In this Patch Tuesday edition, Microsoft addressed 72 CVEs, including 1 Zero-Day, 16 Criticals, 54 Important and 1 Moderate—the one Zero-Day was found to be actively exploited in the wild. From an Impact perspective, Escalation of Privilege (EoP) vulnerabilities accounted…
Category: EN
Open source malware up 200% since 2023
Sonatype’s 2024 Open Source Malware Threat Report reveals that the number of malicious packages has surpassed 778,500 since tracking began in 2019. In 2024, researchers examined how threat actors leverage malicious open-source packages to target developers, particularly as enterprises increasingly…
US names Chinese national it alleges was behind 2020 attack on Sophos firewalls
Also sanctions his employer – an outfit called Sichuan Silence linked to Ragnarok ransomware The US Departments of Treasury and Justice have named a Chinese business and one of its employees as the actors behind the 2020 exploit of a…
Cybersecurity in the Digital Frontier: Reimagining Organizational Resilience
The digital landscape has become treacherous, and organizations must constantly reinvent their defensive strategies. Gone are the days of simple firewalls and basic security protocols. Today’s cyber challenges demand a revolutionary approach that combines strategic thinking, technological innovation, and human…
Why crisis simulations fail and how to fix them
In this Help Net Security interview, Allison Ritter, Head of Cyber Experiential Exercising at Cyberbit, shares her insights on the key differences between in-person and virtual cyber crisis simulations and what makes each approach effective. Ritter highlights the need for…
Containers have 600+ vulnerabilities on average
Containers are the fastest growing – and weakest cybersecurity link – in software supply chains, according to NetRise. Companies are struggling to get container security right. Issues from misconfigured clouds, containers, and networks to uncertainty over who owns container security…
Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities
Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution. The list of vulnerabilities is as follows – CVE-2024-11639 (CVSS score:…
Patch Tuesday, December 2024 Edition
Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common……
The ‘Ghost Gun’ Linked to Luigi Mangione Shows Just How Far 3D-Printed Weapons Have Come
The design of the gun police say they found on the alleged United Healthcare CEO’s killer—the FMDA or “Free Men Don’t Ask”—was released by a libertarian group. This article has been indexed from Security Latest Read the original article: The…
Vulnerability Symbiosis: vSphere?s CVE-2024-38812 and CVE-2024-38813 [Guest Diary], (Wed, Dec 11th)
[This is a Guest Diary by Jean-Luc Hurier, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Vulnerability Symbiosis: vSphere?s CVE-2024-38812 and CVE-2024-38813…
ISC Stormcast For Wednesday, December 11th, 2024 https://isc.sans.edu/podcastdetail/9250, (Wed, Dec 11th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, December 11th, 2024…
Post-Quantum Cryptography: The Implications of Google’s Willow and Other Quantum Computers for Cybersecurity
Quantum computing was long considered to be part of a distant future. However, it is quickly becoming a reality. Google’s recent announcement of its Willow quantum computing chip is a breakthrough generating significant media attention and questions about the implications…
Staying Ahead: The Role of NHIDR in Modern Cybersecurity
Why is NHIDR Crucial in Modern Cybersecurity? For organizations to stay ahead in this dynamic cybersecurity landscape, it’s imperative to embrace innovative and comprehensive security methodologies. One such methodology is Non-Human Identity and Access Management (NHIDR). NHIDR is a revolutionary…
U.S. CISA adds Microsoft Windows CLFS driver flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows Common Log File System (CLFS) driver flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Microsoft Windows Common Log File System (CLFS) driver…
Microsoft December 2024 Patch Tuesday addressed actively exploited zero-day
Microsoft December 2024 Patch Tuesday security updates addressed 71 vulnerabilities including an actively exploited zero-day. Microsoft December 2024 Patch Tuesday security updates addressed 71 vulnerabilities in Windows and Windows Components, Office and Office Components, SharePoint Server, Hyper-V, Defender for Endpoint,…
Webhook security: Risks and best practices for mitigation
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Search Security Resources and Information from TechTarget Read the original article: Webhook security: Risks and best practices…
Why software composition analysis is essential for open source security
Open source software security and dependency management have never been more critical, as organizations strive to protect their software supply chains while navigating increasing complexity and risks. The post Why software composition analysis is essential for open source security appeared…
Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities
The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.” This article has been indexed from Cisco Talos Blog Read the original article: Microsoft Patch…
VERT Threat Alert: December 2024 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s December 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1136 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-49138 The only vulnerability that has been…
Microsoft holds last Patch Tuesday of the year with 72 gifts for admins
Twas the night before Christmas, and all through the house, patching was done with the click of a mouse Microsoft hasn’t added too much coal to the stocking this Patch Tuesday, with just 72 fixes, only one of which scored…