Most vulnerabilities associated with ransomware are old
Researchers identified 56 new vulnerabilities associated with ransomware threats among a total of 344 threats identified in 2022 – marking a 19% increase year-over-year. Threat actors are actively searching the internet and deep and dark web fo.....»»
Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337)
Cisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which (CVE-2024-20337) could be exploited by unauthenticated, remote attackers to grab users’ valid SAML a.....»»
Skybox 13.2 empowers organizations to identify and remediate vulnerabilities
Skybox Security announced Skybox 13.2, introducing enhancements to its Vulnerability and Threat Management solution. These updates mark a significant milestone in vulnerability prioritization and attack surface management, empowering organizations wi.....»»
VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation
VMware has fixed four vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255) in ESXi, Workstation, Fusion and Cloud Foundation, some of which could allow attackers to escape the sandbox and execute code on the host machine......»»
Major shifts in identity, ransomware, and critical infrastructure threat trends
In this Help Net Security video, Michelle Alvarez, Strategic Threat Analysis Manager at IBM X-Force, discusses the 2024 X-Force Threat Intelligence Index, revealing top threats and trends the team observed last year across its global engagements and.....»»
VMware sandbox escape bugs are so critical, patches are released for end-of-life products
VMware ESXi, Workstation, Fusion, and Cloud Foundation all affected. Enlarge (credit: Getty Images) VMware is urging customers to patch critical vulnerabilities that make it possible for hackers to break out of sandbox a.....»»
IONIX Exposure Validation identifies and prioritizes exploitable vulnerabilities
IONIX announced a significant extension to its Attack Surface Management (ASM) platform, Automated Exposure Validation. Customers of IONIX can now benefit from Exposure Validation capabilities for continuous exploitability testing on production envir.....»»
Apple fixes two actively exploited iOS zero-days (CVE-2024-23225, CVE-2024-23296)
Apple has fixed two iOS zero-day vulnerabilities (CVE-2024-23225, CVE-2024-23296) exploited by attackers in the wild. CVE-2024-23225 and CVE-2024-23296 On Tuesday, Apple released security updates for all three supported branches of iOS and iPadOS. iO.....»»
After collecting $22 million, AlphV ransomware group stages FBI takedown
Affiliate claims payment came from AlphV victim, and AlphV took the money and ran. Enlarge (credit: Getty Images) The ransomware group responsible for hamstringing the prescription drug market for two weeks has suddenly.....»»
NetApp cyber-resiliency capabilities protect both primary and secondary data
NetApp announced cyber-resiliency capabilities that will equip customers to better protect and recover their data in the face of ransomware threats. NetApp integrates artificial intelligence (AI) and machine learning (ML) directly into enterprise pri.....»»
Organizations are knowingly releasing vulnerable applications
92% of companies had experienced a breach in the prior year due to vulnerabilities of applications developed in-house, according to Checkmarx. AppSec managers and developers share application security duties In recent years the responsibility for app.....»»
Hackers exploited Windows 0-day for 6 months after Microsoft knew of it
Technically, Microsoft doesn't consider such bugs as vulnerabilities. It patched it anyway. Enlarge (credit: Getty Images) Hackers backed by the North Korean government gained a major win when Microsoft left a Windows ze.....»»
US prescription market hamstrung for 9 days (so far) by ransomware attack
Patients having trouble getting lifesaving meds have the AlphV crime group to thank. Enlarge (credit: Getty Images) Nine days after a Russian-speaking ransomware syndicate took down the biggest US health care payment pro.....»»
Cybercriminals harness AI for new era of malware development
The alliance between ransomware groups and initial access brokers (IABs) is still the powerful engine for cybercriminal industry, as evidenced by the 74% year-on-year increase in the number of companies that had their data uploaded on dedicated leak.....»»
ALPHV/BlackCat threatens to leak data stolen in Change Healthcare cyberattack
The ALPHV/BlackCat ransomware group has claimed responsibility for the cyberattack that targeted Optum, a subsidiary of UnitedHealth Group (UHG), causing disruption to the Change Healthcare platform and affecting pharmacy transactions across the US......»»
White House: Use memory-safe programming languages to protect the nation
The White House is asking the technical community to switch to using memory-safe programming languages – such as Rust, Python, Swift, C#, Java, and Go – to prevent memory corruption vulnerabilities from entering the digital ecosystem. Acc.....»»
LockBit leak site is back online
LockBitSupp, the individual running the LockBit ransomware-as-a-service operation, has made good on one promise: the LockBit leak site is back online on backup domains, with lists of victims expected to be unveiled in the coming days. Law enforcement.....»»
ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708)
The recently patched vulnerabilities (CVE-2024-1709, CVE-2024-1708) in ConnectWise ScreenConnect software are being exploited by numerous attackers to deliver a variety of malicious payloads. About ConnectWise ScreenConnect ConnectWise ScreenConnect.....»»
Unsurprisingly, LockBit ransomware crew has returned
It took it less than a week to come back online and even list new victims......»»
CVE count set to rise by 25% in 2024
The report from Coalition indicates an anticipated 25% rise in the total count of published common vulnerabilities and exposures (CVEs) for 2024, reaching 34,888 vulnerabilities, equivalent to approximately 2,900 per month. Sharp CVE increase heighte.....»»
Security Bite: Jamf warns cyber hygiene among many Apple-using businesses is ‘abysmal’
Hey, Arin here. Last week was the busiest for security so far this year. We saw an unprecedented offensive on the LockBit ransomware gang; Apple moved to make iMessage future-proof with quantum computer protection, and the topic of this week, Jamf’.....»»