The OpenSSL Project announced a high-severity vulnerability (CVE-2024-12797) affecting versions 3.2, 3.3, and 3.4 of the widely used cryptographic library. The vulnerability, discovered by Apple Inc. in December 2024, could potentially allow man-in-the-middle (MitM) attacks on TLS and DTLS connections…
The TAKE IT DOWN Act: A Flawed Attempt to Protect Victims That Will Lead to Censorship
< div class=”field field–name-body field–type-text-with-summary field–label-hidden”> < div class=”field__items”> < div class=”field__item even”> Congress has begun debating the TAKE IT DOWN Act (S. 146), a bill that seeks to speed up the removal of a troubling type of online content:…
Authorities Seize 8Base Ransomware Infrastructure, Arrest Four Russians
With “Operation Phobos Aetor,” international law enforcement, including the US DOJ and Europol, arrest four Russian nationals and seize infrastructure connected to the 8Bbase ransomware group, the largest affiliate of the prolific Phobos RaaS operation. The post Authorities Seize 8Base…
Cerebras-Perplexity deal targets $100B search market with ultra-fast AI
Cerebras and Perplexity AI partner to launch ultra-fast Sonar search model running at 1,200 tokens per second, challenging traditional search engines with specialized AI chips and near-instant results. This article has been indexed from Security News | VentureBeat Read the…
VERT Threat Alert: February 2025 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s February 2025 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1143 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2025-21391 A vulnerability in Windows Storage could…
Triplestrength hits victims with triple trouble: Ransomware, cloud hijacks, crypto-mining
These crooks have no chill A previously unknown gang dubbed Triplestrength poses a triple threat to organizations: It infects victims’ computers with ransomware, then hijacks their cloud accounts to illegally mine for cryptocurrency.… This article has been indexed from The…
Fortinet FortiOS & FortiProxy Zero-Day Exploited to Hijack Firewall & Gain Super Admin Access
Cybersecurity firm Fortinet has issued an urgent warning regarding a newly discovered zero-day authentication bypass vulnerability (CVE-2025-24472) affecting its FortiOS and FortiProxy products. This critical flaw enables remote attackers to obtain super-admin privileges by exploiting maliciously crafted CSF proxy requests.…
2025-02-10: StrelaStealer infection
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries Read the original article: 2025-02-10: StrelaStealer infection
Top 5 GRC Certifications for Cybersecurity Professionals
Governance, Risk, and Compliance (GRC) certifications have become crucial for professionals keen on securing cybersecurity and risk management roles. These certifications validate one’s skills and expertise, opening the door to new career opportunities in a dynamically changing environment. With the…
Microsoft Patch Tuesday February 2025 – 61 Vulnerabilities Fixed, 3 Zero-Day’s Actively Exploited
Microsoft released a security update as part of the February Patch Tuesday that addressed 61 vulnerabilities, including 25 classified as critical Remote Code Execution (RCE) vulnerabilities, including 3 zero-day vulnerabilities that were actively exploited in the wild. The update covers…
Fortinet 0-Day in FortiOS & FortiProxy Let Attackers Hijacks Firewall to Get Super Admin Access
Fortinet has issued an urgent warning about actively exploiting a new zero-day authentication bypass vulnerability (CVE-2025-24472) affecting its FortiOS and FortiProxy products. This critical flaw allows remote attackers to gain super-admin privileges by sending maliciously crafted CSF proxy requests. The…
Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391)
February 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 56 vulnerabilities, including two zero-days – CVE-2025-21418 and CVE-2025-21391 – under active exploitation. CVE-2025-21418 and CVE-2025-21391 CVE-2025-21418 is a vulnerability in the Windows Ancillary Function Driver (AFD.sys), which…
Experte: Suche nach gebrochenem Seekabel läuft mit einfachem Anker
Auf See wird das beschädigte Kabelstück nicht mit Hightech aufgefunden. Man schleift ein Grapnel über den Meeresboden. (Seekabel, Politik) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen Artikel: Experte: Suche nach gebrochenem Seekabel läuft mit einfachem…
Microsoft February 2025 Patch Tuesday, (Tue, Feb 11th)
This month, Microsoft has released patches addressing a total of 141 vulnerabilities. Among these, 4 are classified as critical, highlighting the potential for significant impact if exploited. Notably, 2 vulnerabilities are currently being exploited in the wild, underscoring the urgency…
CISA Adds Four Known Exploited Vulnerabilities to Catalog
CISA has added four vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-40891 Zyxel DSL CPE OS Command Injection Vulnerability CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability CVE-2025-21418 Microsoft Windows Ancillary Function Driver for WinSock…
UK, US, Oz blast holes in LockBit’s bulletproof hosting provider Zservers
UK foreign secretary says Putin is running a ‘corrupt mafia state’ One of the bulletproof hosting (BPH) providers used by the LockBit ransomware operation has been hit with sanctions in the US, UK, and Australia (AUKUS), along with six of…
Microsoft Patches ‘Wormable’ Windows Flaw and File-Deleting Zero-Day
The Microsoft Patch Tuesday machine hummed loudly this month urgent fixes for a pair of already-exploited Windows zero-days. The post Microsoft Patches ‘Wormable’ Windows Flaw and File-Deleting Zero-Day appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
The Current State of the CISO with Nick Kakolowski
Nick Kakolowski, senior research director for IANS, dives into a survey done in conjunction with Artico Search on the current state of the CISO. At its core, the study highlights how CISOs are facing an unprecedented expansion of responsibilities, with…
IT Security News Hourly Summary 2025-02-11 21h : 8 posts
8 posts were published in the last hour 19:32 : Microsoft Patch Tuesday for February 2025 — Snort rules and prominent vulnerabilities 19:32 : Microsoft Patch Tuesday February 2025: 61 Vulnerabilities Including 25 RCE & 3 0-Day 19:32 : Fortinet…
Microsoft Patch Tuesday for February 2025 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for January of 2025 which includes 58 vulnerabilities, including 3 that Microsoft marked as “critical” and one marked as “moderate”. The remaining vulnerabilities listed are classified as “important.” This article has been indexed…
Microsoft Patch Tuesday February 2025: 61 Vulnerabilities Including 25 RCE & 3 0-Day
Microsoft has released its highly anticipated Patch Tuesday security updates for February 2025, addressing a wide range of vulnerabilities across its products and services. This month’s release includes fixes for critical remote code execution (RCE) vulnerabilities, elevation of privilege flaws,…
Fortinet Addresses Critical Zero-Day & Multiple Vulnerabilities in Major Security Update
Fortinet has rolled out critical security updates to address a severe zero-day vulnerability (CVE-2025-24472) and multiple high-risk flaws across its product portfolio, including FortiOS, FortiProxy, FortiManager, and FortiAnalyzer. Fortinet warns of a new zero-day flaw (CVE-2025-24472), which allows attackers to…
Microsoft Patch Tuesday February 2025 – 61 Vulnerabilities Fixed, 3 Actively Exploited in the Wild
Microsoft released a security update as part of the February Patch Tuesday that addressed 61 vulnerabilities, including 25 classified as critical Remote Code Execution (RCE) vulnerabilities, including 3 actively exploited in the wild. The update covers a wide range of…
Adobe Plugs 45 Software Security Holes, Warn of Code Execution Risks
Patch Tuesday: Adobe patches 45 vulnerabilities across multiple products and warn of remote code execution exploitation risks. The post Adobe Plugs 45 Software Security Holes, Warn of Code Execution Risks appeared first on SecurityWeek. This article has been indexed from…