Vulnerabilities - The Data Breach Times

November 26, 2024

854 views 56 secs 0

Russian Hackers Target Mozilla, Windows in New Exploit Chain

Two vulnerabilities in Mozilla products and Windows are actively exploited by RomCom, a Kremlin-linked cybercriminal group known for targeting businesses and conducting espionage, warn security researchers from Eset. GovInfoSecurity reports: Researchers identified two critical vulnerabilities in Mozilla Foundation products. One, tracked as CVE-2024-9680 is a use-after-free flaw allowing code execution in the Firefox and the Thunderbird email client. It […]

New Threats, News, Vulnerabilities

November 19, 2024

1116 views 27 secs 0

One Million Websites Vulnerable To Dangerous Sitting Duck Cyber Attacks

As Forbes reports, hijacking internet domains is nothing new, but a new Infoblox report reveals how the threat has evolved into an ongoing attack methodology. Forbes explains: The sitting duck cyber attacks are, Infoblox said, “easy to execute for actors, hard to detect for security teams.” To understand why you need to look at what vulnerability […]

News, Commentaries and Analyses, Vulnerabilities

November 19, 2024

998 views 21 secs 0

Majority of firms using generative AI experience related security incidents – even as it empowers security teams

How many times do we read about something new and think, “What can possibly go wrong, right?” Some new research by the Capgemini Research Institute found that 97% of organizations using generative AI were affected by data breaches or security concerns linked to generative AI, and most do not have an adequate budget to deal with […]

Vulnerabilities

November 15, 2024

844 views 58 secs 0

Five Eyes infosec agencies list 2024’s most exploited software flaws

The cyber security agencies of the UK, US, Canada, Australia, and New Zealand have issued their annual list of the 15 most exploited vulnerabilities. The Register reports: The top two spots on the list go to Citrix, which topped the chart with a remote code execution bug in versions 12 and 13 of NetScaler ADC and Gateway. […]

News, Data Breach News, Vulnerabilities

September 13, 2024

1149 views 48 secs 0

Fortinet Confirms Limited Data Breach After Hacker Leaks 440 GB of Data

A hacker claims to have stolen 440 GB of data from cybersecurity firm Fortinet, exploiting an Azure SharePoint vulnerability. The breach, dubbed “Fortileak,” was revealed on a forum with access credentials shared online. HackRead reports: Dubbed Fortileak by the hacker, the breach allegedly originates from an exposure in Fortinet’s Azure SharePoint instance. In the forum post, the […]

Commentaries and Analyses, New Threats, Vulnerabilities

September 02, 2024

1183 views 56 secs 0

Microsoft says North Korean hackers stole crypto through Chromium

A vulnerability on multiple web browsers was exploited by the Citrine Sleet threat actor to steal crypto from its victims, according to Microsoft. A Microsoft report claims a North Korean threat actor has been exploiting a flaw on Chromium to steal cryptocurrency. The company’s security blog attributed the exploitation of this bug “with medium confidence” […]

Vulnerabilities, Miscellaneous News

July 30, 2024

280 views 26 secs 0

Ransomware gangs are loving this dumb but deadly make-me-admin ESXi vulnerability

An article in The Register begins with a simple question: Do you have your VMware ESXi hypervisor joined to Active Directory? If you don’t know what The Register is even talking about, pass this article to your IT department directly. The Register explains the significance of a recently patched vulnerability, and why you should patch […]

Data Breach News, Vulnerabilities

June 26, 2024

938 views 30 secs 0

Another MOVEit vulnerability: PATCH immediately!

Once again, threat actors are jumping to exploit a newly identified vulnerability in Progress MOVEit Transfer software. As Bleeping Computer reports, exploit attempts were noted less than 24 hours after the vendor disclosed the vulnerability. The new security issue received the identifier CVE-2024-5806 and allows attackers to bypass the authentication process in the Secure File Transfer Protocol […]

Vulnerabilities, Data Breach News, New Threats, News

April 13, 2024

1141 views 50 secs 0

Sisense breach and Palo Alto Networks vulnerability made for a busy week for CISOs

Sisense Security Week reports: The US government cybersecurity agency CISA on Thursday issued a red-alert for what appears to be a massive supply chain breach at Sisense, a New York company that sells big-data analytics tools to businesses. In a cryptic note, CISA warned of a recent “compromise of Sisense customer data” that was discovered […]

Consumer Alerts, Vulnerabilities

March 21, 2024

990 views 48 secs 0

Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds

“Two quick taps and we open the door” This may give you second thoughts about any hotel you stay in, or at least what brand of keycard door lock they use for hotel rooms. Andy Greenberg of WIRED reports: When thousands of security researchers descend on Las Vegas every August for what’s come to be […]