Security Affairs

JANUARY 1, 2022

Which are the most-read cyber stories of 2021? The development team behind the Linux Mint distro has fixed a security flaw that could have allowed users to bypass the OS screensaver. The development team behind the Linux Mint distro has fixed a security flaw that could have allowed users to bypass the OS screensaver.

Security 105

Security Libraries Ransomware Passwords 105

Security Affairs

SEPTEMBER 17, 2021

Chipmaker AMD has addressed a vulnerability in PSP driver, tracked as CVE-2021-26333 , that could allow an attacker to obtain sensitive information from the targeted system. ” reads the security advisory. ” reads the advisory published by the security firm. SecurityAffairs – hacking, CVE-2021-26333).

Authentication 120

Authentication Security Access IT 120

Security Affairs

DECEMBER 29, 2021

version to address recently discovered arbitrary code execution flaw tracked as CVE-2021-44832. version to address a recently discovered arbitrary code execution flaw, tracked as CVE-2021-44832, affecting Log4j 2.17.0. CVE-2021-44832 is the fifth vulnerability discovered in the popular library in the last weeks. . and 2.12.4)

Libraries 132

Libraries Security IT Information Security 132

Security Affairs

OCTOBER 7, 2024

238,000 Comcast customers were impacted by the FBCS data breach following the February ransomware attack, Comcast reports. Telecommunications giant Comcast is notifying approximately 238,000 customers impacted by the Financial Business and Consumer Solutions (FBCS) data breach. reads the notice of data breach.

Data breaches 119

Data breaches Ransomware Access Encryption 119

Security Affairs

APRIL 15, 2021

April 2021 Security Patch Day includes 14 new security notes and 5 updates to previously released notes, one of them fixes a critical issue in SAP Commerce. SAP Security Note #3040210 , tagged with a CVSS score of 9.9 ” reads the advisory published by SAP security firm Onapsis.

Security 110

Security IT Information Security 110

Security Affairs

SEPTEMBER 3, 2021

USCYBERCOM is urging organizations to patch a critical CVE-2021-26084 flaw in Atlassian Confluence Server and Data Center, ahead of the Labor Day weekend. . US Cyber Command (USCYBERCOM) has issued an alert to warn US organizations to address Atlassian Confluence CVE-2021-26084 vulnerability immediately, ahead of the Labor Day weekend.

Authentication 108

Authentication Ransomware Security Government 108

Security Affairs

MARCH 30, 2024

AT&T confirmed that a data breach impacted 73 million current and former customers after its data were leaked on a cybercrime forum. No information is available to indicate whether it is a 3rd party compromise, or which 'division' this data is from. The archive contains 73.481.539 records. “It

Data breaches 140

Data breaches Archiving Sales Access 140

Security Affairs

JANUARY 19, 2024

China-linked group UNC3886 has been exploiting vCenter Server zero-day vulnerability CVE-2023-34048 since at least late 2021. Mandiant researchers reported that China-linked APT group UNC3886 has been exploiting vCenter Server zero-day vulnerability CVE-2023-34048 since at least late 2021. ” reads the advisory.

Authentication 120

Authentication Access Cloud IT 120

OpenText Information Management

APRIL 22, 2021

In March 2021, Chinese hackers broke into Microsoft Exchange Server and stole emails from over 250,000 customers worldwide. How do you find out what data is affected and what damage has been done? This raises two questions: How do you stop these attacks happening?

Security 59

Security Information governance Information Security Government 59

Security Affairs

OCTOBER 31, 2022

VMware warned of the availability of a public exploit for a recently addressed critical remote code execution flaw in NSX Data Center for vSphere (NSX-V). “VMware has confirmed that exploit code leveraging CVE-2021-39144 against impacted products has been published.” reads the advisory published by the company.

Libraries 110

Libraries Cloud Security IT 110

Security Affairs

JUNE 9, 2023

Researchers discovered that the Clop ransomware gang was looking for a zero-day exploit in the MOVEit Transfer since 2021. Kroll security experts discovered that the Clop ransomware gang was looking for a zero-day exploit in the MOVEit Transfer since 2021. ” reads the analysis published by the security firm.

Ransomware 87

Ransomware Retail Access Personal data 87

Security Affairs

JULY 24, 2021

Japanese researchers spotted an Olympics-themed wiper targeting Japanese users ahead of the 2021 Tokyo Olympics. Tokyo Olympics could be a great opportunity for cybercriminals and malware authors, the US FBI warned p rivate US companies of cyberattacks that might attempt to disrupt the 2021 Tokyo Olympics. Pierluigi Paganini.

File names 143

File names Access Security IT 143

Data Matters

FEBRUARY 2, 2021

The National Association of Insurance Commissioners’ (NAIC) Insurance Data Security Model Law has been adopted in at least 11 states, with several others (including New York) having implemented either older or similar laws or administrative guidance. appeared first on Data Matters Privacy Blog.

Insurance 113

Insurance Security Compliance Privacy 113

Security Affairs

APRIL 10, 2024

AT&T confirmed that the data breach impacted 51 million former and current customers and is notifying them. AT&T revealed that the recently disclosed data breach impacts more than 51 million former and current customers and is notifying them. The archive contains 73.481.539 records. The archive contains 73.481.539 records. “It

Data breaches 110

Data breaches Archiving Sales Authentication 110

Security Affairs

AUGUST 24, 2021

The OpenSSL Project patched a high-severity vulnerability, tracked as CVE-2021-3711 , that can allow an attacker to change an application’s behavior or cause the app to crash. The vulnerability ties the decryption of SM2 encrypted data, the changes depend on the targeted application and data it maintains (i.e. and 1.0.2za.

Encryption 115

Encryption IT Security Information Security 115

Security Affairs

SEPTEMBER 30, 2021

Threat actors are actively exploiting the recently disclosed CVE-2021-26084 RCE vulnerability in Atlassian Confluence deployments. At the end of August, Atlassian released security patches to address the critical CVE-2021-26084 flaw that affects the Confluence enterprise collaboration product. link] — U.S.

Mining 102

Mining Authentication Marketing Security 102

Hunton Privacy

NOVEMBER 15, 2023

Patrick Gunning from King & Wood Mallesons reports that, on November 2, 2023, the Australian Information Commissioner filed proceedings in the Federal Court of Australia against Australian Clinical Labs Limited seeking a civil penalty ( i.e. , a fine) in connection with the company’s response to a data breach that occurred in February 2022.

Data breaches 128

Data breaches Privacy Risk Information Security 128

Security Affairs

MARCH 13, 2024

Acer Philippines disclosed a data breach after employee data was leaked by a threat actor on a hacking forum. Acer Philippines confirmed that employee data was compromised in an attack targeting a third-party service provider. The hacked third-party company manages the Acer employee attendance data.

Data breaches 120

Data breaches Computer and Electronics Ransomware Sales 120

Security Affairs

JUNE 12, 2021

An authentication bypass vulnerability in the polkit auth system service, tracked as CVE-2021-3560 , which is used on most Linux distros can allow an unprivileged attacker to get a root shell. ” reads the description published by the security advisory. ” reads the description published by the security advisory.

Authentication 140

Authentication Security IT Cybersecurity 140

Security Affairs

DECEMBER 31, 2022

Researchers from Jama Network analyzed trends in ransomware attacks on US hospitals, clinics, and health care delivery organizations between 2016 and 2021. The researchers calculated the operational disruption duration and other data related to the attacks. million in 2021. ” reads the report published by Jama Network.

Ransomware 94

Ransomware Access Security IT 94

Hunton Privacy

JUNE 16, 2021

After two rounds of public comments, the Data Security Law of the People’s Republic of China (the “DSL”) was formally issued on June 10, 2021, and will become effective on September 1, 2021. The DSL will apply to data recorded in electronic and other forms. Data Security Policies. Applicable Scope.

Security 114

Security Education Government Cybersecurity 114

Security Affairs

JULY 20, 2021

Experts warn of a 16-year-old vulnerability (CVE-2021-3438) in an HP, Xerox, and Samsung printers driver that an attacker could exploit to gain admin rights on systems. The vulnerability, tracked as CVE-2021-3438 , is a buffer overflow that resides in the SSPORT.SYS driver which is used by some printer models.

Encryption 122

Encryption Security Access IT 122

Security Affairs

NOVEMBER 11, 2021

Palo Alto Networks disclosed a critical remote code execution vulnerability, tracked as CVE-2021-3064 , in its GlobalProtect portal and gateway interfaces. “CVE-2021-3064 is a buffer overflow that occurs while parsing user-supplied input into a fixed-length location on the stack. 2021-11-10: This report was published.

Access 114

Access Cybersecurity Security IT 114

Security Affairs

JANUARY 17, 2022

Zoho addressed a new critical severity flaw (CVE-2021-44757) that affects its Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions. Zoho fixed a new critical severity flaw, tracked as CVE-2021-44757, that affects its Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions.

Authentication 108

Authentication Security IT Cybersecurity 108

Security Affairs

JULY 7, 2024

Today marks the launch of the Security Affairs newsletter, specializing in Malware. This newsletter complements the weekly one you already receive. Each week, it will feature a collection of the best articles and research on malware.

Security 105

Security Ransomware Government IT 105

Security Affairs

SEPTEMBER 2, 2021

Threat actors were spotted exploiting the CVE-2021-26084 vulnerability in Atlassian’s Confluence enterprise collaboration product a few days after it was patched by the vendor. Last week, Atlassian released security patches to address the critical CVE-2021-26084 flaw that affects the Confluence enterprise collaboration product.

Authentication 102

Authentication Security IT Information Security 102

Security Affairs

DECEMBER 8, 2021

The Mirai -based Moobot botnet is rapidly spreading by exploiting a critical command injection flaw, tracked as CVE-2021-36260 , in the webserver of several Hikvision products. The Moobot was first documented by Palo Alto Unit 42 researchers in February 2021, the recent attacks demonstrated that its authors are enhancing their malware.

IoT 131

IoT Access Risk IT 131

IG Guru

MAY 19, 2021

Some information required to download report. The post Verizon’s Data Breach Investigations Report (DBIR) 2021 Available appeared first on IG GURU. Check out the 119 page report here.

Data breaches 70

Data breaches Information governance Risk Compliance 70

Security Affairs

OCTOBER 26, 2021

“Unknown cyber criminals using Ranzy Locker ransomware had compromised more than 30 US businesses as of July 2021. The victims include the construction subsector of the critical manufacturing sector, the academia subsector of the government facilities sector, the information technology sector, and the transportation sector.”

Ransomware 136

Ransomware Manufacturing Access Phishing 136

eSecurity Planet

MAY 3, 2022

Databases contain some of the most critical data in enterprises, so vulnerabilities in them are serious issues. From Q1 2021 to Q1 2022, the team discovered 399,200 exposed databases due to those efforts. Also read: Database Security: 7 Best Practices & Tips. ” See our picks for the Top Database Security Solutions.

Security 128

Security Risk Information Security Data breaches 128

Security Affairs

DECEMBER 15, 2021

Microsoft December 2021 Patch Tuesday addresses 67 vulnerabilities, including an actively exploited Windows Installer vulnerability. One of the vulnerabilities fixed by Microsoft, tracked as CVE-2021-43890 , is under active exploitation. Yes No EoP CVE-2021-43883 Windows Installer Elevation of Privilege Vulnerability Important 7.1

IoT 107

IoT Encryption Access Phishing 107

Security Affairs

OCTOBER 9, 2023

Flagstar Bank announced a data breach suffered by a third-party service provider exposed the personal information of over 800,000 US customers. Flagstar Bank is warning 837,390 US customers that their personal information was exposed after threat actors breached the third-party service provider Fiserv.

Data breaches 123

Data breaches Sales Ransomware Cybersecurity 123

Security Affairs

SEPTEMBER 8, 2024

Every week the best security articles from Security Affairs are free in your email box. A new round of the weekly SecurityAffairs newsletter arrived! Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Security 101

Security Data breaches Artificial Intelligence Ransomware 101

Security Affairs

JUNE 22, 2021

DirtyMoe is a Windows botnet that is rapidly growing, it passed from 10,000 infected systems in 2020 to more than 100,000 in the first half of 2021. Experts pointed out that the number of infected systems could be far greater because data provided by AVAST are only related to systems running their antivirus solution.

Mining 136

Mining Passwords Communications IT 136

Security Affairs

DECEMBER 19, 2022

The Glupteba botnet is back, researchers reported a surge in infection worldwide after Google disrupted its operation in 2021. In December 2021, Google announced it has taken down the infrastructure operated by the Glupteba botnet, it also sued Russian nationals Dmitry Starovikov and Alexander Filippov for creating and operating the botnet.

Blockchain 104

Blockchain IT Mining Security 104

Security Affairs

NOVEMBER 22, 2021

GoDaddy suffered a data breach that impacted up to 1.2 GoDaddy discloses a data breach that impacted up to 1.2 Threat actors compromised the company network since at least September 6, 2021, but the security breach was only discovered by the company on November 17. SecurityAffairs – hacking, data breach).

Data breaches 130

Data breaches Passwords Access Phishing 130

Security Affairs

JULY 6, 2021

Positive Technologies researcher Nikita Abramov has provided details about the CVE-2021-20026 command injection vulnerability that affects SonicWall’s Network Security Manager (NSM) product. R10-H1 and earlier, the security vendor addressed it with the release of NSM 2.2.1-R6 The vulnerability rated with an 8.8 R6 and 2.2.1-R6

Authentication 113

Authentication Security Access IT 113