Security Affairs

APRIL 11, 2022

Easy Appointments contained a very dangerous Broken Access Control vulnerability tracked as CVE-2022-0482 that was exposing PII. Another day, another threat to your data. The vulnerability allows unauthenticated actors, to access private users’ data stored in the target system, due to a pitfall in the API permissions check.

Security 87

Security Cybersecurity Libraries Access 87

Krebs on Security

APRIL 27, 2023

A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. A researcher found DC Health had five Salesforce Community sites exposing data.

Access 295

Access Information Security Authentication Communications 295

Security Affairs

JULY 30, 2024

A new version of the Mandrake Android spyware has been found in five apps on Google Play, which have been downloaded over 32,000 times since 2022. Researchers from Kaspersky discovered a new version of the Mandrake Android spyware in five app on Google Play, totaling over 32,000 downloads between 2022 and 2024.

Libraries 115

Libraries Communications Encryption IT 115

Security Affairs

JUNE 12, 2022

Ransomware gangs are actively exploiting CVE-2022-26134 remote code execution (RCE) flaw in Atlassian Confluence Server and Data Center. Multiple ransomware groups are actively exploiting the recently disclosed remote code execution (RCE) vulnerability, tracked as CVE-2022-26134 , affecting Atlassian Confluence Server and Data Center.

Ransomware 132

Ransomware Cybersecurity Encryption Security 132

IT Governance

OCTOBER 27, 2022

A new version of ISO 27001 was published this week, introducing several significant changes in the way organisations are expected to manage information security. The good news for organisations is that ISO 27001:2022 doesn’t drastically overhaul their compliance requirements. What’s changing?

IT 114

IT Information Security Compliance Security 114

Security Affairs

OCTOBER 23, 2024

Data Security Posture Management (DSPM) helps organizations address evolving data security and privacy requirements by protecting and managing sensitive information. However, the proliferation of such workloads and the data within creates a complex web of data sprawl that is challenging to navigate and manage.

Data Privacy 101

Data Privacy Privacy GDPR Compliance 101

Security Affairs

JUNE 5, 2022

Proof-of-concept exploits for the critical CVE-2022-26134 vulnerability in Atlassian Confluence and Data Center servers are available online. Proof-of-concept exploits for the critical CVE-2022-26134 flaw, affecting Atlassian Confluence and Data Center servers, have been released. 23 unique IPs so far.

Cybersecurity 128

Cybersecurity IoT Security IT 128

Security Affairs

MAY 1, 2023

In 2022, Google prevented 1.43 million policy-violating applications from being published on Google Play in 2022. Google announced that its successes are the results of improved security features and policy enhancements in combination with its continuous investments in machine learning systems and app review processes.

Education 93

Education Security Privacy IT 93

Security Affairs

DECEMBER 29, 2022

NCC Group’s Fox-IT research team warns of thousands of Citrix ADC and Gateway endpoints remain vulnerable to two critical vulnerabilities, tracked as CVE-2022-27510 and CVE-2022-27518 (CVSS scores: 9.8), that the company addressed in recent months. Citrix addressed the flaw on November 8, 2022. Pierluigi Paganini.

Cloud 97

Cloud Authentication Access IT 97

Security Affairs

FEBRUARY 9, 2022

Microsoft February 2022 Patch Tuesday security updates addressed 51 flaws in multiple products, including a zero-day bug. Microsoft February 2022 Patch Tuesday also addressed a publicly disclosed Elevation of Privilege zero-day in Windows Kernel tracked as CVE-2022-21989. both received a CVSS score of 8.8.

Security 84

Security Libraries Access IT 84

Hunton Privacy

NOVEMBER 15, 2023

Patrick Gunning from King & Wood Mallesons reports that, on November 2, 2023, the Australian Information Commissioner filed proceedings in the Federal Court of Australia against Australian Clinical Labs Limited seeking a civil penalty ( i.e. , a fine) in connection with the company’s response to a data breach that occurred in February 2022.

Data breaches 128

Data breaches Privacy Risk Information Security 128

IT Governance

MAY 24, 2022

Organisations must always look for cost-effective ways to address the cyber security risks they face. With more than 1,200 publicly disclosed data breaches last year , and organisations spending almost £3 million on average responding to security incidents , effective risk management is a top priority.

Insurance 130

Insurance Data breaches GDPR Ransomware 130

Hunton Privacy

JUNE 9, 2022

On May 27, 2022, Vermont Governor Phil Scott signed H.515 515 , making Vermont the twenty-first state to enact legislation based on the National Association of Insurance Commissioners Insurance Data Security Model Law (“MDL-668”). Information Security Program Requirements.

Insurance 107

Insurance Security Information Security Cybersecurity 107

Security Affairs

JANUARY 2, 2023

These are the most-read cybersecurity articles that have been published by SecurtiyAffairs in 2022. 2 – Updated: Data of 400 Million Twitter users up for sale. A threat actor is claiming they have obtained data of 400,000,000 Twitter users and is offering it for sale. Pierluigi Paganini.

Cybersecurity 79

Cybersecurity Sales Access Security 79

Security Affairs

APRIL 7, 2022

Experts discovered a vulnerability, tracked as CVE-2022-22292, which can be exploited to compromise Android 9, 10, 11, and 12 devices. Researchers from mobile cybersecurity firm Kryptowire discovered a vulnerability, tracked as CVE-2022-22292 , in Android 9, 10, 11, and 12 devices. ” reads the advisory published by Kryptowire.

Cybersecurity 134

Cybersecurity Security Access Information Security 134

Security Affairs

OCTOBER 14, 2022

Researchers disclosed details of a now-patched flaw, tracked as CVE-2022-37969, in Windows Common Log File System (CLFS). The CVE-2022-37969 (CVSS score: 7.8) Microsoft fixed it with the release of September 2022 Patch Tuesday security updates, the company also states it has been actively exploited in the wild. “An

Metadata 145

Metadata Security IT Access 145

IT Governance

MARCH 1, 2022

The cyber security industry, much like the rest of the world, is on edge. Our figures for this month are comparatively low – with 83 data breaches and cyber attacks accounting for 5,127,241 breached records – but there is a sense that we are on the brink of something. Data breaches. Financial information. Cyber attacks.

Data breaches 134

Data breaches Ransomware Government Blockchain 134

Security Affairs

AUGUST 9, 2022

Microsoft Patch Tuesday security updates for August 2022 addressed a zero-day attack remote code execution vulnerability in Windows. Most of the flaws, 64, are escalation of privilege issues, followed by remote code execution, 31, and 12 information disclosure. No No RCE CVE-2022-34716.NET No No RCE CVE-2022-34716.NET

Security 126

Security Cloud IT Information Security 126

Security Affairs

MARCH 8, 2022

Microsoft March 2022 Patch Tuesday security updates address 89 vulnerabilities in multiple products, including 3 zero-days. Three flaws addressed by the Microsoft March 2022 Patch Tuesday security updates are zero-day issues, and for two of them, CVE-2022-21990 and CVE-2022-24459, public exploits are available.

Libraries 104

Libraries IoT Security Cloud 104

IT Governance

SEPTEMBER 12, 2024

But for all its potential, there are legitimate concerns around, among other things, data security. Bridget Kenyon is the CISO (chief information security officer) for SSCL, a member of the UK Advisory Council for (ISC) 2 , and a Fellow of the Chartered Institute of Information Security.

Risk 86

Risk Security Education Information Security 86

Security Affairs

FEBRUARY 27, 2023

Data allegedly stolen from the American gaming giant Activision in December security breach were leaked on a cybercrime forum. A threat actor leaked on the Breached hacking forum the data allegedly stolen from the gaming giant Activision in December 2022. Activision was breached December 4th, 2022.

Phishing 90

Phishing Data breaches Information Security Security 90

Security Affairs

MARCH 21, 2023

Experts warn that 55 zero-day vulnerabilities were exploited in attacks carried out by ransomware and cyberespionage groups in 2022. “Products from Microsoft, Google, and Apple made up the majority of zero-day vulnerabilities in 2022, consistent with previous years. ” reads the report published by Mandiant.

Ransomware 85

Ransomware Access Cybersecurity Risk 85

Security Affairs

JANUARY 31, 2023

Horizon3 security researchers released proof-of-concept (PoC) code for VMware vRealize Log Insight RCE vulnerability CVE-2022-31706. Last week, researchers from Horizon3’s Attack Team announced the release of PoC exploit code for remote code execution in VMware vRealize Log tracked as CVE-2022-31706 (CVSS base 9.8/10).

Analytics 93

Analytics Authentication Access Security 93

Security Affairs

OCTOBER 12, 2022

Microsoft Patch Tuesday security updates for October 2022 addressed a total of 85 security vulnerabilities, including an actively exploited zero-day. It is interesting to note that the security patches don’t address the Exchange Server issues, despite two MS Exchange flaws being actively exploited in the wild.

Security 113

Security IT Information Security 113

IG Guru

DECEMBER 10, 2021

CompTIA Data+ will launch in Q1 2022.CompTIA CompTIA Data+ gives you the confidence to bring data analysis to life. As the importance for data analytics grows, more job roles are required to set context and better communicate vital business intelligence. CompTIA Data+ validates […].

Analytics 78

Analytics Communications Education Information governance 78

Security Affairs

NOVEMBER 1, 2022

KELA identified around 600 victims by analyzing ransomware actors’ blogs and negotiation portals, data leak sites and public reports. Compared to the second quarter of 2022, the activity decreased by 8%, falling from July to August but increasing from August to September. ” continues the report. ” concludes the report.

Sales 101

Sales Access Ransomware Security 101

IT Governance

JULY 18, 2024

Practical insight from an ISO 27001 consultant With ISO 27001:2013 certification now unavailable, organisations must transition to the 2022 standard for their ISO 27001 certification to remain valid. ISO 27001:2022 also introduced new controls, and merged many of the existing ones. What are some of the challenges organisations face?

Compliance 59

Compliance Information Security Risk Security 59

Security Affairs

JUNE 29, 2022

The MITRE organization published the 2022 CWE Top 25 most dangerous software weaknesses. The MITRE shared the list of the 2022 top 25 most common and dangerous weaknesses, it could help organizations to assess internal infrastructure and determine their surface of attack. 0 +4 12 CWE-502 Deserialization of Untrusted Data 6.68

Authentication 98

Authentication Education Cybersecurity Security 98

Security Affairs

AUGUST 3, 2023

CISA, the FBI, and NSA, along with Five Eyes cybersecurity agencies published a list of the 12 most exploited vulnerabilities of 2022. CISA, the NSA, and the FBI, in collaboration with cybersecurity authorities from Australia, Canada, New Zealand, and the United Kingdom, have published a list of the 12 most exploited vulnerabilities of 2022.

Authentication 88

Authentication Cybersecurity Access Risk 88

Security Affairs

JANUARY 17, 2022

The pre-release announcement for Critical Patch Update (CPU) for January 2022 states that Oracle will fix 483 new flaws. This pre-release announcement for Critical Patch Update (CPU) for January 2022 confirms that Oracle security updates will address 483 new security patches. Pierluigi Paganini.

Communications 111

Communications Financial Services Big data Retail 111

Security Affairs

MAY 11, 2022

US Critical Infrastructure Security Agency (CISA) adds critical CVE-2022-1388 flaw in F5 BIG-IP products to its Known Exploited Vulnerabilities Catalog. Cybersecurity and Infrastructure Security Agency (CISA) has added critical CVE-2022-1388 flaw in F5 BIG-IP products to its Known Exploited Vulnerabilities Catalog.

IT 109

IT Cybersecurity Access Security 109

Data Matters

JUNE 23, 2022

Kentucky and Maryland recently continued the trend of state insurance departments adopting some version of the National Association of Insurance Commissioners’ (“NAIC”) Insurance Data Security Model Law. The post Kentucky and Maryland Recently Joined Other States in Adopting NAIC Model Data Security Law.

Insurance 100

Insurance Security Cybersecurity Information Security 100

Security Affairs

JANUARY 12, 2023

Fortinet researchers reported how threat actors exploited the recently patched FortiOS SSL-VPN vulnerability ( CVE-2022-42475 ) in attacks against government organizations and government-related targets. The CVE-2022-42475 flaw is a heap-based buffer overflow issue that resides in FortiOS sslvpnd. “A If libps.bak is named libips.so

Government 93

Government Marketing Security IT 93

Security Affairs

DECEMBER 7, 2022

The Pwn2Own Toronto 2022 hacking competition has begun, this is the 10th anniversary of the consumer-focused version of the contest. The news of the Samsung Galaxy S22 hack on the first day of Pwn2Own Toronto 2022 made the headlines. Pwn2Own #P2OToronto pic.twitter.com/ZNHtF7wmUc — Zero Day Initiative (@thezdi) December 6, 2022.

Security 95

Security Data breaches Information Security IT 95

Security Affairs

FEBRUARY 26, 2023

In February 2022, the American media and publishing giant News Corp revealed it was the victim of a cyber attack from an advanced persistent threat actor that took place in January 2022. Now News Corp revealed that the threat actor behind the security breach first gained a foothold in the company infrastructure in February 2020.

IT 92

IT Data breaches Insurance Cybersecurity 92

IT Governance

OCTOBER 3, 2024

In this blog Security challenges of the Cloud Legal and contractual requirements Who’s responsible for what? Further reading: Senior penetration tester Leon Teale gives his top security tips for remote working in this interview. Think you understand Cloud security? However, innovation comes with risk.

Cloud 99

Cloud Risk Security GDPR 99

Security Affairs

JULY 30, 2023

Google’s Threat Analysis Group Google states that more than 40% of zero-day flaws discovered in 2022 were variants of previous issues. The popular Threat Analysis Group (TAG) Maddie Stone wrote Google’s fourth annual year-in-review of zero-day flaws exploited in-the-wild [ 2021 , 2020 , 2019 ], it is built off of the mid-year 2022 review.

IT 90

IT Security Information Security 90