News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Tag: weak points

Well-known vulnerabilities remain unnoticed
25 May 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Earlier this week, CISA announced that it had added new Linux vulnerabilities to its catalog, warning that they are being actively exploited. Recent additions to the Cybersecurity and Infrastructure Security Agency's (CISA) Catalog of Vulnerabilities Exploited (KEV) include multiple vulnerabilities in the Linux kernel, as well as other vulnerabilities dating back more than 12 years. While the exact details of how these vulnerabilities were exploited, whether recent or historical, are unknown, there is a trend in which cybercriminals have been successfully targeting known vulnerabilities, particularly those with…

Read more

Again vulnerabilities in Android 11, 12, 13
6 May 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Android published a new list of over 40 vulnerabilities for Android 11, 12 and 13 in May. The good news: there are no critical vulnerabilities. The bad: apart from one gap, all others are considered highly dangerous. The first manufacturers are already rolling out the updates. Users should check the update area of ​​the smartphone more often and possibly initiate the update manually. In Google's security bulletin for May there is again a very long list of security problems. They cover the areas of frame, system, kernel or graphics. Almost all of the listed vulnerabilities are classified by Google...

Read more

Report: Cyber ​​criminals use 500 tools and tactics
5 May 2023
| No comments
| Sophos, Stories
Report: Cyber ​​criminals use 500 tools and tactics

In its Active Adversary Report, Sophos describes how and with what cybercriminals carried out the most attacks in 2022. The shocking result: they used more than 500 different tools and tactics. This is how ransomware stays on the rise. Sophos has released its Active Adversary Playbook for Business Leaders. The report provides an in-depth look at the changing behaviors and attack techniques attackers will employ in 2022. Data from more than 150 Sophos Incident Response cases was analyzed for this report. Sophos researchers identified more than 500 unique tools and techniques, including 118 "Living off...

Read more

Patchdays: Increasing exposure to CVEs
19 April 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The April 2023 Patchday release contains fixes for 97 CVEs (Common Vulnerabilities and Exposures) - seven rated critical and 90 rated important. One of the 97 CVEs has already been misused as a zero day in the wild. “CVE-2023-28252 is an elevation of privilege vulnerability in the Windows Common Log File System (CLFS). It has been exploited by criminals and is the second zero-day use of CLFS privileges this year - and the fourth in the last two years. It is also the second CLFS zero-day vulnerability disclosed by researchers from Mandiant and DBAPPSecurity (CVE-2022-37969), although...

Read more

Heavily exploited vulnerabilities up to five years old!
17 April 2023
| No comments
| Stories
Heavily exploited vulnerabilities up to five years old!

As Tenable's Threat Landscape Report shows, the most frequently attacked vulnerabilities have typically been known for many years. The attackers are counting on the fact that the patches have not been used and that no one is monitoring the gaps. With Microsoft Exchange, Log4Shell or Follina, there were always old vulnerabilities. Tenable's annual Threat Landscape Report is out. The report confirms the continued threat of known vulnerabilities—that is, those for which patches have already been made available—as the prime vector for cyberattacks. The results are based on the analysis of cyber security incidents, vulnerabilities…

Read more

Vulnerabilities - Known but not patched
11 April 2023
| No comments
| PR News
Known but not patched

A new study by Ivanti, Cyber ​​Security Works (CSW), Cyware and Securin shows that, contrary to optimistic estimates, ransomware threats will not have lost any of their clout in 2022. The study "2023 Spotlight Report: Ransomware from the perspective of threat and vulnerability management" makes it clear: Compared to the previous year, the number of vulnerabilities exploited by ransomware has increased by almost 1/5 (19%). Among the total of 344 new threats that security providers were able to identify in 2022, there are also 56 vulnerabilities that are directly linked to ransomware...

Read more

Chinese cyber attackers target zero-day vulnerabilities
March 28, 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Found zero-day vulnerabilities are often exploited by individual APT groups. According to Mandiant, Chinese cyberattackers are targeting more and more zero-day vulnerabilities. The report documents the role of the groups and the vulnerabilities exploited. Mandiant's new Fortinet vulnerability report reveals that routers and internet-connected devices on corporate networks are inadequately protected against cyberattacks. There are simply not enough tools to protect these systems. Chinese spies at work Suspected Chinese spies exploited a zero-day vulnerability with a new type of malware designed specifically for network security devices. Even devices used by government and…

Read more

SAP patches close serious security gaps
March 20, 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

On its patch day, SAP published a list of 19 new security gaps and related updates. This is also necessary because the list contains two critical vulnerabilities with CVSS scores of 9.9 out of 10 and three other critical vulnerabilities with CVSS 9.6 to 9.0. As almost every month, it is worth taking a look at the SAP Patch Day Blog. The month of March 2023 again shows a large list of security gaps. According to the Common Vulnerability Scoring System - CVSS - 19 of the 5 security gaps listed and the corresponding updates are...

Read more

Top malware in Q1-2023: Qbot, Formbook, Emotet
March 20, 2023
| No comments
| Stories
Top malware in Q1-2023: Qbot, Formbook, Emotet

Check Point's Spring 2023 Global Threat Index shows Qbot, Formbook, and Emotet malware as the most threatening, HTTP Headers Remote Code Execution vulnerability on the rise, and retail as an industry most under attack. Check Point has published its Global Threat Index for January 2023. Qbot, a sophisticated Trojan that steals banking information and keystrokes, remains at the top. Emotet slips to third place in Germany. With regard to sectors and areas, retail was attacked in Germany in particular. Maya Horowitz, VP Research at...

Read more

Critical vulnerabilities in Lexmark printers
March 18, 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The manufacturer of corporate printers Lexmark has once again warned its users of critical vulnerabilities. In dozens of its models there are four vulnerabilities in the firmware with a CVSSv3 score of 9.0, one 8.5 and one 8.0 out of 10. Users should update the firmware accordingly. A few weeks ago, Lexmark had to ask many of its users to update the firmware for many of its printers. Now there is already a large number of dangerous vulnerabilities. The update is recommended for companies and administrators, as the CVSSv3 values ​​​​are 9.0 out of 10 in four cases and are classified as critical…

Read more

© 2024 MedPressIT GbR
Cookie Settings