Security Affairs

JANUARY 31, 2025

Broadcom addressed the following vulnerabilities in VMware Aria Operations and Aria Operations for Logs: CVE-2025-22218 (CVSS score 8.5) CVE-2025-22219 (CVSS score: 6.8) CVE-2025-22220 (CVSS score: 4.3) – is a privilege escalationvulnerability. CVE-2025-22222 (CVSS score: 7.7) VMware Aria Operations Version 8.18.3

Authentication 266

Authentication Cloud Cybersecurity Access 266

Security Affairs

JANUARY 24, 2025

SonicWall is waring customers of a critical security vulnerability, tracked as CVE-2025-23006 (CVSS score of 9,8) impacting its Secure Mobile Access (SMA) 1000 Series appliances. Refer to the SMA1000 Administration Guide, section – Best Practices for Securing the Appliance.” ” reads the advisory.

Authentication 183

Authentication Access Passwords Security 183

Security Affairs

MARCH 12, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds six Microsoft Windowsflaws to its Known Exploited Vulnerabilities catalog. CVE-2025-24984 (CVSS 4.6): An NTFS information disclosure flaw that lets attackers with physical access and a malicious USB device read portions of heap memory. A few days ago, U.S.

IT 171

IT Cybersecurity Access Security 171

Security Affairs

MARCH 24, 2025

Medusa ransomware uses a malicious Windows driver ABYSSWORKER to disable security tools, making detection and mitigation more difficult. Elastic Security Labs tracked a financially driven MEDUSA ransomware campaign using a HEARTCRYPT-packed loader and a revoked certificate-signed driver, ABYSSWORKER, to disable EDR tools.

Ransomware 219

Ransomware Security IT Access 219

Security Affairs

JANUARY 24, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA1000 vulnerability to its Known Exploited Vulnerabilities catalog. This week, SonicWall warned customers of a critical security vulnerability, tracked as CVE-2025-23006 (CVSS score of 9,8) impacting its Secure Mobile Access (SMA) 1000 Series appliances.

IT 245

IT Authentication Cybersecurity Access 245

Security Affairs

MARCH 20, 2025

In March 2025, threat actors distributed archived messages through Signal. CERT-UA’s report states that the UAC-0200 activity has been tracked since summer 2024, with recent decoy messages (since February 2025) focusing on UAVs and electronic warfare.

Computer and Electronics 270

Computer and Electronics Archiving Passwords Government 270

Security Affairs

APRIL 2, 2025

The three vulnerabilities are: CVE-2025-24085 (CVSS score: 7.3) – In January, Apple released security updates to address 2025s first zero-day vulnerability, tracked as CVE-2025-24085 , actively exploited in attacks targeting iPhone users. Apples USB Restricted Mode is a security feature introduced in iOS 11.4.1

Security 153

Security Access IT Information Security 153

Security Affairs

MARCH 13, 2025

GitLab released security updates to address critical vulnerabilities in Community Edition (CE) and Enterprise Edition (EE). The company addressed nine vulnerabilities, including the two critical ruby-saml authentication bypass issues respectively tracked as CVE-2025-25291 and CVE-2025-25292. GitLab CE/EE versions 17.7.7,

Authentication 171

Authentication Libraries Data breaches Security 171

Security Affairs

MARCH 24, 2025

React framework addressed a critical vulnerability tracked as CVE-2025-29927 (CVSS score of 9.1) has been released to address a security vulnerability ( CVE-2025-29927 ). Maintainers of Next.js with the release of versions versions 12.3.5, 14.2.25, and 15.2.3. “Next.js version 15.2.3 ” reads the advisory.

Cybersecurity 175

Cybersecurity Risk Access Security 175

Security Affairs

JANUARY 15, 2025

Microsoft Patch Tuesday security updates for January 2025 addressed 161 vulnerabilities, including three actively exploited issues. ZDI researchers pointed out that this is the largest number of vulnerabilities addressed in by Microsoft montly security updates since 2017. are actively exploited in the wild.

Authentication 246

Authentication Security 246

Security Affairs

MARCH 20, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds Edimax IC-7100 IP Camera, NAKIVO,and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog. Akamai researchers discovered the vulnerability, and the cyber security firm confirmed ([ 1 ],[ 2 ]) that the flaw is actively exploited in the wild.

IT 179

IT Cybersecurity Risk Security 179

Security Affairs

JANUARY 30, 2025

TeamViewer released security patches for a high-severity elevation of privilege vulnerability, tracked as CVE-2025-0065 (CVSS score of 7.8), in its remote access solutions for Windows. TeamViewer has patched a high-severity privilege escalation vulnerability affecting its Windows client and host applications. for Windows.

Access 281

Access IT Security Information Security 281

Collaboration 2.0

MARCH 13, 2025

AI-powered cyber threats are reshaping security landscapes. Businesses that don't evolve will be vulnerable to increasingly sophisticated attacks - here's how to stay ahead.

Security 320

Security 320

Security Affairs

MARCH 5, 2025

The agency revealed that it has disconnected its infrastructure to contain the attack and secure data, a circumstance that suggests it was the victim of a ransomware attack. To secure data after the breach, POLSA’s network was immediately disconnected from the internet. “A cybersecurity incident has occurred at POLSA.

IT 258

IT Ransomware Cybersecurity Security 258

Security Affairs

JANUARY 30, 2025

After responsible disclosure, DeepSeek promptly secured the issue. Researchers discovered two unusual open ports (8123 and 9000) on DeepSeek’s servers, which provided access to a publicly exposed ClickHouse database without authentication, raising significant security concerns. ” reads the report published by Wiz.

Metadata 302

Metadata Authentication Access Passwords 302

Data Breach Today

OCTOBER 28, 2024

Forrester's Cody Scott on Why 2025 Will Be Pivotal for Security Leaders Forrester's 2025 Predictions for Cybersecurity, Risk and Privacy report forecasts that security leaders will scale back generative AI investments by 10%.

Privacy 225

Privacy Cybersecurity Risk Security 225

Security Affairs

MARCH 31, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco Smart Licensing Utility vulnerability, tracked as CVE-2024-20439 , to its Known Exploited Vulnerabilities (KEV) catalog.

IT 275

IT Cybersecurity Access Passwords 275

Security Affairs

FEBRUARY 6, 2025

Cisco addressed multiple vulnerabilities, including two critical remote code execution flaws, tracked as CVE-2025-20124 (CVSS score of 9.9) and CVE-2025-20125 (CVSS score of 9.1), in Identity Services Engine (ISE). “This vulnerability is due to insecure deserialization of user-supplied Java byte streams by the affected software.”

IT 193

IT Authentication Information Security Security 193

Security Affairs

FEBRUARY 23, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Power Pages vulnerability to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added a Microsoft Power Pages vulnerability, tracked as CVE-2025-24989 , to its Known Exploited Vulnerabilities (KEV) catalog.

IT 166

IT Cybersecurity Risk Access 166

Security Affairs

FEBRUARY 11, 2025

Microsoft Patch Tuesday security updates for February 2025 addressed four zero-day flaws, two of which are actively exploited in the wild. CVE-2025-21391 is a Windows Storage privilege escalation flaw exploited in the wild. ” CVE-2025-21418 is a Windows Ancillary Function Driver for WinSock privilege escalation flaw. .

Security 171

Security Passwords Authentication IT 171

Security Affairs

JANUARY 10, 2025

The cybersecurity firm discovered the campaign on January 7, 2025, the company discovered that threat actors used false offers of employment with CrowdStrike. “On January 7, 2025, CrowdStrike identified a phishing campaign exploiting its recruitment branding to deliver malware disguised as an “employee CRM application.”

Phishing 283

Phishing Mining Authentication Communications 283

Security Affairs

MARCH 5, 2025

The Eleven11bot botnet has infected over 86,000 IoT devices, mainly security cameras and network video recorders (NVRs). Most infected devices are security cameras and network video recorders (NVRs), which are used to launch DDoS attacks. ” wrote Nokia security researchers Jrme Meyer. discovered on 2025-03-02.

IoT 190

IoT Passwords Communications Security 190

Security Affairs

FEBRUARY 20, 2025

Microsoft has addressed two critical vulnerabilities, tracked as CVE-2025-21355 (CVSS score: 8.6) and CVE-2025-24989 (CVSS score: 8.2), respectively impacting Bing and Power Pages. The researcher Nicolas Joly reported the vulnerability.

Authentication 166

Authentication Access IT Information Security 166

Collaboration 2.0

NOVEMBER 19, 2024

Stung by last summer's CrowdStrike meltdown, which crashed Windows PCs and servers worldwide, Microsoft is rolling out a wide range of security changes to Windows. Here's what to expect over the next year

Security 273

Security 273

Collaboration 2.0

DECEMBER 23, 2024

AI arrived, security troubles were dodged, and after years of development, real-time Linux finally made it into mainstream Linux. Here's what shook up the open-source world this year and what it means for 2025.

Security 306

Security IT 306

The Last Watchdog

JANUARY 15, 2025

15, 2025, CyberNewswire — Aembit , the non-human identity and access management (IAM) company, unveiled the full agenda for NHIcon 2025, a virtual event dedicated to advancing non-human identity security, streaming live on Jan. Silver Spring, MD, Jan. 28 and headlined by industry luminary Kevin Mandia.

Security 130

Security Cloud Risk Access 130

Security Affairs

MARCH 6, 2025

Elasticreleased security updates to address a critical vulnerability, tracked asCVE-2025-25012 (CVSS score of 9.9), impacting the Kibana data visualization dashboard software forElasticsearch. Elasticfixed a critical flaw inthe Kibanadata visualization dashboard software forElasticsearchthat could lead to arbitrary code execution.

Security 198

Security IT 198

Security Affairs

MARCH 20, 2025

An investigation completed on February 18, 2025, confirmed that threat actors accessed personal information. “PSEA experienced a security incident on or about July 6, 2024 that impacted our network environment. . “PSEA experienced a security incident on or about July 6, 2024 that impacted our network environment.

Education 162

Education Data breaches Passwords Insurance 162

Security Affairs

FEBRUARY 8, 2024

26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technolog y. Cyber Skills Gap: By 2025, there could be 3.5 million unfilled cyber security jobs, showing a big need for skilled professionals. trillion annually by 2025, rising by 15% each year.

Security 355

Security Phishing IoT Ransomware 355

Security Affairs

JANUARY 16, 2025

New Clop Ransomware CLEO victim list pic.twitter.com/2Ape3KVuHO — Dominic Alvieri (@AlvieriD) January 15, 2025 In December 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2024-50623 (CVSS score 8.8),which If you are not sure if we have your data. A spokesperson for U.S.

Ransomware 179

Ransomware Cybersecurity IT Security 179

Security Affairs

MARCH 24, 2025

On March 20, 2025, the group added the VA Generals Office to the list of victims on its Tor leak site. The breach was detected in February , leading to notifications to the FBI, Virginia State Police, and the Virginia Information Technologies Agency. Investigations are ongoing to assess the impact and source of the attack.

Ransomware 258

Ransomware Manufacturing Paper Archiving 258

Data Breach Today

JANUARY 10, 2025

Google Mandiant's Jamie Collier on the Biggest Cloud Security Challenges To combat AI threats in 2025, security teams are set to enter the second phase of AI innovation in security by deploying semi-autonomous operations such as alert parsing, creation of high-priority item lists and risk remediation, said Jamie Collier, senior threat intelligence (..)

Cloud 147

Cloud Risk Security 147

Data Breach Today

JULY 26, 2024

New Analysis Reveals Growing Crisis for the National Vulnerability Database A growing backlog at the National Institute of Standards and Technology National Vulnerability Database could surge to above 30,000 unanalyzed security flaws by the end of the year if the agency fails to significantly ramp up its processing rates, according to a new analysis (..)

Security 297

Security IT 297

Security Affairs

JANUARY 14, 2025

3, 2025, thereby concluding the U.S. . “In August 2024, the Justice Department and FBI obtained the first of nine warrants in the Eastern District of Pennsylvania authorizing the deletion of PlugX from U.S.-based based computers. The last of these warrants expired on Jan. portions of the operation.”

Government 303

Government Cybersecurity Access IT 303

Security Affairs

APRIL 4, 2025

The Computer Emergency Response Team of Ukraine (CERT-UA) reported three cyberattacks in March 2025 targeting Ukrainian agencies and infrastructure to steal sensitive data. Notably, from 2025 onwards, the screenshot functionality shifted to being powered by PowerShell. This activity is tracked under the identifier UAC-0219.

148

148

The Last Watchdog

JANUARY 7, 2025

Security Risk Advisors (SRA) is a leading cybersecurity firm dedicated to providing comprehensive security solutions to businesses worldwide. With a commitment to maintaining the highest ethical standards, SRA offers a range of services including security testing, security program development, 24×7 monitoring and response.

Risk 130

Risk Security Cybersecurity Marketing 130

Data Breach Today

JANUARY 23, 2025

Fortinet's Vincent Hwang on Addressing Security, Compliance Gaps According to Fortinet's 2025 State of Cloud Security Report, 76% of organizations have a shortage of cloud security expertise, compounding cloud adoption and security challenges. How should organizations address the skills gap?

Cloud 130

Cloud Security Compliance 130