News

Latest news on the subject of B2B cyber security >>> PR agencies: Add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Tag: CVE

MITRE CVE program remains in place for the time being
12 May 2025
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The US government-funded CVE program is considered a crucial component in the global discovery of software flaws. Now, funding is to be temporarily secured. Funding for the CVE (Common Vulnerabilities and Exposures) program, as well as related initiatives such as the CWE (Common Weakness Enumeration), was originally not to be renewed. In the run-up to the impending discontinuation on April 16, 2025, the announcement had caused great concern in the information security industry – fears that the discovery and documentation of software vulnerabilities could become more complicated in the future. Experts call for further funding. Since its launch in 1999, the…

Read more

BSI: Thousands of Exchange servers still vulnerable
6 October 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The current figures from CERT regarding outdated Microsoft Exchange servers in Germany are alarming. According to the report, 28% of Exchange servers 2016/2019 with open Outlook Web Access (OWA) are on a patch level that is more than six months old. The warnings from CERT - the Computer Emergency Response Team of the BSI are alarming, especially since the issue of unpatched Exchange servers is not new, but an ongoing issue. According to CERT, the patch level for CVE-28-2016 is more than six months old for 2019 percent of Exchange servers 2024/26198 with open Outlook Web Access (OWA). Even more critical is the fact that...

Read more

When manufacturers do not take vulnerabilities seriously 
September 25, 2024
| No comments
| PR News, TrendMicro

The case of the recently fixed Windows MSHTML vulnerability (CVE-2024-43461) shows that Microsoft has not reacted seriously despite warnings from two manufacturers (Trend Micro and CheckPoint), even though the vulnerability has already been exploited by cyber attackers. A comment. The vulnerability was first disclosed in September 2024 as part of Patch Tuesday, but was only subsequently marked as already exploited. It was used in zero-day attacks by the hacker group Void Banshee to install malicious software such as the Atlantida infostealer and steal sensitive data. Richard Werner, Security Advisor at Trend Micro, said: "We should be aware that there are…

Read more

Researcher: Cracked Cisco appliance and installed Doom on it 
26 April 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Security researcher Aaron Thacker actually just wanted to build a server out of a Cisco appliance. He discovered a vulnerability in the web-based management interface of the Cisco Integrated Management Controller. He then installed Doom and played it as a demo in the management console. Security researcher Aaron Thacker only managed to hack a Cisco C195 Email Security Appliance, but the vulnerability affects a whole range of Cisco devices. Thacker just wanted to build a server out of the appliance and discovered the vulnerability during the conversion. He then started a chain of attacks: He changed the BIOS,…

Read more

CRITICISM: OT and IoT network anomalies are ubiquitous 
10 April 2024
| No comments
| PR News
CRITICISM: OT and IoT network anomalies are omnipresent - Image by Gerd Altmann on Pixabay

A new report shows that network anomalies and attacks are the most common threats to OT and IoT environments, especially in the area of ​​critical infrastructure. Vulnerabilities in critical production areas have increased by 230 percent. Nozomi Networks has released its latest Networks Labs OT & IoT Security Report. The experts' analysis shows that network anomalies and attacks represent the greatest threat to OT and IoT environments. Another reason for concern: vulnerabilities in critical production areas have increased by 230 percent. Therefore, cybercriminals have many more opportunities to access networks and cause these anomalies. Collected telemetry data…

Read more

BSI: Thousands of MS Exchange servers with critical vulnerabilities
2 April 2024
| No comments
| PR News
BSI: Thousands of MS Exchange servers with critical vulnerabilities - Ki - Bing

The BSI – Federal Office for Information Security – has warned several times in the past about vulnerabilities in Exchange and recommended that the security updates provided be installed promptly. But old systems are still not patched and a new vulnerability has already been published. There are currently around 45.000 Microsoft Exchange servers in Germany operating with Outlook Web Access (OWA) that can be accessed openly from the Internet. According to the BSI's findings, around 12% of these are still running Exchange 2010 or 2013. Security updates have no longer been available for these versions since October 2020 or April 2023...

Read more

WinRAR vulnerability is already being exploited
September 17, 2023
| No comments
| Short news, TrendMicro
Trend Micro News

There have been signs of a new trend in the criminal scene for some time now. The search for vulnerabilities continues. But especially in widely used non-standard software, as updating becomes more difficult. The most recent example is the compression tool WinRAR. A comment from Trend Micro. In a statement published on August 02nd, the manufacturer RARLAB described two notable vulnerabilities whose exploitation has already been proven and/or is relatively easy to exploit. The vulnerability CVE-2023-38831 describes that malware can be “smuggled” into specially prepared archives, while CVE-2023-40477 allows code to be executed on a...

Read more

Vulnerabilities in Netgear Nighthawk RAX30 routers
27 May 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

A combination of five vulnerabilities in Netgear Nighthawk RAX30 routers allows attackers to monitor and manipulate Internet traffic and take over connected smart devices. Security researchers from Team82, the research department of cyber-physical systems (CPS) security specialist Claroty, have discovered five vulnerabilities in the widely used Netgear Nighthawk RAX2 router as part of the Pwn30Own competition. Vulnerability set opens the door Successful exploitation of this vulnerability set allows attackers to monitor users' Internet activities, hijack Internet connections and redirect traffic to malicious websites or inject malware into network traffic. Over and beyond…

Read more

2022: Scanners discover 2,3 billion vulnerabilities
10 May 2023
| No comments
| Stories
2022: Scanners discover 2,3 billion vulnerabilities

Although thousands of vulnerabilities caused by CVEs are known, these have been found 2,3 billion times as vulnerabilities in companies and authorities worldwide. The 2023 TruRisk Research Report focuses on the 163 most critical or highly dangerous vulnerabilities and evaluates them. In its 2023 TruRisk Research Report, Qualys publishes interesting evaluations. The research report provides an overview of known security vulnerabilities found by Qualys in 2022 at companies and governments worldwide - more than 2,3 billion. The results of the investigation underscore the image of opportunistic attackers who are constantly changing their techniques in an agile manner in order to…

Read more

Patchdays: Increasing exposure to CVEs
19 April 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The April 2023 Patchday version contains fixes for 97 CVEs (Common Vulnerabilities and Exposures) - seven classified as critical and 90 as important. One of the 97 CVEs has already been abused in the wild as a zero day. "CVE-2023-28252 is an elevation-of-privilege vulnerability in the Windows Common Log File System (CLFS). It has been exploited by criminals and is the second zero-day exploitation of CLFS privileges this year - and already the fourth in the last two years. It is also the second CLFS zero-day vulnerability disclosed by researchers from Mandiant and DBAPPSecurity (CVE-2022-37969), although...

Read more

© 2025 MedPressIT Selinger
Cookie Settings