News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Tag: weak point

Attacked vulnerability in Samsung smartphones running Android 12, 13
June 6, 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

One of the vulnerabilities that Samsung's May update closes is even listed by CISA - Cybersecurity and Infrastructure Security Agency - as CVE-2023-21492. According to CISA, the vulnerability is even being actively exploited. Samsung's automatic system update alleviates the problem. The CVE-2023-21492 vulnerability describes a security hole in Samsung mobile devices by inserting sensitive information in log files. The CISA not only lists the vulnerability, but also indicates that it is already being actively exploited. However, there is no further indication of the form in which this occurs. Samsung May update closes…

Read more

ALPHV ransomware targets old Veritas backup vulnerabilities
16 April 2023
| No comments
| PR News
ALPHV ransomware targets old Veritas backup vulnerabilities

According to Mandiant, a ransomware partner of ALPHV is increasingly looking for old vulnerabilities in Veritas backup installations. The gaps have actually been known since 2021 – but many of them have not been patched. It should currently be possible to find over 8.500 backup instances on the web. Mandiant has observed a new ALPHV ransomware partner (a.k.a. BlackCat ransomware) tracked as UNC4466 targeting public facing Veritas Backup Exec installations for vulnerabilities CVE-2021-27876, CVE-2021-27877 and CVE -2021-27878 are vulnerable. These CVEs have been known since March 2021 and patches are also available. However, some administrators have the…

Read more

Ransomware-as-a-Service on the rise
4 April 2023
| No comments
| PR News
Ransomware as a Service on the rise

The Arctic Wolf Labs Threat Report provides insight into a tumultuous year for cybersecurity: Russia's invasion of Ukraine has disrupted the operations of leading ransomware groups. Ransomware-as-a-Service is on the rise. A lack of multi-factor authentication (MFA) has propelled the number of attacks targeting business email, and the Log4Shell and ProxyShell vulnerabilities continue to be exploited en masse more than a year after they were first exposed to business email Compromise One of the most noticeable trends in the threat landscape was a significant increase in the number of successful BEC attacks in 2022 compared to 2021. The compromise of…

Read more

Outlook attack works without a click!
March 25, 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Even the BSI warns of the CVE-2023-23397 vulnerability in Outlook, as it can be exploited without a single click from a user. Tenable experts tested a simple scenario in which the attack succeeds even though the email was only received and not clicked. Recent coverage of the CVE-2023-23397 Outlook vulnerability has prompted Tenable to shed a little more light on the topic. A comment from Satnam Narang, Senior Staff Research Engineer at Tenable. While private users or single-user PCs are usually automatically protected by Windows updates, administrators have to check the patch themselves or...

Read more

BSI warns: exploitation of a vulnerability in MS Outlook
March 16, 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The BSI warns of a vulnerability in Outlook that is apparently already being actively exploited. The CVSS value of the vulnerability is 9.8 and is therefore considered critical. Microsoft is already providing an update that should be installed immediately if it didn't happen automatically. On March 14, 2023, Microsoft released updates for numerous vulnerabilities as part of its monthly Patch Days - including several patches for security vulnerabilities that are classified as "critical" according to the Common Vulnerability Scoring System (CVSS) with values ​​of 9.0 and higher. Important patch ready In the…

Read more

SonicOS: Vulnerability Can Crash Firewall
March 9, 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Sonicwall reports a highly dangerous vulnerability in its firewall operating system SonicOS: A stack-based buffer overflow allows remote attackers with a Denial of Service (DoS) to crash the affected firewall. Sonicwall is required to report a dangerous vulnerability in SonicOC with a rating of 7,5 High. CVE-2023-0656 describes the dangerous issue: "The stack-based buffer overflow vulnerability in SonicOS allows a remote, unauthenticated attacker to trigger Denial of Service (DoS), which could lead to an affected firewall crashing." However, Sonicwall states that the vulnerability has not yet been actively exploited. But this is well known...

Read more

Microsoft Word with critical 9.8 vulnerability
March 8, 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Every Word user should check whether their Word has already been updated by Microsoft. CVE-2023-21716 describes a critical vulnerability with a severity level of 9.8 out of 10 according to CVSS 3.1. Checking the version is quite simple. Incidentally, Microsoft released a Word vulnerability with a severity level of 9.8 out of 10 according to CVSS 3.1. This critical vulnerability allows opening a manipulated Rich Text Format (.rtf) document to allow malicious code injection. Although Microsoft describes the danger of the vulnerability on its website, it does not provide any further information. This information can be found at…

Read more

Europe: Thousands of VMware ESXi servers attacked with ransomware
7. February 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

According to the BSI - Federal Office for Information Security, thousands of servers running VMware's ESXi virtualization solution were infected with ransomware and many were also encrypted in a widespread global attack. The regional focus of the attacks on the VMware ESXi servers was on France, the USA, Germany and Canada - other countries are also affected. The perpetrators took advantage of a long-known vulnerability in the application's OpenSLP service, which triggered a "heap overflow" and ultimately allowed code to be executed remotely. In the meantime…

Read more

Lexmark SMB printers with critical 9.0 vulnerability
6. February 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Lexmark reports two vulnerabilities in over 120 relatively new printer models. Many devices are also for the SME sector and have network access. According to CVSSv3, a vulnerability has a base score of 9.0 and is therefore considered “critical”. Users of the models should urgently update the firmware, as remote attackers could run code. In the list of current safety instructions from Lexmark, there are two current entries for which a firmware update is recommended. According to the Common Vulnerability Scoring System Version 3.0 – CVSSv3 for short, the CVE-2023-22960 vulnerability has a score of…

Read more

Log4j: 72 percent of companies at risk
3 January 2023
| No comments
| PR News
Log4j: 72 percent of companies at risk

According to a study gleaned from over 500 million tests, 72 percent of organizations remain at risk from the Log4j vulnerability. The data highlights the problems in fixing security vulnerabilities. When Log4Shell was discovered in December 2021, companies around the world tried to determine their risk. In the weeks after the vulnerability became known, companies reallocated their resources and invested tens of thousands of hours identifying and remediating the problem. One state's federal cabinet reported that its security team spent 33.000 hours just fixing the...

Read more

© 2024 MedPressIT GbR
Cookie Settings