Security Affairs

AUGUST 14, 2024

Patch Tuesday security updates for August 2024 addressed 90 vulnerabilities in Microsoft products including Windows and Windows Components; Office and Office Components; NET and Visual Studio; Azure; Co-Pilot; Microsoft Dynamics; Teams; and Secure Boot and others, bringing the total to 102 when including third-party bugs.

Security 352

Security IT Information Security 352

Security Affairs

SEPTEMBER 11, 2024

Microsoft Patch Tuesday security updates for September 2024 addressed 79 flaws, including four actively exploited zero-day flaws. CVE-2024-38217 – Windows Mark of the Web Security Feature Bypass Vulnerability. CVE-2024-38226 – Microsoft Publisher Security Feature Bypass Vulnerability.

Security 324

Security IoT Authentication IT 324

Security Affairs

NOVEMBER 6, 2024

Canada ordered ByteDance to shut down TikTok operations over security concerns but did not issue a full ban on the platform. The government is taking action to address the specific national security risks related to ByteDance Ltd.’s The Canadian government ordered ByteDance to wind up TikTok Technology Canada, Inc.

Security 296

Security Government Risk Data collection 296

Security Affairs

SEPTEMBER 11, 2024

Adobe Patch Tuesday security updates addressed multiple vulnerabilities in its products, including critical flaws that could allow attackers to execute arbitrary code on Windows and macOS systems. Adobe addressed tens of vulnerabilities, including critical issues that could allow attackers to execute arbitrary code on Windows and macOS.

Security 354

Security Access IT Information Security 354

Security Affairs

FEBRUARY 11, 2025

Artificial intelligence enhances data security by identifying risks and protecting sensitive cloud data, helping organizations stay ahead of evolving threats. With over 90% of enterprises storing at least some of their data in the cloud, AIs ability to enhance security across complex, distributed environments is more vital than ever.

Artificial Intelligence 219

Artificial Intelligence Security Unstructured data Cloud 219

Security Affairs

SEPTEMBER 18, 2024

To protect against attacks like Credential Flusher, it is essential to adopt a series of security measures: Use updated antivirus software: Ensure that your security software is always up to date to detect and block the latest threats. He is also the author of the book “La Gestione della Cyber Security nella Pubblica Amministrazione”.

Passwords 318

Passwords Authentication Education Phishing 318

Security Affairs

JULY 25, 2024

The CVE-2024-21412 is an Internet Shortcut Files Security Feature Bypass Vulnerability. An unauthenticated attacker can trigger the flaw by sending the victim a specially crafted file that is designed to bypass displayed security checks. The attacker has to trick the victims into clicking the file link. with booby-trapped files.

Education 353

Education Security Information Security Cybersecurity 353

Security Affairs

FEBRUARY 27, 2025

Belgian authorities are investigating Chinese hackers for breaching its State Security Service (VSSE), stealing 10% of emails from 2021 to May 2023. The Belgian federal prosecutor’s office is probing a possible security breach on its State Security Service (VSSE) by China-linked threat actors. ” reported Reuters.

Security 179

Security Access Government Cybersecurity 179

Security Affairs

OCTOBER 1, 2024

A spokesperson for Germany’s Federal Office for Information Security (BSI) confirmed that Kimsuky (aka APT43 ) is conducting a broader cyber campaign targeting Germany. The server hosted realistic, German-language login pages mimicking Telekom and GMX, likely aiming to steal login credentials from German users.

Military 336

Military Manufacturing Phishing Information Security 336

Security Affairs

OCTOBER 6, 2024

According to the Wall Street Journal, which reported the news exclusively, the security breach poses a major national security risk. The WSJ states that the compromise remained undisclosed due to possible impact on national security. Experts believe that threat actors are aimed at gathering intelligence.

Government 362

Government Access Risk Security 362

Security Affairs

SEPTEMBER 23, 2024

ESET addressed two local privilege escalation vulnerabilities in security products for Windows and macOS operating systems. Cybersecurity firm ESET released security patches for two local privilege escalation vulnerabilities impacting Windows and macOS products. The company released Cyber Security version 7.5.74.0

IT 324

IT Security Cybersecurity Information Security 324

Security Affairs

NOVEMBER 12, 2024

Apple iOS supports a new feature that reboots locked devices after extended inactivity, aiming to enhance data security for users. Apple ‘quietly’ implemented a new security feature that automatically reboots a locked device if it has not been used for several days. at the end of October. reported 404 Media.

Encryption 321

Encryption Passwords Security Communications 321

Security Affairs

OCTOBER 31, 2024

kzoldyck, the Threat Actor behind the alleged Interbank breach/leak posted the following on BreachForums [link] pic.twitter.com/A8SYASxmsT — Dark Web Informer (@DarkWebInformer) October 30, 2024 “We have identified that some data of a group of clients has been exposed by a third party without our authorization.

Data breaches 321

Data breaches Financial Services Passwords Security 321

Security Affairs

DECEMBER 5, 2024

Security Operations Center (SOC) analyst burnout is a very real problem. The two key problems are: Alert Overload Modern security environments generate an extraordinary number of alerts. Gathering information from the huge number of sources inherent in modern IT environments is laborious, mundane, and mentally exhausting.

Cybersecurity 340

Cybersecurity Artificial Intelligence Risk Data collection 340

Security Affairs

SEPTEMBER 20, 2024

Ukraine’s NCCC banned the Telegram app for government agencies, military, and critical infrastructure, due to national security concerns. ” reads the announcement published by the National Security and Defense Council of Ukraine. The ban does not affect Ukrainian citizens. ” continues the announcement.

Military 344

Military Government Personal data Phishing 344

Security Affairs

SEPTEMBER 19, 2024

Security Information and Event Management (SIEM) solutions are a great way to achieve this. What is SIEM (Security Information and Event Management)? They allow security teams to view all their security data from a single point of view, meaning they can identify any unusual behavior patterns.

Compliance 324

Compliance Cybersecurity Security Data breaches 324

Security Affairs

SEPTEMBER 30, 2024

. “Robert Westbrook, 39, of London, United Kingdom, was arrested in the United Kingdom this week with a view towards extradition to the United States so that he can face an indictment charging him with securities fraud, wire fraud, and five counts of computer fraud.” ” reads the press release published by SEC.

Passwords 344

Passwords Security Information Security IT 344

Security Affairs

AUGUST 17, 2024

Background check service National Public Data confirms a data breach that exploded millions of social security numbers and other sensitive information. The company states that the security incident may have occurred in late December 2023, with potential leaks of certain data in April 2024 and summer 2024.

Data breaches 356

Data breaches Archiving Sales Personal data 356

Security Affairs

JULY 18, 2024

The cybercrime group FIN7 is advertising a security evasion tool in multiple underground forums, cybersecurity company SentinelOne warns. SentinelOne researchers warn that the financially motivated group FIN7 is using multiple pseudonyms to advertise a security evasion tool in several criminal underground forums.

Ransomware 353

Ransomware Cybersecurity Sales Security 353

Security Affairs

JULY 31, 2024

Apple has issued security updates to address multiple vulnerabilities across iOS, macOS, tvOS, visionOS, watchOS, and Safari. Apple released security updates to address multiple vulnerabilities in iOS, macOS, tvOS, visionOS, watchOS, and Safari. The IT giant released iOS 17.6 and iPadOS 17.6 “Once you update to iOS 18.1,

Authentication 345

Authentication Access Security IT 345

Security Affairs

JUNE 30, 2024

“A comprehensive taskforce consisting of TeamViewer’s security team together with globally leading cyber security experts has worked 24/7 on investigating the incident with all means available. We are in constant exchange with additional threat intelligence providers and relevant authorities to inform the investigation.”

Access 353

Access Security IT Information Security 353

Security Affairs

JULY 5, 2024

The internal security team quickly launched an investigation into the security breach. The team is notifying users via X and email and secured the infrastructure to prevent similar attacks in the future. annual percentage yield (APY) on staked Ethereum. Confirming we managed to send out an update.

Phishing 350

Phishing Risk Security Access 350

Security Affairs

AUGUST 19, 2024

Microsoft addressed the vulnerability with Path Tuesday security updates released in August 2024 , the IT giant also warned that the flaw was exploited in attacks in the wild. “Gen Threat Labs recently uncovered and reported a major security flaw known as a zero-day vulnerability (CVE-2024-38193), which Microsoft has now fixed. .

Access 345

Access Security Marketing IT 345

Security Affairs

JULY 18, 2024

Researchers discovered security flaws in SAP AI Core cloud-based platform that could expose customers’ data. Cybersecurity researchers at Wiz uncovered five security flaws, collectively tracked as SAPwned, in the SAP AI Core cloud-based platform. An attacker can exploit the flaws to obtain access tokens and customer data.

Cloud 354

Cloud Access Cybersecurity Risk 354

Security Affairs

SEPTEMBER 2, 2024

However, the TfL stated that there is no evidence that customer information was compromised during the incident. “We are currently dealing with an ongoing cyber security incident. — TfL (@TfL) September 2, 2024 “We have introduced a number of measures to our internal systems to deal with an ongoing cyber security incident.”

Government 332

Government Security IT Information Security 332

Security Affairs

AUGUST 30, 2024

which no longer receives backported fixes in accordance with our Security Bug Fix Policy. A second threat actor used a shell script to execute cryptocurrency mining activities across all accessible endpoints in the customer environment using Secure Shell (SSH). 5, 2023 as well as 8.4.5 Data Center only), and 8.7.1 Data Center only).

Mining 343

Mining Cloud Risk Security 343

Security Affairs

JANUARY 15, 2025

“Threat actor dubbedCodefingeruses compromised AWS keys to encrypt S3 bucket data via SSE-C, leveraging AWSs secure encryption infrastructure in a way that prevents recovery without their generated key.” We encourage all customers to follow security, identity, and compliance best practices.

Encryption 294

Encryption Ransomware Authentication Cloud 294

Security Affairs

JULY 2, 2024

The company did not share details of the cyber attack, however, the Alphv/BlackCat ransomware gang claimed responsibility for the security breach. The company initially announced in March that the security incident had impacted more than 36,000 individuals.

Data breaches 353

Data breaches Insurance Ransomware Security 353

Security Affairs

OCTOBER 25, 2024

DLP is key in cybersecurity; a risk assessment identifies data risks, helping turn findings into real-world security improvements. They typically include an evaluation of data handling practices, security policies, and DLP solutions to identify and remediate any vulnerabilities that could result in a data breach.

Risk 307

Risk Cybersecurity Cloud Compliance 307

Security Affairs

JULY 11, 2024

Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. Cybersecurity and Infrastructure Security Agency (CISA) added the the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. ” reported Akamai. In June, the U.S. continues the advisory.

Honeypots 347

Honeypots File names Mining IoT 347

Security Affairs

AUGUST 13, 2024

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. Threat actors sent out emails attempting to impersonate Security Service of Ukraine (SSU) and contains a link to download a file named “Documents.zip.”

Phishing 346

Phishing Government File names Access 346

Security Affairs

NOVEMBER 8, 2024

.” Palo Alto Networks recommends reviewing best practices for securing management access to its devices. Cybersecurity and Infrastructure Security Agency (CISA) added a Palo Alto Expedition Missing Authentication Vulnerability, tracked as CVE-2024-5910 , to its Known Exploited Vulnerabilities (KEV) catalog.

Authentication 292

Authentication Cybersecurity Access Communications 292

Security Affairs

OCTOBER 1, 2024

AFP is investigating the security event in collaboration with France’s cybersecurity agency, ANSSI. AFP’s technical teams are working on the incident with the support of the French National Agency for IT Systems Security (ANSSI). They urged partners to change passwords and secure their reception systems.

Passwords 340

Passwords Cybersecurity Security IT 340

Security Affairs

OCTOBER 7, 2024

Universal Music Group notified hundreds of individuals about a data breach compromising their personal information. Universal Music Group is notifying 680 individuals about a data breach that compromised their personal information, including their Social Security number.

Data breaches 334

Data breaches Ransomware Security Access 334

Security Affairs

AUGUST 1, 2024

The company released patches for security vulnerabilities affecting ESXi 8.0 Users of the unsupported versions are recommended to upgrade to newer versions to receive security updates and support. reads the advisory published by the virtualization giant. and VMware Cloud Foundation 5.x. and VMware Cloud Foundation 4.x.

Ransomware 354

Ransomware Authentication Cloud Security 354

Security Affairs

FEBRUARY 20, 2025

Citrix released security updates to address a high-severity security vulnerability, tracked as CVE-2024-12284 (CVSS score of 8.8) Citrix addressed a high-severity privilege escalation vulnerability impacting NetScaler Console and NetScaler Agent under certain conditions. ” reads the advisory.

Authentication 297

Authentication Cloud Access Security 297

Security Affairs

SEPTEMBER 16, 2024

. “When D-Link became aware of the reported security issues, we promptly started investigating and developing security patches. The third-party publicly disclosed the problem before the patches were available on our standard 90-day security patch release schedule.” ” reads the advisory.

Manufacturing 326

Manufacturing Security Access Risk 326