Japanese telecommunications conglomerate NTT Communications (NTT Com) disclosed this week that threat actors infiltrated its internal systems in February, compromising sensitive data belonging to 17,891 corporate clients globally. The breach, detected on February 5, marks the latest in a series…
Apache Pinot Vulnerability Let Attackers Bypass Authentication
A critical security vulnerability (CVE-2024-56325) in Apache Pinot, the open-source distributed OLAP datastore used by LinkedIn, Uber, and Microsoft for real-time analytics, allows unauthenticated attackers to bypass authentication controls and gain full system access. Rated 9.8 on the CVSS v3…
New Botnet Dubbed “Eleven11bot” Hacked 30,000 Webcams
A newly identified botnet, tracked as Eleven11bot, has compromised approximately 30,000 internet-connected devices—primarily security cameras and network video recorders (NVRs)—to launch distributed denial-of-service (DDoS) attacks against critical infrastructure. Discovered by Nokia Deepfield’s Emergency Response Team (ERT) on February 26, 2025,…
SolarWinds Web Help Desk Vulnerability Let Hackers Access Stored Passwords – PoC Released
A critical vulnerability in SolarWinds’ Web Help Desk software (CVE-2024-28989) allowed attackers to decrypt sensitive credentials, including database passwords and LDAP/SMTP authentication secrets, through cryptographic weaknesses in its AES-GCM implementation. Patched in version 12.8.5, the flaw stemmed from predictable encryption…
Microsoft March 2025 Patch Tuesday: Fixes for 57 Vulnerabilities & 6 Actively Exploited Zero-Days
Microsoft’s March 2025 Patch Tuesday addresses 57 vulnerabilities, including six zero-day vulnerabilities that are currently being exploited. The security update includes fixes for Windows, Microsoft Office, Azure, and other components. The March update included fixes for: In addition to the…
CISA worker says 100-strong Red Team fired after DOGE cancelled contract
Election infosec advisory agency also shuttered A penetration tester who worked at the US govt’s CISA claims his 100-strong team was dismissed after Elon Musk’s Trump-blessed DOGE unit cancelled a contract – and that more staff at the cybersecurity agency…
IT Security News Hourly Summary 2025-03-12 03h : 1 posts
1 posts were published in the last hour 1:34 : Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws
Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws
Microsoft tackles 50-plus security blunders, Adobe splats 3D bugs, and Apple deals with a doozy Patch Tuesday Microsoft’s Patch Tuesday bundle has appeared, with a dirty dozen flaws competing for your urgent attention – six of them rated critical and…
Lazarus Group Hid Backdoor in Fake npm Packages in Latest Attack
Lazarus Group targets developers with malicious npm packages, stealing credentials, crypto, and installing backdoor. Stay alert to protect your projects. This article has been indexed from Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News Read the original article:…
Mehr Privatsphäre: Whatsapp testet neue Funktion für Video-Anrufe
Videocalls in Whatsapp sind praktisch – aber nicht immer will man sich selbst auch direkt zeigen. Eine neue Funktion in einer Betaversion erlaubt es, Videocalls ohne Bildübertragung anzunehmen. Das bringt nicht nur mehr Privatsphäre, sondern könnte auch vor fiesen Betrugsmaschen…
Hat Elon Musk gelogen? DDoS-Attacke entlarvt gravierende Sicherheitsmängel bei X
Am 10. März kam es bei Elon Musks Plattform X zu stundenlangen Ausfällen. Musk machte einen Cyberangriff aus der Ukraine verantwortlich. Dem widersprechen Expert:innen aber entschieden. Vielmehr sehen sie gravierende Sicherheitsmängel. Dieser Artikel wurde indexiert von t3n.de – Software &…
Microsoft: 6 Zero-Days in March 2025 Patch Tuesday
Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation. This article has been indexed from Krebs on Security Read the original…
Apple fixed the third actively exploited zero-day of 2025
Apple addressed a zero-day vulnerability, tracked as CVE-2025-24201, that has been exploited in “extremely sophisticated” cyber attacks. Apple has released emergency security updates to address a zero-day vulnerability, tracked as CVE-2025-24201, in the WebKit cross-platform web browser engine. The vulnerability…
Unlock the Power of ServiceNow CMDB with Grip Security
Enhance ServiceNow CMDB with Grip Security’s automated SaaS integration. Eliminate blind spots, reduce risk, and keep your CMDB continuously updated. The post Unlock the Power of ServiceNow CMDB with Grip Security appeared first on Security Boulevard. This article has been…
IT Security News Hourly Summary 2025-03-12 00h : 5 posts
5 posts were published in the last hour 22:55 : IT Security News Daily Summary 2025-03-11 22:32 : Navigating AI 🤝 Fighting Skynet 22:32 : Is Your Cloud App Server Secure? Best Practices for Data Protection 22:9 : Microsoft Patch…
IT Security News Daily Summary 2025-03-11
210 posts were published in the last hour 22:32 : Navigating AI 🤝 Fighting Skynet 22:32 : Is Your Cloud App Server Secure? Best Practices for Data Protection 22:9 : Microsoft Patch Tuesday for March 2025 — Snort rules and…
Navigating AI 🤝 Fighting Skynet
Using AI can be a great tool for adversarial engineering. This was just a bit of fun to see if it was possible todo and to learn more about automation but also proving you cannot trust git commit history nor…
Is Your Cloud App Server Secure? Best Practices for Data Protection
Almost every company nowadays depends on cloud computing since it is a necessary tool in the world of… This article has been indexed from Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News Read the original article: Is Your…
Microsoft Patch Tuesday for March 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for March of 2025 which includes 57 vulnerabilities affecting a range of products, including 6 that Microsoft marked as “critical”. This article has been indexed from Cisco Talos Blog Read the original article:…
Navigating AI 🤝 Fighting Skynet
Using AI can be a great tool for adversarial engineering. This was just a bit of fun to see if it was possible todo and to learn more about automation but also proving you cannot trust git commit history nor…
Navigating AI 🤝 Fighting Skynet
Using AI can be a great tool for adversarial engineering. This was just a bit of fun to see if it was possible todo and to learn more about automation but also proving you cannot trust git commit history nor…
Incident response for web application attacks
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Search Security Resources and Information from TechTarget Read the original article: Incident response for web application attacks
How the EU Product Liability Directive (EU PLD) is Changing Software Security | Contrast Security
Companies that sell software that can be used or downloaded by anyone in the European Union are facing a major new liability. Late last year, the European Commission finalized fundamental changes to the EU Product Liability Directive (PLD) — changes…
Navigating AI 🤝 Fighting Skynet
Using AI can be a great tool for adversarial engineering. This was just a bit of fun to see if it was possible todo and to learn more about automation but also proving you cannot trust git commit history nor…