Krebs on Security

NOVEMBER 9, 2021

today released updates to quash at least 55 security bugs in its Windows operating systems and other software. Microsoft’s revised, more sparse security advisories don’t offer much detail on what exactly is being bypassed in Excel with this flaw. As Exchange zero-days go, CVE-2021-42321 appears somewhat mild by comparison.

Passwords 288

Passwords Authentication Security Ransomware 288

Krebs on Security

DECEMBER 14, 2021

Microsoft , Adobe , and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that is already being actively exploited. Kevin Breen , director of threat research for Immersive Labs, said CVE-2021-43905 stands out of this month’s patch batch.

Libraries 314

Libraries Cybersecurity Data breaches Cloud 314

Krebs on Security

SEPTEMBER 14, 2021

Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Finally, Adobe has released critical security updates for Acrobat , Reader and a slew of other software.

Security 58

Security IT 58

Krebs on Security

MARCH 9, 2021

On the off chance you were looking for more security to-dos from Microsoft today…the company released software updates to plug more than 82 security flaws in Windows and other supported software. In the ENKI blog post, the researchers said they will publish proof-of-concept (PoC) details after the bug has been patched.

Security 347

Security IT Access 347

Krebs on Security

MAY 11, 2021

Microsoft today released fixes to plug at least 55 security holes in its Windows operating systems and other software. By all accounts, the most pressing priority this month is CVE-2021-31166 , a Windows 10 and Windows Server flaw which allows an unauthenticated attacker to remotely execute malicious code at the operating system level.

Encryption 316

Encryption Authentication Ransomware IT 316

Krebs on Security

JANUARY 13, 2021

Microsoft today released updates to plug more than 80 security holes in its Windows operating systems and other software, including one that is actively being exploited and another which was disclosed prior to today. So, while CVE-2021-1709 is only rated as [an information exposure flaw] by Microsoft it should be prioritized for patching.”

Marketing 290

Marketing Security IT Access 290

Krebs on Security

JUNE 8, 2021

Microsoft today released another round of security updates for Windows operating systems and supported software, including fixes for six zero-day bugs that malicious hackers already are exploiting in active attacks. June’s Patch Tuesday addresses just 49 security holes — about half the normal number of vulnerabilities lately.

Security 338

Security Ransomware Phishing Cloud 338

Data Breach Today

JANUARY 8, 2024

State AG Settlement Comes After 2021 Lorenz Ransomware Attack on Health Center A federally funded health center that provides services to underserved communities in New York has been fined up to $450,000 and must invest $1.2

Security 285

Security Ransomware IT 285

Krebs on Security

OCTOBER 31, 2021

The vulnerability disclosure was coordinated with multiple organizations, some of whom are now releasing updates to address the security weakness. “Such code copying is a significant source of real-world security exploits.” Additional security advisories from other affected languages will be added as updates here.

Security 363

Security Paper Information Security IT 363

The Last Watchdog

NOVEMBER 3, 2021

The recognition comes from Cyber Security Hub, a website sponsored by IQPC Digital. We’ve been named one of the Top 10 cybersecurity webzines in 2021. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be. I’ll keep watch and keep reporting.

Cybersecurity 278

Cybersecurity Privacy Data breaches Ransomware 278

Data Breach Today

APRIL 23, 2021

Cisco Study Reveals Areas Where SMBs Outrank Large Organizations Cisco recently released the 2021 Security Outcomes Study - Small and Midsize Business (SMB) Edition, which revealed a number of somewhat surprising findings about SMBs and how they compare to their larger counterparts.

Security 304

Security 304

The Last Watchdog

JUNE 13, 2022

Investors more than doubled down in 2021, increasing investment by about 145 percent. Securing APIs. The SolarWinds attack made API supply chain security a front-page story in 2020. The Log4j vulnerability reported at the end 2021 heightened concern even more. Related: Taking API proliferation seriously.

Cybersecurity 257

Cybersecurity Data science Artificial Intelligence Marketing 257

The Last Watchdog

DECEMBER 16, 2021

In 2021, law enforcement continued making a tremendous effort to track down, capture and arrest ransomware operators, to take down ransomware infrastructure, and to claw back ransomware payments. IT teams have a different perspective than security teams; they want to make sure that things go fast, so they try to remove any source of friction.

Ransomware 262

Ransomware Risk Authentication Access 262

Data Breach Today

APRIL 19, 2022

Thom Bailey of Mimecast on Ransomware, Resilience and Emerging Tech Mimecast has released its latest State of Email Security Report, and it finds that 75% of companies were hurt by ransomware attacks in 2021 - up from 60% in 2020.

Security 262

Security Ransomware IT 262

Krebs on Security

JULY 7, 2021

Microsoft on Tuesday issued an emergency software update to quash a security bug that’s been dubbed “ PrintNightmare ,” a critical vulnerability in all supported versions of Windows that is actively being exploited. Friendly reminder: It’s always a good idea to backup your data before applying security updates.

Security 356

Security IT 356

Krebs on Security

APRIL 26, 2021

Last week, KrebsOnSecurity heard from a reader who had his freeze thawed without authorization through Experian’s website, and it reminded me of how truly broken authentication and security remains in the credit bureau space. “They’re allowing this huge security gap so they can make a profit. .”

Security 350

Security Authentication Access Insurance 350

Krebs on Security

SEPTEMBER 8, 2021

According to a security advisory from Redmond, the security hole CVE-2021-40444 affects the “MSHTML” component of Internet Explorer (IE) on Windows 10 and many Windows Server versions. On June’s Patch Tuesday, Microsoft addressed six zero-day security holes. Microsoft Corp.

Security 355

Security IT 355

Krebs on Security

MARCH 2, 2021

today released software updates to plug four security holes that attackers have been using to plunder email communications at companies that use its Exchange Server products. The patches released today fix security problems in Microsoft Exchange Server 2013 , 2016 and 2019. Microsoft Corp. Microsoft credited researchers at Reston, Va.

Education 326

Education Access Authentication Communications 326

Krebs on Security

JANUARY 9, 2023

Identity thieves have been exploiting a glaring security weakness in the website of Experian , one of the big three consumer credit reporting bureaus. All that was needed was the person’s name, address, birthday and Social Security number. billion each quarter collecting and selling gobs of our personal and financial information.

Security 358

Security Authentication Mining Cybersecurity 358

Data Breach Today

JANUARY 12, 2024

ReproSource Also Agrees to Beef Up Security in Wake of 2021 Ransomware Attack A fertility testing laboratory has agreed to improve its data security practices and pay up to $1.25

Ransomware 290

Ransomware Security IT 290

The Last Watchdog

DECEMBER 2, 2021

The ongoing battle to secure data from highly sophisticated ransomware gangs like REvil and others continues to rage on, despite recent news that these groups have disbanded in response to pressure from law enforcement. The short answer is they can’t, especially if they stick to the same security approach they’ve been using for years.

Ransomware 262

Ransomware Cybersecurity Risk Encryption 262

Data Breach Today

JANUARY 24, 2023

Growing Empire: Microsoft's Security Revenue Up 33% Since 2021, 100% Since 2020 The world's largest cybersecurity vendor continues to pull away from the competition, with Microsoft's security sales surpassing $20 billion in 2022 after 33% annual growth.

Sales 208

Sales Security Cloud Cybersecurity 208

Krebs on Security

JANUARY 8, 2022

KG is a German multinational software company best known for their Avira Free Security (a.k.a. In January 2021, Avira was acquired by Tempe, Ariz.-based In August 2021, NortonLifeLock said it had reached an agreement to acquire Avast , another longtime free antivirus product that also claims to have around 500 million users.

Mining 362

Mining Privacy IT Security 362

Data Breach Today

SEPTEMBER 3, 2021

Cybersecurity and Infrastructure Security Agency issued alerts Friday warning those using Atlassian's Confluence and Data Center products that attackers are actively exploiting the critical remote code execution vulnerability CVE-2021-26084. Cyber Command and CISA Issue Alerts Cyber Command and the U.S.

Cybersecurity 338

Cybersecurity Security 338

Data Breach Today

FEBRUARY 5, 2021

The latest edition of the ISMG Security Report features an analysis of the persistent threat of ransomware. Also featured: Sorting out breaches tied to Accellion’s File Transfer Appliance; an update on fraud trends in 2021.

Ransomware 325

Ransomware Security 325

Data Breach Today

MARCH 23, 2021

Acting Director Describes Latest Steps in Battle Against Ransomware The Cybersecurity and Infrastructure Security Agency will soon use its new subpoena powers authorized under the 2021 National Defense Authorization Act to help in the battle against ransomware attacks and other cyberthreats, says Brandon Wales, the acting agency director.

Ransomware 328

Ransomware Cybersecurity Security IT 328

Krebs on Security

JANUARY 19, 2023

Securities and Exchange Commission , T-Mobile said a “bad actor” abused an application programming interface (API) to hoover up data on roughly 37 million current postpaid and prepaid customer accounts. Last year, T-Mobile agreed to pay $500 million to settle all class action lawsuits stemming from the 2021 breach.

Data breaches 339

Data breaches Cybersecurity Passwords Phishing 339

Data Breach Today

MAY 18, 2021

NSC Adviser Outlines Administration's Cybersecurity Priorities at RSA 2021 The threat posed by ransomware attacks, including the growth of cybercriminal cartels, double extortion schemes and big game hunting targeting larger organizations, requires an international response, Anne Neuberger, the deputy national security adviser for cyber and emerging (..)

Ransomware 289

Ransomware Cybersecurity Security 289

Data Breach Today

JANUARY 17, 2024

Closing Time for Alcohol Delivery Service Follows Fed Crackdown for Poor Security It's last call for Drizly, the alcohol delivery service Uber bought for $1.1 billion in 2021.

Data breaches 289

Data breaches Cybersecurity Security IT 289

Data Breach Today

SEPTEMBER 17, 2021

Researchers Say OMIGOD Vulnerability Can Give Attackers Root Privileges The Mirai botnet is actively exploiting the known vulnerability CVE-2021-38647, which is part of a quarter of vulnerabilities dubbed OMIGOD, in Microsoft's Azure Linux Open Management Infrastructure framework, according to Kevin Beaumont, head of the security operations center (..)

Security 317

Security 317

Krebs on Security

JULY 8, 2021

Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. Now it appears Kaseya’s customer service portal was left vulnerable until last week to a data-leaking security flaw that was first identified in the same software six years ago.

IT 326

IT Ransomware Systems administration Authentication 326

Data Breach Today

FEBRUARY 6, 2024

US Joint Cyber Defense Collaborative Suffering From 'Growing Pains,' Experts Say The Cybersecurity and Infrastructure Security Agency launched a public-private sector collaborative in 2021 to help unify cyber defenses between government and industry, but experts testified Tuesday that the program is suffering from "growing pains" that are hindering (..)

Cybersecurity 277

Cybersecurity Government Security IT 277

Security Affairs

JUNE 20, 2024

A China-linked cyber espionage group has compromised telecom operators in an Asian country since at least 2021. The Symantec Threat Hunter Team reported that an alleged China-linked APT group has infiltrated several telecom operators in a single, unnamed, Asian country at least since 2021.

Communications 140

Communications Encryption IT Information Security 140

Krebs on Security

DECEMBER 13, 2021

The consulting firm PricewaterhouseCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system. Ireland’s Health Service Executive (HSE), which operates the country’s public health system, got hit with Conti ransomware on May 14, 2021.

Ransomware 306

Ransomware Cybersecurity Phishing Security 306

Data Breach Today

FEBRUARY 2, 2024

Log4Shell burst into public awareness in late 2021 when security researchers identified a flaw in the ubiquitous Apache Log4J 2 Java library.

Libraries 269

Libraries Security 269

Krebs on Security

JANUARY 11, 2022

Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. In May 2021, Microsoft patched a similarly critical and wormable vulnerability in the HTTP Protocol Stack; less than a week later, computer code made to exploit the flaw was posted online. .” ” Quickly indeed.

Libraries 281

Libraries Security Access IT 281