News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Tag: CVE

CRITICISM: OT and IoT network anomalies are ubiquitous 
10 April 2024
| No comments
| PR News
CRITICISM: OT and IoT network anomalies are omnipresent - Image by Gerd Altmann on Pixabay

A new report shows that network anomalies and attacks are the most common threats to OT and IoT environments, especially in the area of ​​critical infrastructure. Vulnerabilities in critical production areas have increased by 230 percent. Nozomi Networks has released its latest Networks Labs OT & IoT Security Report. The experts' analysis shows that network anomalies and attacks represent the greatest threat to OT and IoT environments. Another reason for concern: vulnerabilities in critical production areas have increased by 230 percent. Therefore, cybercriminals have many more opportunities to access networks and cause these anomalies. Collected telemetry data…

Read more

BSI: Thousands of MS Exchange servers with critical vulnerabilities
2 April 2024
| No comments
| PR News
BSI: Thousands of MS Exchange servers with critical vulnerabilities - Ki - Bing

The BSI – Federal Office for Information Security – has warned several times in the past about vulnerabilities in Exchange and recommended that the security updates provided be installed promptly. But old systems are still not patched and a new vulnerability has already been published. There are currently around 45.000 Microsoft Exchange servers in Germany operating with Outlook Web Access (OWA) that can be accessed openly from the Internet. According to the BSI's findings, around 12% of these are still running Exchange 2010 or 2013. Security updates have no longer been available for these versions since October 2020 or April 2023...

Read more

WinRAR vulnerability is already being exploited
September 17, 2023
| No comments
| Short news, TrendMicro
Trend Micro News

There have been signs of a new trend in the criminal scene for some time now. The search for vulnerabilities continues. But especially in widely used non-standard software, as updating becomes more difficult. The most recent example is the compression tool WinRAR. A comment from Trend Micro. In a statement published on August 02nd, the manufacturer RARLAB described two notable vulnerabilities whose exploitation has already been proven and/or is relatively easy to exploit. The vulnerability CVE-2023-38831 describes that malware can be “smuggled” into specially prepared archives, while CVE-2023-40477 allows code to be executed on a...

Read more

Vulnerabilities in Netgear Nighthawk RAX30 routers
27 May 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

A combination of five vulnerabilities in Netgear Nighthawk RAX30 routers allows attackers to monitor and manipulate Internet traffic and take over connected smart devices. Security researchers from Team82, the research department of cyber-physical systems (CPS) security specialist Claroty, have discovered five vulnerabilities in the widely used Netgear Nighthawk RAX2 router as part of the Pwn30Own competition. Vulnerability set opens the door Successful exploitation of this vulnerability set allows attackers to monitor users' Internet activities, hijack Internet connections and redirect traffic to malicious websites or inject malware into network traffic. Over and beyond…

Read more

2022: Scanners discover 2,3 billion vulnerabilities
10 May 2023
| No comments
| Stories
2022: Scanners discover 2,3 billion vulnerabilities

Although thousands of vulnerabilities caused by CVEs are known, these have been found 2,3 billion times as vulnerabilities in companies and authorities worldwide. The 2023 TruRisk Research Report focuses on the 163 most critical or highly dangerous vulnerabilities and evaluates them. In its 2023 TruRisk Research Report, Qualys publishes interesting evaluations. The research report provides an overview of known security vulnerabilities found by Qualys in 2022 at companies and governments worldwide - more than 2,3 billion. The results of the investigation underscore the image of opportunistic attackers who are constantly changing their techniques in an agile manner in order to…

Read more

Patchdays: Increasing exposure to CVEs
19 April 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The April 2023 Patchday release contains fixes for 97 CVEs (Common Vulnerabilities and Exposures) - seven rated critical and 90 rated important. One of the 97 CVEs has already been misused as a zero day in the wild. “CVE-2023-28252 is an elevation of privilege vulnerability in the Windows Common Log File System (CLFS). It has been exploited by criminals and is the second zero-day use of CLFS privileges this year - and the fourth in the last two years. It is also the second CLFS zero-day vulnerability disclosed by researchers from Mandiant and DBAPPSecurity (CVE-2022-37969), although...

Read more

Vulnerability in Outlook - business at risk
March 22, 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

A security lab has discovered a serious vulnerability in Microsoft Outlook that is being used against European government, military, energy and transport companies. The vulnerability has the designation CVE-2023-23397 and is classified according to the Common Vulnerability Scoring System (CVSS) with a value of 9.8. The BSI also says: The attack occurs before the e-mail is opened or before it is displayed in the preview window - no action by the recipient is necessary! The vulnerability allows an unauthorized attacker to compromise systems with a specially crafted email. Through this malicious email he receives…

Read more

Lexmark SMB printers with critical 9.0 vulnerability
6. February 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Lexmark reports two vulnerabilities in over 120 relatively new printer models. Many devices are also for the SME sector and have network access. According to CVSSv3, a vulnerability has a base score of 9.0 and is therefore considered “critical”. Users of the models should urgently update the firmware, as remote attackers could run code. In the list of current safety instructions from Lexmark, there are two current entries for which a firmware update is recommended. According to the Common Vulnerability Scoring System Version 3.0 – CVSSv3 for short, the CVE-2023-22960 vulnerability has a score of…

Read more

Chrome: New patches for security vulnerabilities
26 January 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

All Chrome users should take the time to update to version 109.0.5414.119 /.120. With the update, Google closes 4 security gaps, 2 of which are considered highly dangerous. An update is done quickly. A user and experts have found new vulnerabilities in Chrome and reported them to Google. There they reacted immediately and incorporated the patches into a new version. The official or stable build is 109.0.5414.119 /.120 for Windows, for Mac and Linux Mac and Linux to 109.0.5414.119. Two Serious Vulnerabilities While the first vulnerability was found in the WebTransport (CVE-2023-0471) of the client-server transfer engine…

Read more

Splunk rolls out 12 security patches - 9 are 'High'
11 November 2022
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Manufacturer Splunk has to fill a lot of gaps with security patches in its planned 3-month updates. Of the 12 updates listed, Splunk 9 rates itself as Highly Dangerous. In addition, there are 2 third-party updates that are also classified as Highly Dangerous. The list of security patches for Splunk Enterprise products is long. In addition to the vulnerabilities published months ago, there are another 12 vulnerabilities and an additional 2 vulnerabilities from third parties in the planned, quarterly patch list. Right now, administrators and CISOs should pay attention to the published list that 9 of the 12 vulnerabilities are...

Read more

© 2024 MedPressIT GbR
Cookie Settings