vulnerabilities

Mobile Security

Issued by: Dark Reading

Attackers are increasingly targeting users through their mobile devices, attacking vulnerabilities in services that are built into applications and mounting increasing numbers of SMS phishing attacks. That’s according to mobile security firm Zimperium’s 2023 “Global Mobile Threat Report,” which also found that the average number of unique mobile malware samples grew 51% in 2022, totaling…

Network Security

Issued by: SecurityWeek

Redmond’s monthly Patch Tuesday updates cover at least 70 documented vulnerabilities affecting the Windows ecosystem, including six critical issues that expose users to dangerous code execution attacks. According to Microsoft, none of the vulnerabilities have been publicly discussed or exploited in the wild. Windows network administrators are being urged to pay special attention to a…

Vulnerabilities

Issued by: DataBreach Today

The company behind the MOVEit managed file transfer application is urging customers into a new round of emergency patching after identifying additional vulnerabilities. Progress Software in a Friday update said it had identified additional SQL injection vulnerabilities allowing attackers access to the MOVEit transfer database. “These newly discovered vulnerabilities are distinct from the previously reported…

Software Security

Issued by: Security Affairs

Dark web intelligence firm Searchlight Cyber published a report that analyzes how threat actors in the dark web prepare their malicious operations against energy organizations. The threat actors use the hidden part of the web to share techniques, build their resources, and coordinate their attacks. The report published by the experts provides evidence of continuous…

Network Security

Issued by: DataBreach Today

Attackers on average have been enjoying slightly more than six days to exploit an unmitigated vulnerability before security teams resolve it, despite research continuing to demonstrate how hackers begin exploiting flaws within hours – or even minutes – of a new security alert being disclosed, researchers warned. That time lag between a new vulnerability coming…

News

Issued by: Dark Reading

For at least a decade now, career-minded security leaders have well understood the importance of effective communication with the board and CEO. CISOs know they must gain the buy-in of these decision makers to successfully instill a security-minded culture at their organization — not to mention to greenlight enough funds for an effective cybersecurity budget….

Cloud Security

Issued by: CSO Online

Recent destructive attacks against organizations that masquerade as a ransomware operation called DarkBit are likely performed by an advanced persistent threat (APT) group that’s affiliated with the Iranian government. During some of these operations the attackers didn’t limit themselves to on-premises systems but jumped into victims’ Azure AD environments where they deleted assets including entire…

Vulnerabilities

Issued by: SecurityWeek

The newest iOS 16.4.1 and iPadOS 16.4.1 updates cover code execution software flaws in IOSurfaceAccelerator and WebKit, suggesting a complex exploit chain was detected in the wild hitting the latest iPhone devices. “Apple is aware of a report that this issue may have been actively exploited,” Cupertino says in a barebones advisory that credits Google…