Last week, Apache announced a vulnerability in Struts2 [1]. The path traversal vulnerability scored 9.5 on the CVSS scale. If exploited, the vulnerability allows file uploads into otherwise restricted directories, which may lead to remote code execution if a webshell…
Week in review: Microsoft fixes exploited 0-day, top cybersecurity books for your holiday gift list
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes exploited zero-day (CVE-2024-49138) On December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of its products, including a zero-day (CVE-2024-49138) that’s…
Group-IB Unveils Sophisticated Phishing Campaign Targeting Global Organizations
A recent report by Group-IB has exposed a highly advanced phishing campaign targeting employees from 30 companies across 15 jurisdictions. Using trusted domains and cutting-edge personalization techniques, attackers have bypassed Secure Email Gateways (SEGs) and exploited victims in critical…
IT Security News Hourly Summary 2024-12-15 18h : 1 posts
1 posts were published in the last hour 16:34 : PUMAKIT, a sophisticated rootkit that uses advanced stealth mechanisms
PUMAKIT, a sophisticated rootkit that uses advanced stealth mechanisms
Researchers discovered PUMAKIT, a Linux rootkit capable of hiding files, escalating privileges, and evading system tools and detection. Elastic Security Lab researchers discovered a new loadable kernel module (LKM) rootkit called PUMAKIT that supports advanced evasion mechanisms. PUMAKIT features a multi-stage…
Auguria Unveils Upgraded Security Knowledge Layer Platform at Black Hat Europe 2024
Auguria, Inc., a leader in AI-driven security operations solutions, has introduced the latest enhancements to its Security Knowledge Layer™ Platform. The updated platform now integrates with major data sources, including SentinelOne, CrowdStrike, Palo Alto Networks, and Microsoft Windows Event Logs.…
Weihnachtliche Betrugsmaschen: Diese Cyberangriffe solltest du kennen und meiden
Um die Weihnachtszeit nehmen Betrugsmaschen und Cyberangriffe wieder zu. Einige Maschen sind bei Cyberkriminellen dabei besonders beliebt. Welche das sind und wie ihr euch schützt, fassen wir euch zusammen. Dieser Artikel wurde indexiert von t3n.de – Software & Entwicklung Lesen…
IT Security News Hourly Summary 2024-12-15 15h : 4 posts
4 posts were published in the last hour 13:35 : [UPDATE] [hoch] PHP: Mehrere Schwachstellen 13:34 : How to Improve Your Cyber Resilience by Strengthening User Privileges 13:34 : Active Exploitation of Cleo Communications’ File Transfer Software Exposes Critical Vulnerabilities…
[UPDATE] [hoch] PHP: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in PHP ausnutzen, um einen Denial of Service Angriff durchzuführen, um Sicherheitsmechanismen zu umgehen und um unbekannte Auswirkungen zu erzielen. Dieser Artikel wurde indexiert von BSI Warn- und Informationsdienst (WID): Schwachstellen-Informationen (Security Advisories)…
How to Improve Your Cyber Resilience by Strengthening User Privileges
With virtually every aspect of your business in digital form now, it is far past… How to Improve Your Cyber Resilience by Strengthening User Privileges on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses. This…
Active Exploitation of Cleo Communications’ File Transfer Software Exposes Critical Vulnerabilities
< p style=”text-align: justify;”>Cleo Communications’ file transfer software is under active attack, with security researchers from Huntress revealing that a recently issued patch fails to address the critical flaws being exploited. This ongoing vulnerability poses a significant threat to…
Beyond Encryption: Advancing Data-in-Use Protection
In the ever-evolving landscape of cryptography, traditional encryption methods safeguarding data at rest and in transit remain foundational to cybersecurity strategies. However, the security of decrypted data actively used within… The post Beyond Encryption: Advancing Data-in-Use Protection appeared first on…
The Simple Math Behind Public Key Cryptography
The security system that underlies the internet makes use of a curious fact: You can broadcast part of your encryption to make your information much more secure. This article has been indexed from Security Latest Read the original article: The…
Is Bitcoin Vulnerable to Google’s Quantum Breakthrough?
Earlier this month, Google CEO Sundar Pichai announced the creation of their new quantum computing chips called “Willow“, which caused a few ripples in the Bitcoin investment community, but also caused some skepticism among Bitcoin skeptics due to the…
Data Breach at Datavant Exposes Thousands of Minors to Cyber Threats
< p style=”text-align: justify;”>While cybercriminals often target adults for their valuable financial and personal information, children are not exempt from these risks. This was made evident by a recent data breach involving health IT company Datavant, which exposed sensitive…
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 24
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. PROXY.AM Powered by Socks5Systemz Botnet AppLite: A New AntiDot Variant Targeting Mobile Employee Devices Inside Zloader’s Latest Trick: DNS Tunneling BSI…
IT Security News Hourly Summary 2024-12-15 12h : 1 posts
1 posts were published in the last hour 10:32 : Security Affairs newsletter Round 502 by Pierluigi Paganini – INTERNATIONAL EDITION
Security Affairs newsletter Round 502 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. IOCONTROL cyberweapon used…
Fortinet Acquires Perception Point to Enhance AI-Driven Cybersecurity
< p style=”text-align: justify;”> Fortinet, a global leader in cybersecurity with a market valuation of approximately $75 billion, has acquired Israeli company Perception Point to bolster its email and collaboration security capabilities. While the financial terms of the deal…
Bluesky: Deutschsprachige Bots auf dem Vormarsch – was steckt dahinter?
Bluesky könnte ein ernsthaftes Bot-Problem bekommen. Aktuell gibt es erste Anzeichen, dass sich Fake-Accounts mit KI-generierten Posts auf der Plattform verbreiten. Dieser Artikel wurde indexiert von t3n.de – Software & Entwicklung Lesen Sie den originalen Artikel: Bluesky: Deutschsprachige Bots auf…
Fritz OS 8.1 Update: Was bringt das neue Update für Fritzbox-Nutzer?
Der Router-Hersteller AVM hat erneut seine Firmware verbessert. Das aktuelle Update ist bislang nur für ein bestimmtes Router-Modell der Fritzbox-Reihe verfügbar, bringt aber jede Menge aktualisierte Features mit sich. Dieser Artikel wurde indexiert von t3n.de – Software & Entwicklung Lesen…
Sicherheitstag ASW Nord: Revolution in der Sicherheit
Wie wird sich die Sicherheitslage in den nächsten Jahren verändern? Darüber diskutierten die Teilnehmer am 5. Dezember 2024 in Hamburg beim 9. Sicherheitstag des ASW Nord nach dem Motto „Security Revolution“. Dieser Artikel wurde indexiert von Newsfeed Lesen Sie den…
Securing Against Shopping Scams: Cybersecurity Risks to Avoid During the Holidays
The holiday season is largely characterized by a significant rise in consumer spending, and digital deals for Black Friday and Cyber Monday have advanced the continued shift from in-person to online shopping. As shoppers eagerly flood websites, applications, and digital…
IT Security News Hourly Summary 2024-12-15 06h : 4 posts
4 posts were published in the last hour 4:7 : Innovating with Secure Secrets Rotation Techniques 4:7 : Proactive Approaches to Identity and Access Management 4:7 : Navigating Cloud Security for Future Proofing Your Assets 4:7 : Gaining Confidence Through…