Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild. Of the 72 flaws, 17 are rated…
Apple iPhone Users Warned About Data-Stealing Vulnerability in TCC Feature
Apple iPhone users are being alerted to a critical security flaw that could potentially allow hackers to steal sensitive data. This vulnerability exists within the Transparency, Consent, and Control (TCC) feature of Apple’s operating system, posing serious risks to user…
Pros and Cons of Differentiating Cloud Security Tools
As organizations increasingly migrate their operations to the cloud, securing sensitive data and ensuring privacy have become top priorities. Cloud security tools play a pivotal role in helping organizations safeguard their digital assets from cyber threats. However, businesses must decide…
Massive Data Breach Hits Senior Dating Website, Exposing Over 765,000 Users
The 40+ dating platform Senior Dating has been the victim of a data breach, compromising the personal information of 765,517 users. The breach, linked to an exposed Firebase database, has raised serious concerns about protecting sensitive data in online matchmaking…
U.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos Firewalls
The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020. Guan Tianfeng (aka gbigmao and gxiaomao), who is said to have worked at Sichuan Silence Information Technology…
Weitgehend ignoriert: Firefox entfernt Haken für “Do Not Track”
Seit Jahren kann man in Firefox einstellen, dass man keine Verfolgung des Surfverhaltens wünscht. Weil das zumeist ignoriert wurde, wird diese Option entfernt. Dieser Artikel wurde indexiert von heise Security Lesen Sie den originalen Artikel: Weitgehend ignoriert: Firefox entfernt Haken…
WPForms Vulnerability Let Users Issues Subscription Payments
A critical security vulnerability, tracked as CVE-2024-11205, was recently discovered in the popular WordPress plugin, WPForms, which boasts over 6 million active installations globally. This flaw, identified by researcher villu164 through the Wordfence Bug Bounty Program, allows authenticated users with at least subscriber-level…
Are pre-owned smartphones safe? How to choose a second-hand phone and avoid security risks
Buying a pre-owned phone doesn’t have to mean compromising your security – take these steps to enjoy the benefits of cutting-edge technology at a fraction of the cost This article has been indexed from WeLiveSecurity Read the original article: Are…
Patch Tuesday Update – December 2024
In this Patch Tuesday edition, Microsoft addressed 72 CVEs, including 1 Zero-Day, 16 Criticals, 54 Important and 1 Moderate—the one Zero-Day was found to be actively exploited in the wild. From an Impact perspective, Escalation of Privilege (EoP) vulnerabilities accounted…
Open source malware up 200% since 2023
Sonatype’s 2024 Open Source Malware Threat Report reveals that the number of malicious packages has surpassed 778,500 since tracking began in 2019. In 2024, researchers examined how threat actors leverage malicious open-source packages to target developers, particularly as enterprises increasingly…
US names Chinese national it alleges was behind 2020 attack on Sophos firewalls
Also sanctions his employer – an outfit called Sichuan Silence linked to Ragnarok ransomware The US Departments of Treasury and Justice have named a Chinese business and one of its employees as the actors behind the 2020 exploit of a…
Cybersecurity in the Digital Frontier: Reimagining Organizational Resilience
The digital landscape has become treacherous, and organizations must constantly reinvent their defensive strategies. Gone are the days of simple firewalls and basic security protocols. Today’s cyber challenges demand a revolutionary approach that combines strategic thinking, technological innovation, and human…
Why crisis simulations fail and how to fix them
In this Help Net Security interview, Allison Ritter, Head of Cyber Experiential Exercising at Cyberbit, shares her insights on the key differences between in-person and virtual cyber crisis simulations and what makes each approach effective. Ritter highlights the need for…
IT Security News Hourly Summary 2024-12-11 06h : 1 posts
1 posts were published in the last hour 4:32 : Containers have 600+ vulnerabilities on average
Containers have 600+ vulnerabilities on average
Containers are the fastest growing – and weakest cybersecurity link – in software supply chains, according to NetRise. Companies are struggling to get container security right. Issues from misconfigured clouds, containers, and networks to uncertainty over who owns container security…
Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities
Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution. The list of vulnerabilities is as follows – CVE-2024-11639 (CVSS score:…
Patch Tuesday, December 2024 Edition
Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common……
The ‘Ghost Gun’ Linked to Luigi Mangione Shows Just How Far 3D-Printed Weapons Have Come
The design of the gun police say they found on the alleged United Healthcare CEO’s killer—the FMDA or “Free Men Don’t Ask”—was released by a libertarian group. This article has been indexed from Security Latest Read the original article: The…
IT Security News Hourly Summary 2024-12-11 03h : 5 posts
5 posts were published in the last hour 2:3 : Vulnerability Symbiosis: vSphere?s CVE-2024-38812 and CVE-2024-38813 [Guest Diary], (Wed, Dec 11th) 2:3 : ISC Stormcast For Wednesday, December 11th, 2024 https://isc.sans.edu/podcastdetail/9250, (Wed, Dec 11th) 2:3 : Post-Quantum Cryptography: The Implications…
Vulnerability Symbiosis: vSphere?s CVE-2024-38812 and CVE-2024-38813 [Guest Diary], (Wed, Dec 11th)
[This is a Guest Diary by Jean-Luc Hurier, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Vulnerability Symbiosis: vSphere?s CVE-2024-38812 and CVE-2024-38813…
ISC Stormcast For Wednesday, December 11th, 2024 https://isc.sans.edu/podcastdetail/9250, (Wed, Dec 11th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, December 11th, 2024…
Post-Quantum Cryptography: The Implications of Google’s Willow and Other Quantum Computers for Cybersecurity
Quantum computing was long considered to be part of a distant future. However, it is quickly becoming a reality. Google’s recent announcement of its Willow quantum computing chip is a breakthrough generating significant media attention and questions about the implications…
Staying Ahead: The Role of NHIDR in Modern Cybersecurity
Why is NHIDR Crucial in Modern Cybersecurity? For organizations to stay ahead in this dynamic cybersecurity landscape, it’s imperative to embrace innovative and comprehensive security methodologies. One such methodology is Non-Human Identity and Access Management (NHIDR). NHIDR is a revolutionary…
U.S. CISA adds Microsoft Windows CLFS driver flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows Common Log File System (CLFS) driver flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Microsoft Windows Common Log File System (CLFS) driver…