News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Tag: Vulnerabilities

Thousands of solar and wind turbines with security gaps
16. February 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Based on research by the Plusminus magazine, the Tagesschau published under the title “Easy game for hackers” that solar and wind power plants sometimes have massive security gaps. Above all, medium-sized and small systems are said to be poorly protected against hackers, which is also documented live in the article. In the contribution of the ARD magazine Plusminus, an expert from the field of renewable energies shows how poorly small and medium-sized solar and wind power plants are protected against hack attacks. For the contribution, the system expert searched partly live for vulnerable systems and quickly found what he was looking for. In minutes: access to wind farm for 50.000…

Read more

230 percent more malicious crypto miners
13 December 2022
| No comments
| Kaspersky, Short news
Kaspersky_news

In the third quarter of 2022, Kaspersky experts recorded a sharp increase in crypto miner variants — a growth of over 230 percent. This is shown by the report “The state of cryptojacking in 2022”. Almost every sixth attack via a vulnerability is accompanied by a miner infection. The number of crypto miners is currently over 150.000 and is three times as high as in the third quarter of 2021. Cyber ​​criminals are currently "earning" an average income of around 1.500 US dollars per month; in one case, a wallet was identified where a $40.500 (2 BTC) transaction…

Read more

Automated detection of zero-day vulnerabilities
26 October 2022
| No comments
| PR News
Automated detection of zero-day vulnerabilities

The European IoT/OT security specialist ONEKEY enables the software-supported, automated analysis of unknown zero-day vulnerabilities in industrial products and controls for the first time. This category represents one of the greatest risks for everything that uses software: "Zero-day attacks use security gaps that may have existed undetected for a long time and were not recognized by the manufacturer of the devices and systems. Therefore there is no patch for the vulnerability and global attacks on affected devices can be devastating," says Jan Wendenburg, CEO of ONEKEY. Flourishing trade in vulnerabilities These vulnerabilities are even traded among hackers, a zero-day vulnerability in iOS,…

Read more

Cloud vulnerabilities allow access to critical data
11 October 2022
| No comments
| PR News
Cloud vulnerabilities allow access to critical data

As a new Orca Security Report shows, cloud vulnerabilities allow access to critical data in just three steps: known vulnerabilities, unsecured storage resources, and failure to follow best practices allow for an average cloud attack path of just three steps to directly access an organization's crown jewels reach. Orca Security has released the 2022 State of the Public Cloud Security Report. The study provides important insights into the current state of public cloud security and shows where the most critical security gaps can be found. One of the key findings of the report is that the average attack path is just three steps...

Read more

With crypto algorithms against bad bots
August 18, 2022
| No comments
| PR News
With crypto algorithms against bad bots

Radware has added a new set of crypto mitigation algorithms to its Bot Manager. Inspired by blockchain methods, the algorithms help close security loopholes that allow sophisticated bots to bypass traditional CAPTCHA solutions and harm a website or application. At the same time, they allow real visitors to use the website without CAPTCHAs. "The problem of bad bots is getting bigger and bigger for companies big and small," says Dr. David Aviv, Radware's Chief Technology Officer. “Malicious bots are used for everything from stealing concert tickets to blocking inventory to…

Read more

LAPSUS$ teenage extortion group exposes security flaws 
July 25, 2022
| No comments
| Stories
LAPSUS$ teenage extortion group exposes security flaws

The LAPSUS$ group, reportedly made up of teenagers, suddenly appeared on the cyber scene late last year. It became one of the most well-known and notorious online ransomware groups after successfully infiltrating major corporations such as Microsoft, Samsung, Ubisoft, and Okta. Claire Tills, Tenable's Senior Research Engineer, gained deep insight into the operations of the LAPSUS$ group. He has found that while the group's tactics are bold, illogical and poorly thought out, they have been successful in disrupting major international technology companies. This is a sobering reminder...

Read more

Study: Too many app vulnerabilities go live
June 29, 2022
| No comments
| Stories
Study: Too many app vulnerabilities go live

According to a survey of 1.300 CISOs, 75 percent say: Too many app vulnerabilities get into operations. For 79 percent of CISOs, continuous runtime vulnerability management is critical to keep up with the growing complexity of modern multi-cloud environments. Dynatrace, the Software Intelligence Company (NYSE: DT), has released a global study of 1.300 chief information security officers (CISOs) at large organizations. A key finding: The speed and complexity introduced by the use of multi-cloud environments, multiple programming languages ​​and open-source software libraries make vulnerability management difficult. 75 percent of CISOs state that despite multi-layered security measures, gaps...

Read more

Zyxel: Vulnerabilities in Firewalls, Access Points and Controllers
June 13, 2022
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Multiple vulnerabilities have been discovered in many Zyxel firewalls, access points and access point controllers. Customers should import the provided updates as soon as possible. In a security warning, the IT company Zyxel, which specializes in network solutions and Internet access, pointed out several security gaps in many of its firewalls, access points and access point controllers. Although none of the vulnerabilities have been classified as critical, the company strongly advises applying the provided patches as soon as possible, as they could still be exploited by criminals and be part of an exploit chain. This is particularly important given that many large...

Read more

Study on Enterprise Active Directory Security Posture
18 May 2022
| No comments
| Stories
Study on Enterprise Active Directory Security Posture

Semperis Releases Enterprise Active Directory Security Posture Study Reveals Significant Differences Across Industries in AD Security. There are still a lot of security gaps to be found. Organizations of all sizes and industries are failing to close Active Directory (AD) vulnerabilities that can leave them vulnerable to cyberattacks, according to a survey of IT and security leaders using Semperis' Purple Knight. Enterprises scored an average of 68% across five Active Directory security categories, a mixed score. Large organizations scored even worse on the score — with an average score…

Read more

Vulnerabilities in Confluence and Azure
19 November 2021
| No comments
| Barracuda, Stories
Vulnerabilities in Confluence and Azure

Remote Code Execution (RCE) describes the execution of arbitrary code on a computer system where the attacker does not have direct access to the console. By exploiting security holes, a hacker can remotely take full control of the system. This is the case with security gaps in Confluence and Azure. For example, any user with access to an endpoint with a vulnerable software version can execute any command via an HTTP request without the need for an authorization header. The expected response to this request would be an "Unauthorized" 401 response page. However, the user can command commands with ...

Read more

© 2024 MedPressIT GbR
Cookie Settings