News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Tag: patches

Android 11, 12, 13 with critical security vulnerability
11 November 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Android released a new list of security vulnerabilities for Android 11, 12 and 13 in November. In addition to one critical gap, there are also another 14 highly dangerous gaps. The security bulletin warns of additional vulnerabilities, depending on whether Arm, MediaTek or Qualcomm components are installed in the mobile device. Google's security bulletin for November 2023 is worryingly long. However, the security vulnerabilities listed there do not apply to every Android device, even if it uses Android 11, 12 or 13. But the general vulnerabilities also contain a critical…

Read more

Zero Day Initiative: 1.000 vulnerability reports published
August 21, 2023
| No comments
| Data Security & Backup, Stories, TrendMicro
Zero Day Initiative: 1.000 vulnerability reports published

The Zero Day Initiative published over 1 vulnerability reports in the first half of 2023. Among the vulnerabilities are critical Microsoft zero-days. Initiator of the Zero Day Initiative Trend Micro warns of more and more faulty or incomplete patches. Trend Micro, one of the world's leading providers of cybersecurity solutions, announces that its Zero Day Initiative (ZDI) has already published over 1.000 notices ("advisories") on individual vulnerabilities in IT products this year. Against this background, the company warns that incorrect or incomplete patches are being published more and more frequently or that the manufacturers concerned are secretly...

Read more

Vulnerabilities in Netgear Nighthawk RAX30 routers
27 May 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

A combination of five vulnerabilities in Netgear Nighthawk RAX30 routers allows attackers to monitor and manipulate Internet traffic and take over connected smart devices. Security researchers from Team82, the research department of cyber-physical systems (CPS) security specialist Claroty, have discovered five vulnerabilities in the widely used Netgear Nighthawk RAX2 router as part of the Pwn30Own competition. Vulnerability set opens the door Successful exploitation of this vulnerability set allows attackers to monitor users' Internet activities, hijack Internet connections and redirect traffic to malicious websites or inject malware into network traffic. Over and beyond…

Read more

Vulnerabilities - Known but not patched
11 April 2023
| No comments
| PR News
Known but not patched

A new study by Ivanti, Cyber ​​Security Works (CSW), Cyware and Securin shows that, contrary to optimistic estimates, ransomware threats will not have lost any of their clout in 2022. The study "2023 Spotlight Report: Ransomware from the perspective of threat and vulnerability management" makes it clear: Compared to the previous year, the number of vulnerabilities exploited by ransomware has increased by almost 1/5 (19%). Among the total of 344 new threats that security providers were able to identify in 2022, there are also 56 vulnerabilities that are directly linked to ransomware...

Read more

SAP patches close serious security gaps
March 20, 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

On its patch day, SAP published a list of 19 new security gaps and related updates. This is also necessary because the list contains two critical vulnerabilities with CVSS scores of 9.9 out of 10 and three other critical vulnerabilities with CVSS 9.6 to 9.0. As almost every month, it is worth taking a look at the SAP Patch Day Blog. The month of March 2023 again shows a large list of security gaps. According to the Common Vulnerability Scoring System - CVSS - 19 of the 5 security gaps listed and the corresponding updates are...

Read more

Patches for 75 vulnerabilities
25. February 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The February 2023 Patchday release contains patches for 75 CVEs - nine rated critical and 66 rated important. Also included: Elevation of rights error in Windows, circumvention of security functions in Microsoft Office or security gaps in Microsoft Exchange Server. This month Microsoft fixed three zero-day vulnerabilities exploited by attackers in the wild, including two elevation of privilege bugs and one security feature bypass bug. CVE-2023-23376 Microsoft has patched CVE-2023-23376, an elevation of privilege bug in the Common Log File System (CLFS) driver. Its discovery will bring researchers at the Microsoft Threat Intelligence Center (MSTIC)…

Read more

Log4j: 72 percent of companies at risk
3 January 2023
| No comments
| PR News
Log4j: 72 percent of companies at risk

According to a study gleaned from over 500 million tests, 72 percent of organizations remain at risk from the Log4j vulnerability. The data highlights the problems in fixing security vulnerabilities. When Log4Shell was discovered in December 2021, companies around the world tried to determine their risk. In the weeks after the vulnerability became known, companies reallocated their resources and invested tens of thousands of hours identifying and remediating the problem. One state's federal cabinet reported that its security team spent 33.000 hours just fixing the...

Read more

230 percent more malicious crypto miners
13 December 2022
| No comments
| Kaspersky, Short news
Kaspersky_news

In the third quarter of 2022, Kaspersky experts recorded a sharp increase in crypto miner variants — a growth of over 230 percent. This is shown by the report “The state of cryptojacking in 2022”. Almost every sixth attack via a vulnerability is accompanied by a miner infection. The number of crypto miners is currently over 150.000 and is three times as high as in the third quarter of 2021. Cyber ​​criminals are currently "earning" an average income of around 1.500 US dollars per month; in one case, a wallet was identified where a $40.500 (2 BTC) transaction…

Read more

Splunk rolls out 12 security patches - 9 are 'High'
11 November 2022
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Manufacturer Splunk has to fill a lot of gaps with security patches in its planned 3-month updates. Of the 12 updates listed, Splunk 9 rates itself as Highly Dangerous. In addition, there are 2 third-party updates that are also classified as Highly Dangerous. The list of security patches for Splunk Enterprise products is long. In addition to the vulnerabilities published months ago, there are another 12 vulnerabilities and an additional 2 vulnerabilities from third parties in the planned, quarterly patch list. Right now, administrators and CISOs should pay attention to the published list that 9 of the 12 vulnerabilities are...

Read more

Exchange Server vulnerabilities: Here's what's behind them
5 October 2022
| No comments
| Short news, Sophos
SophosNews

A few days ago, two new Microsoft Exchange Server vulnerabilities became known and are being actively exploited in a series of targeted attacks. Microsoft cannot yet offer a patch for the vulnerabilities - only a customer guide. The first vulnerability, CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability that essentially opens the door for attackers to gain access to the Exchange Server. The second vulnerability, CVE_2022-41082, allows remote code execution (RCE) via PowerShell once on the server. The Vietnamese company GTSC also has various information about…

Read more

© 2024 MedPressIT GbR
Cookie Settings