flaws in Windows 8.1 Microsoft released this week an out-of-band security update for Windows 8.1 The IT giant urges users to apply the security updates as soon as possible. and Windows Server 2012 R2 systems. and Windows Server 2012 R2.

Security 266

Security Access IT Information Security 266

Security Affairs

JUNE 5, 2019

A security expert has developed a Metasploit module to exploit the critical BlueKeep vulnerability and get remote code execution. The security researcher Z??osum0x0 Many security experts have already developed their own exploit code for this issue without publicly disclosing it for obvious reasons. Rough draft MSF module.

Authentication 279

Authentication Ransomware Security IT 279

Security Affairs

MARCH 8, 2020

The best news of the week with Security Affairs. CIA Hacking unit APT-C-39 hit China since 2008. Malware campaign employs fake security certificate updates. The post Security Affairs newsletter Round 254 appeared first on Security Affairs. A new round of the weekly newsletter arrived! Pierluigi Paganini.

Security 237

Security Data breaches Ransomware Encryption 237

Security Affairs

MARCH 27, 2020

“Microsoft is aware of limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released.” link] — Security Response (@msftsecresponse) March 23, 2020. See the link for more details.

Libraries 357

Libraries Risk Security IT 357

Security Affairs

MAY 29, 2020

Security experts from Cyble discovered in the dark web a database containing details of over 20 Million Taiwanese citizens. The seller claims the database dates back as 2019, but Cyble researchers noted the last DOB record was from 2008. ” reads a post published by Cyble. The database size is 3.5 Pierluigi Paganini.

Archiving 363

Archiving Data breaches Government Security 363

Security Affairs

JULY 9, 2019

Patch Tuesday updates for July 2019 fixed security issued in numerous products of the tech giant, including Windows operating systems, Internet Explorer, Edge, Office, Azure DevOps, Open Source Software,NET Framework, Azure, SQL Server, ASP.NET, Visual Studio, and Exchange Server. ” reads the security advisory.

Security 246

Security IT Information Security 246

Security Affairs

JUNE 19, 2020

The exploit used by Turla, referred to as CVE-2008-3431 , abuses two vulnerabilities, but only one was ever fixed in the aforementioned CVE. The other vulnerability was chained by Turla operators with the CVE-2008-3431 flaw in the first version of their exploit. ” reads the analysis published by Palo Alto Networks. of the driver.

Security 361

Security Government IT Information Security 361

Security Affairs

DECEMBER 3, 2018

According to New Zealand’s Government Communications Security Bureau, Huawei equipment for 5G infrastructure poses a “significant network security risk,” for this reason, it asked mobile company Spark to avoid using the equipment of the Chinese company. In 2008, New Zealand signed a free-trade deal with China.

Security 246

Security Government Communications Manufacturing 246

Security Affairs

JUNE 5, 2019

The National Security Agency (NSA) is urging Windows users and administrators to install security updates to address BlueKeep flaw (aka CVE-2019-0708). Now the National Security Agency (NSA) is also urging Windows users and administrators to install security updates to address BlueKeep flaw (aka CVE-2019-0708).

Authentication 274

Authentication Security Ransomware IT 274

Security Affairs

OCTOBER 20, 2021

Its operators have added new exploits and payloads, according to the experts, the new variant leverages WebSockets to implement more secure C2 bidirectional communication. The post PurpleFox botnet variant uses WebSockets for more secure C2 communication appeared first on Security Affairs. Pierluigi Paganini.

Communications 285

Communications Security Encryption IT 285

Security Affairs

JUNE 18, 2019

The Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. After Microsoft and the US NSA , the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Microsoft has released security updates to patch this vulnerability. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003.

Authentication 262

Authentication Cybersecurity Security Marketing 262

Data Breach Today

JANUARY 23, 2019

The coming end-of-support for Windows Server 2008 leaves IT organizations with few viable options to receive security updates beyond the cut-off date of January 14, 2020. Upgrading will be no small feat as roughly 70% of enterprise Windows applications run on Windows Server 2008 or earlier versions*.

Security 164

Security IT 164

Security Affairs

JULY 9, 2020

Researchers from cyber-security firm ACROS Security have disclosed a zero-day vulnerability in the Windows client of the popular Zoom video conferencing platform. Researchers from cyber-security firm ACROS Security have disclosed a zero-day vulnerability in the Windows client of the video conferencing software Zoom.

Security 350

Security Privacy IT Information Security 350

Security Affairs

DECEMBER 20, 2018

Microsoft has issued an out-of-band security update to fix a critical zero-day flaw in the Internet Explorer (IE) browser. Microsoft has rolled out an out-of-band security update to address a critical zero-day vulnerability affecting the Internet Explorer (IE) browser. ” reads the security advisory. Pierluigi Paganini.

Security 278

Security IT 278

Security Affairs

JUNE 8, 2022

0patch researchers released an unofficial security patch for a Windows zero-day vulnerability dubbed DogWalk. 0patch released an unofficial security patch for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) dubbed DogWalk. The expert warned to pay special attention to not open .diagcab

Security 246

Security File names Libraries Archiving 246

Security Affairs

SEPTEMBER 29, 2019

The best news of the week with Security Affairs. 0patch will provide micropatches for Windows 7 and Server 2008 after EoS. The post Security Affairs newsletter Round 233 appeared first on Security Affairs. A new round of the weekly newsletter arrived! Once again thank you! Pierluigi Paganini.

Security 207

Security Data breaches Ransomware Phishing 207

Security Affairs

MARCH 31, 2021

The Internet Engineering Task Force (IETF) formally deprecates Transport Layer Security (TLS) versions 1.0 (RFC was recommended for IETF protocols in 2008 and became obsolete with the introduction of TLS version 1.3 The move to deprecate old versions aims at making products using them more secure. RFC 2246) and 1.1 (RFC

Communications 305

Communications Security Encryption Information Security 305

Security Affairs

JANUARY 15, 2019

A new security assessment conducted by the Defense Department Inspector General revealed that the Pentagon is still exposed to many cyber risks, The report published by the Defense Department Inspector General on January 9, shows a worrisome situation, there are 266 issue, some of them are ten-years-old cybersecurity?related

Risk 274

Risk Cybersecurity IT Government 274

WIRED Threat Level

JANUARY 11, 2018

The House of Representatives Thursday strengthened spying powers authorized under Section 702 of the 2008 FISA Amendments Act.

Security 273

Security 273

Security Affairs

OCTOBER 13, 2021

The vulnerability is a use-after-free issue in the Win32k kernel driver, tracked as CVE-2021-40449 , that was addressed by Microsoft with the release of October Patch Tuesday security updates. The post Chinese APT IronHusky use Win zero-day in recent wave of attacks appeared first on Security Affairs. Pierluigi Paganini.

Government 289

Government IT Security Access 289

Krebs on Security

MAY 14, 2019

Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003 , citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.

Ransomware 269

Ransomware Authentication Security IT 269

Krebs on Security

NOVEMBER 9, 2021

today released updates to quash at least 55 security bugs in its Windows operating systems and other software. Microsoft’s revised, more sparse security advisories don’t offer much detail on what exactly is being bypassed in Excel with this flaw. Microsoft Corp.

Passwords 312

Passwords Security Authentication Ransomware 312

Security Affairs

FEBRUARY 7, 2021

The vulnerability was disclosed by the security researcher Polle Vanhoof. The Mifare Classic smart card technology is known to be insecure since 2008, when security researchers from Radboud University Nijmegen performed reverse engineering of the chip and published their findings. ” Vanhoof added. Pierluigi Paganini.

Encryption 363

Encryption Security Communications IT 363

Security Affairs

JUNE 7, 2022

QBot, aka Qakbot and Pinkslipbot , has been active since 2008, it is used by threat actors for collecting browsing data and banking credentials and other financial information from the victims. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS.

Ransomware 363

Ransomware Security Cybersecurity IT 363

Security Affairs

AUGUST 1, 2019

Back in 2008, a whistle-blower identifies a vulnerability in Cisco video surveillance software, but the tech giant continued to sell the software to US agencies until July 2013. million fine for selling flawed surveillance technology to the US Gov appeared first on Security Affairs. Cisco is going to pay $8.6 Pierluigi Paganini.

Government 275

Government Sales Access Security 275

Security Affairs

JUNE 3, 2022

LuoYu has been active since at least 2008, it focuses on targets located in China, such as foreign diplomatic organizations established in the country, members of the academic community, or companies from the defense, logistics and telecommunications sectors. . ” concludes Kaspersky. To nominate, please visit:?. Pierluigi Paganini.

Information capture 363

Information capture Communications Security IT 363

Security Affairs

JANUARY 31, 2024

“This is the most extensive security of Bitcoins by law enforcement authorities in the Federal Republic of Germany to date.” It was operating between 2008 and 2013. The police in Saxony, Germany, have seized 50,000 Bitcoin (more than $2.1 ” reads the press release published by the German police.

IT 323

IT Security Information Security 323

Security Affairs

DECEMBER 17, 2021

VMware released security patches for a critical server-side request forgery (SSRF) vulnerability in Workspace ONE UEM console. and above 2008 Workspace ONE UEM patch 20.8.0.36 The SSRF vulnerability in Workspace ONE UEM console was privately reported to the company which released security patches and workarounds.

Access 323

Access Authentication Cloud Security 323

Security Affairs

SEPTEMBER 7, 2019

The Metasploit BlueKeep exploit module is based on the proof-of-concept code from the security researchers z??osum0x0 It has been developed to target only the 64-bit versions of Windows 7 and Windows 2008 R2. The initial PR of the exploit module targets 64-bit versions of Windows 7 and Windows 2008 R2.” Pierluigi Paganini.

Libraries 266

Libraries Security IT Information Security 266

Security Affairs

MAY 31, 2019

Many security experts have already developed their own exploit code for this issue without publicly disclosing it for obvious reasons. Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003. Microsoft Security Response Center (MSRC). ” reads the advisory published by Simon Pope,?Director

Risk 276

Risk Authentication Security Cybersecurity 276

Security Affairs

JULY 7, 2021

Microsoft has released the KB5004945 emergency security update to address the actively exploited CVE-2021-34527 zero-day vulnerability, aka PrintNightmare. Please see: [link] — Security Response (@msftsecresponse) July 6, 2021. Please see the Security Updates table for the applicable update for your system.

Security 360

Security Cybersecurity IT Access 360

Krebs on Security

DECEMBER 19, 2018

Microsoft today released an emergency software patch to plug a critical security hole in its Internet Explorer (IE) Web browser that attackers are already using to break into Windows computers. Microsoft says users who have Windows Update enabled and have applied the latest security updates are protected automatically.

Risk 260

Risk Security IT 260

Krebs on Security

OCTOBER 26, 2021

based WOKV.com reported that agents with the FBI and Department of Homeland Security (DHS) had raided a local PAX Technology warehouse. Even if it were publicly proven today that the company’s technology was in fact a security risk, my guess is few retailers would be quick to do much about it in the short run.

Sales 72

Sales Retail Computer and Electronics Risk 72