Android smartphone device manufacturer Samsung has a patch for a flaw used by commercial surveillance hackers to implant malware in the United Arab Emirates. The U.S. Cybersecurity and Infrastructure Security Agency on Friday gave federal agencies until June 9 to patch the vulnerability.
Proposed class action lawsuits are piling up over hackers' use of a vulnerability in Fortra's GoAnywhere secure file transfer and a resulting data breach affecting 3 million individuals. NationsBenefits Holdings disclosed that hackers accessed personal information by using the widely exploited flaw.
Apple is patching actively exploited zero-day flaws in its browser rendering engine for mobile devices, and one cybersecurity firm says the vulnerabilities are likely evidence of takeover attacks. Two of the bugs were the subject of Apple's first-ever Rapid Security Response.
Federal authorities are warning healthcare sector entities of a rise in cyberattacks against Veeam's Backup & Replication software. Some incidents appear tied to exploitation of a high-severity vulnerability in the vendor's software in that was disclosed in March.
Microsoft issued an optional patch Tuesday as part of its monthly dump of fixes that addresses for the second time a Secure Boot zero-day vulnerability exploited by BlackLotus UEFI malware. The patch is optional since the attacker must have admin privileges or physical access to the device.
Security researchers say a slight modification to a Microsoft Exchange zero day attack used by Russian state hackers can bypass a patch the computing giant introduced in March. Microsoft patched the modified attack during this month's dump of fixes, rating the bug as "important" but not "critical."
2023 is the year of exposure, said Cyentia Institute's Wade Baker. Exposure dominated Cyentia research this year, and many breaches were linked to mistakes in vulnerability management and poorly managed identities. Organizations are struggling with prioritizing hardware and software vulnerabilities.
The tally of individuals whose sensitive information was compromised by the exploitation of a zero-day vulnerability in Fortra's GoAnyWhere secure file transfer software is growing by millions as more entities report heath data breaches to regulators.
An affiliate of the Russian-speaking Clop ransomware-as-a-service gang and the LockBit cybercrime group are each exploiting vulnerabilities in popular print management software. PaperCut began urging customers to update their software earlier this month after customer reports of suspicious activity.
Hackers are attempting to infect a consumer-grade Wi-Fi router model with Mirai botnet malware following the discovery of zero-days in the device in a December hacking competition. TP-Link released a patch in mid-March. Telemetry shows infections in Eastern Europe and elsewhere.
Hackers have seized on the API revolution to drive a surge in attacks that exploit poorly coded applications, reports Akamai, in a warning echoed by other cybersecurity experts. The vector driving the most growth in API attacks is local file inclusion.
Silicon Valley giant Google called on tech companies to be more robust in their approach to patching vulnerabilities in an afternoon marked by announcements designed to boost vulnerability research. Google money is supporting the Hacking Policy Council and the Security Research Legal Defense Fund.
Cybersecurity authorities issued a road map Thursday detailing how software manufacturers should go about baking security into their design processes. The document details how manufacturers should adjust their design and development programs to ensure software is secure.
Microsoft has issued fixes for 114 vulnerabilities, including patching a zero-day flaw being actively exploited by a ransomware group and updating guidance to block a vulnerability from 2013 that was recently exploited for the software supply chain attack on 3CX users, attributed to North Korea.
Security experts are urging users of IBM's Aspera Faspex file-exchange application to take it offline immediately unless they've patched a flaw being actively exploited by ransomware groups, including Buhti and IceFire. Separately, QNAP is warning customers to prepare for emergency security fixes.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.
