Attackers swipe data from Pennsylvania teachers union Infosys settles $17.5M lawsuit after third-party breach Top U.S. sperm bank discloses data breach Thanks to this week episode sponsor, DeleteMe Data brokers bypass online safety measures to sell your name, address, and…
Berlin TXL: Ein neues Stück Stadt
Der alte Flughafen Tegel in Berlin hat nach seiner Schließung eine neue Bestimmung erhalten: Auf dem riesigen Areal entstehen die Urban Tech Republic, ein Forschungs- und Industriepark für urbane Technologien, sowie das Schumacher Quartier für mehr als 10.000 Menschen. Um…
Schwerwiegende Sicherheitslücken bedrohen Serverbetriebssystem IBM AIX
Angreifer können an zwei Sicherheitslücken in IBM AIX ansetzen, um Server zu kompromittieren. Außerdem gibt es Updates für IBM License Metric Tool v9. Dieser Artikel wurde indexiert von heise security News Lesen Sie den originalen Artikel: Schwerwiegende Sicherheitslücken bedrohen Serverbetriebssystem…
Imperva Protects Against Apache Tomcat Deserialization Vulnerability
Overview A newly disclosed vulnerability, CVE-2025-24813, affecting Apache Tomcat, has been identified as a high-risk path equivalence vulnerability that allows attackers to manipulate filenames with internal dots (.) under specific conditions, leading to unauthorized file access, modification, and potential remote…
News alert: SpyCloud study shows Darknet identity exploitation arising to become a primary cyber risk
Austin, TX, Ma. 19, 2025, CyberNewswire — The average corporate user now has 146 stolen records linked to their identity, an average 12x increase from previous estimates, reflecting a surge in holistic identity exposures. SpyCloud, the leading identity threat ……
News alert: SecPod launches ‘Saner Cloud’ — CNAPP platform for real-time, automated security
Bengaluru, India, Mar. 19, 2025, CyberNewswire — SecPod, a global cybersecurity provider, has announced the General Availability of Saner Cloud, a Cloud-Native Application Protection Platform designed to provide automated remediation and workload security across multi-cloud environments. Unlike conventional security ……
News alert: Knocknoc raises seed funding to scale its just-in-time network access control technology
Sydney, Australia, Mar. 19, 2025, CyberNewswire — Sydney-based cybersecurity software company Knocknoc has raised a seed round from US-based venture capital firm Decibel Partners with support from CoAct and SomethingReal. The funding will support go-to-market, new staff, customer onboarding and…
IT Security News Hourly Summary 2025-03-20 09h : 7 posts
7 posts were published in the last hour 7:32 : CISA Warns of NAKIVO Backup Flaw Exploited in Attacks with PoC Released 7:32 : Kali Linux 2025.1a drops with theme refresh, Kali NetHunter updates 7:13 : FBI Wants You Not…
CISA Warns of NAKIVO Backup Flaw Exploited in Attacks with PoC Released
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a serious vulnerability in the NAKIVO Backup and Replication software, known as CVE-2024-48248. This vulnerability allows attackers to exploit an absolute path traversal flaw, enabling them to…
Kali Linux 2025.1a drops with theme refresh, Kali NetHunter updates
Kali Linux 2025.1a is now available. This release enhances existing features with improvements designed to streamline your experience. 2025 theme refresh Kali Linux 2025.1a introduces an annual theme refresh, maintaining a modern interface. This year’s update debuts a redesigned theme…
FBI Wants You Not to Fall for The Toll Road Smishing Scams
FBI has issued a public service announcement regarding the constantly increasing cases of toll road smishing scams. The Internet Crime Complaint Center (IC3) has received… The post FBI Wants You Not to Fall for The Toll Road Smishing Scams appeared…
SpyX Data Breach Exposes Personal Information of Nearly 2 Million Users
SpyX, a company known for developing spyware, has experienced a data breach that compromised the personal information of nearly 2 million users. As per a report posted by Have I been Pwned, the breach, which occurred on June 24, 2024,…
Critical Veeam Backup & Replication Vulnerability Allows Remote Execution of Malicious Code
A critical vulnerability in Veeam Backup & Replication software has been disclosed, posing a significant risk to users. This vulnerability, identified as CVE-2025-23120, allows remote code execution (RCE) by authenticated domain users. The severity of this issue is underscored by…
5 pitfalls that can delay cyber incident response and recovery
The responsibility of cyber incident response falls squarely on the shoulders of the CISO. And many CISOs invest heavily in technical response procedures, tabletop exercises and theoretical plans only to find out that when an actual breach strikes the organization…
CERT-UA Warns: Dark Crystal RAT Targets Ukrainian Defense via Malicious Signal Messages
The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a new campaign that targets the defense sectors with Dark Crystal RAT (aka DCRat). The campaign, detected earlier this month, has been found to target both employees of enterprises…
Kali Linux 2025.1a Released: New Tools and Desktop Environment Upgrades
Kali Linux, the renowned cybersecurity-focused Linux distribution, has just ushered in the new year with the release of Kali Linux 2025.1a. This update builds upon the existing features, offering myriad enhancements and improvements designed to give users a streamlined experience.…
Linux Kernel Vulnerability Allows Attackers to Escalate Privileges via Out-of-Bounds Write
A recently discovered vulnerability in the Linux kernel, identified as CVE-2025-0927, poses a significant threat to system security. This flaw, present in the HFS+ file system driver, allows attackers to exploit an out-of-bounds write condition, potentially leading to local privilege…
Chinese military-linked companies dominate US digital supply chain
Despite growing national security concerns and government restrictions, Chinese military-linked companies remain deeply embedded in the US digital supply chain, according to Bitsight. These organizations, many of which have been designated by the US Department of Defense as “Chinese Military…
How healthcare CISOs can balance security and accessibility without compromising care
In this Help Net Security interview, Sunil Seshadri, EVP and CSO at HealthEquity, talks about the growing risks to healthcare data and what organizations can do to stay ahead. He shares insights on vendor management, zero trust, and securing the…
IT Security News Hourly Summary 2025-03-20 06h : 4 posts
4 posts were published in the last hour 5:3 : How Web Browsers Have Become a Major Data Security Risk 5:3 : 70% of leaked secrets remain active two years later 4:35 : Kali Linux 2025.1a Released With New Tool…
How Web Browsers Have Become a Major Data Security Risk
For years, companies protected sensitive data by securing emails, devices, and internal networks. But work habits have changed. Now, most of the data moves through web browsers. Employees often copy, paste, upload, or transfer information online without realizing the…
70% of leaked secrets remain active two years later
Long-lived plaintext credentials have been involved in most breaches over the last several years, according to GitGuardian. When valid credentials, such as API keys, passwords, and authentication tokens, leak, attackers at any skill level can gain initial access or perform…
Kali Linux 2025.1a Released With New Tool & Updates to Desktop Environments
Kali Linux, the widely acclaimed cybersecurity-focused distribution, has officially unveiled its latest release, Kali Linux 2025.1a. This update not only significantly enhances desktop environments but also introduces exciting new tools and improvements tailored for cybersecurity professionals and enthusiasts. The release, available for download or upgrade, builds upon…
Why So Many Employee Phishing Training Initiatives Fall Short
During the work-from-home boom of 2020, GitLab, a company that largely employs tech-savvy individuals, decided to test its security by sending fake phishing messages to its WFH workers. About one out of every five tested employees fell for it, and…