Tag: software
-
CVE program averts swift end after CISA executes 11-month contract extension
by
in SecurityNews
Tags: china, cisa, computer, cve, cyber, cybersecurity, data, defense, detection, endpoint, flaw, framework, government, infrastructure, intelligence, linkedin, mitre, nist, nvd, russia, service, software, technology, threat, update, vulnerability, vulnerability-managementImportant update April 16, 2025: Since this story was first published, CISA signed a contract extension that averts a shutdown of the MITRE CVE program.A CISA spokesperson sent CSO a statement saying, “The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure…
-
Hertz Data Breach Exposes Customer Information in Cleo Zero-Day Attack
by
in SecurityNewsHertz has confirmed a data breach exposing customer data after a zero-day attack targeting file transfer software from Cleo Communications First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/hertz-data-breach-exposes-customer/
-
Ransomware-Angriffe sind mit einem Anstieg von 126 Prozent im letzten Quartal durch die Decke gegangen.
by
in SecurityNewsDer Global-Cyber-Attack-Report Q1-2025 von Check Point Software Technologies zeigt eine starke Zunahme der Cyber-Angriffe in Deutschland mit 55 Prozent ein stärkeres Wachstum als weltweit (47 Prozent). Global sind besonders Ransomware-Angriffe mit einem Anstieg von 126 Prozent durch die Decke gegangen. In Deutschland stiegen die allgemeinen Cyber-Attacken im Vergleich zum ersten Quartal 2024 (+55 Prozent) […]…
-
Hertz Confirms Data Breach After Hackers Stole Customer PII
by
in SecurityNewsHertz confirms data breach linked to Cleo software flaw; Cl0p ransomware group leaked stolen data, exposing names, driver’s… First seen on hackread.com Jump to article: hackread.com/hertz-confirms-data-breach-hackers-stole-customer-pii/
-
Hackers Exploit Node.js to Spread Malware and Exfiltrate Data
by
in SecurityNewsThreat actors are increasingly targeting Node.js”, a staple tool for modern web developers”, to launch sophisticated malware campaigns aimed at data theft and system compromise. Microsoft Defender Experts (DEX) have reported a spike in such attacks since October 2024, especially focusing on malvertising and deceptive software installers. Node.js: From Developer Darling to Hacker’s Tool Node.js…
-
Best Crypto Tax Software in 2025: A Comprehensive Guide
by
in SecurityNewsKeeping up with crypto tax laws in Europe feels like a constant hurdle. Regulations evolve, tax authorities demand… First seen on hackread.com Jump to article: hackread.com/best-crypto-tax-software-in-2025-a-comprehensive-guide/
-
How Safe Are Your Non-Human Identities?
by
in SecurityNewsAre Your Non-Human Identities Secure? Where interactions between software, applications, and API components are crucial for seamless processes, Non-Human Identifies (NHIs) and their security cannot be overlooked. NHIs are machine identities that perform sessions, transactions, and process automation. But, are they well-protected against potential security threats? Understanding the Criticality of NHI Security Expanding digital, coupled……
-
15 Timeless Truths of SaaS Business in the Age of AI
The world is changing fast, AI is reshaping what’s possible in software. Tools are evolving, business models are shifting, and the speed of iteration…Read More First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/04/15-timeless-truths-of-saas-business-in-the-age-of-ai/
-
Faulty Nvidia Bug Patch Puts AI Containers at Risk
by
in SecurityNewsTrend Micro Finds Security Gap in Nvidia Container Toolkit. Users of software developed by AI powerhouse Nvidia for running containerized software on its GPU chips could still be vulnerable to hacks even if they applied a September 2024 patch, warns cybersecurity firm Trend Micro. The core issue lies in symbolic link handling. First seen on…
-
Russische Hacker-Gruppe APT29 führt ausgeklügelte Phishing-Kampagne gegen europäische Diplomaten durch
by
in SecurityNewsCheck Point Research (CPR), die Forschungsabteilung von Check Point Software Technologies hat eine signifikante Welle gezielter Phishing-Angriffe festgestellt, die im Januar 2025 begann. Diese Angriffe zielen speziell auf Regierungsbeamte und Diplomaten in ganz Europa ab und verwenden ausgefeite Techniken, Taktiken und Verfahren (TTPs), die denen einer früheren Phishing-Kampagne namens Wineloader sehr ähnlich sind. Diese wurde zuvor…
-
UK Software Firm Exposed 1.1TB of Healthcare Worker Records
by
in SecurityNews8M UK healthcare worker records, including IDs and financial data, exposed due to a misconfigured staff management database… First seen on hackread.com Jump to article: hackread.com/uk-software-firm-exposed-healthcare-worker-records/
-
Polizeiliche Datenanalyse: Mehrere Bundesländer gegen Einsatz von Palantir-Software
by
in SecurityNewsBundesrat und neue Bundesregierung wollen die Möglichkeiten zur polizeilichen Datenanalyse ausbauen. Doch es gibt Bedenken bei einem US-Hersteller. First seen on golem.de Jump to article: www.golem.de/news/polizeiliche-datenanalyse-mehrere-bundeslaender-gegen-einsatz-von-palantir-software-2504-195381.html
-
NetRise Raises $10 Million to Grow Software Supply Chain Security Platform
by
in SecurityNewsThe funding round brings the total amount raised by the NetRise to roughly $25 million. The post NetRise Raises $10 Million to Grow Software Supply Chain Security Platform appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/netrise-raises-10-million-to-grow-software-supply-chain-security-platform/
-
Paragon Hard Disk Manager Flaw Enables Privilege Escalation and DoS Attacks
by
in SecurityNews
Tags: access, attack, cyber, cybersecurity, dos, exploit, flaw, microsoft, ransomware, service, software, vulnerabilityParagon Software’s widely used Hard Disk Manager (HDM) product line has been found to contain five severe vulnerabilities in its kernel-level driver, BioNTdrv.sys, enabling attackers to escalate privileges to SYSTEM-level access or trigger denial-of-service (DoS) attacks. The flaws, now patched, were actively exploited in ransomware campaigns leveraging Microsoft-signed drivers, according to cybersecurity researchers. Overview of the Vulnerabilities The…
-
Top Four Considerations for Zero Trust in Critical Infrastructure
by
in SecurityNews
Tags: access, ai, attack, authentication, automation, best-practice, breach, business, cctv, ceo, cloud, communications, compliance, corporate, cyber, cybersecurity, data, defense, email, encryption, exploit, finance, group, hacker, healthcare, identity, infrastructure, iot, law, malicious, mfa, nis-2, privacy, regulation, risk, saas, service, software, strategy, threat, tool, vulnerability, zero-trustTop Four Considerations for Zero Trust in Critical Infrastructure madhav Tue, 04/15/2025 – 06:43 TL;DR Increased efficiency = increased risk. Critical infrastructure organizations are using nearly 100 SaaS apps on average and 60% of their most sensitive data is stored in the cloud. Threat actors aren’t naive to this, leading to a whopping 93% of…
-
Agentic AI is both boon and bane for security pros
by
in SecurityNewsRecent agentic security signposts: Recently, we have seen numerous examples of how quickly building your own autonomous AI agents has taken root. Microsoft last month demonstrated six new AI agents that work with its Copilot software that talk directly to its various security tools to identify vulnerabilities, flag identity and asset compromises. Simbian is hosting…
-
Cycode Named in Gartner’s 2025 Market Guide for Software Supply Chain Security
by
in SecurityNewsWe are proud to share that Cycode has been recognized as a Representative Vendor in the 2025 Gartner® Market Guide for Software Supply Chain Security (SSCS)… First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/cycode-named-in-gartners-2025-market-guide-for-software-supply-chain-security/
-
AI Awful at Fixing Buggy Code
by
in SecurityNewsLLMs Falter on Real-world Bugs, Even With Debugger Access: Microsoft. Artificial intelligence can code but it can’t debug says Microsoft after observing how large language models performed when given a series of real world software programming tests. Most LLMs struggle to resolve software bugs, even when given access to traditional developer tools such as debuggers.…
-
Aviation sector faces heightened cyber risks due to vulnerable software, aging tech
by
in SecurityNewsA report calls on federal authorities to conduct comprehensive risk assessments and take steps to modernize the air traffic control system. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/aviation-cyber-risks-aging-tech/745273/
-
Harmony-SaaS im Google-Cloud-Marketplace verfügbar
by
in SecurityNewsCheck Point Software Technologies stellt Harmony-SaaS, die hauseigene Lösung zur Absicherung von SaaS-Umgebungen, ab sofort im Google-Cloud-Marketplace zur Verfügung. Google-Cloud-Kunden können Check Points KI-Lösung einsetzen, um innerhalb ihres SaaS-Ökosystems den Überblick zu behalten, Aktivitäten zu verstehen, alles sofort abzusichern und auf schnellstem Wege zu SaaS-Sicherheit auf Unternehmensniveau gelangen. Die Bereitstellung adressiert das in vielen Unternehmen…
-
<> dominiert derzeit die Malware-Landschaft
by
in SecurityNewsCheck Point Software Technologies hat seinen Global-Threat-Index für März 2025 veröffentlicht. Darin zeigt sich die anhaltende Dominanz von , einer Downloader-Malware, die sowohl in Deutschland als auch weltweit die am weitesten verbreitete Cyberbedrohung ist. In diesem Monat haben Sicherheitsforscher eine neue Infiltrationskampagne aufgedeckt, in der die Ransomware-Gruppe Ransomhub ihre Angriffe über die Malware Fakeupdates initiiert.…
-
AI Hallucinations Create a New Software Supply Chain Threat
by
in SecurityNewsResearchers uncover new software supply chain threat from LLM-generated package hallucinations. The post AI Hallucinations Create a New Software Supply Chain Threat appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/ai-hallucinations-create-a-new-software-supply-chain-threat/
-
Frequently Asked Questions About Model Context Protocol (MCP) and Integrating with AI for Agentic Applications
by
in SecurityNewsThe emergence of Model Context Protocol for AI is gaining significant interest due to its standardization of connecting external data sources to large language models (LLMs). While these updates are good news for AI developers, they raise some security concerns. In this blog we address FAQs about MCP. Background Tenable Research has compiled this blog…
-
Russian Shuckworm APT is back with updated GammaSteel malware
by
in SecurityNewsfiles.lnk, launched from an external drive. This was recorded under the UserAssist key in the Registry, which stores a record of files, links, applications, and objects accessed by the current user through Windows Explorer.After that file was executed, it launched mshta.exe, a Windows binary that can be used to execute VBScript and JScript locally on…
-
npm Malware Targets Atomic and Exodus Wallets to Hijack Crypto Transfers
by
in SecurityNewsReversingLabs reveals a malicious npm package targeting Atomic and Exodus wallets, silently hijacking crypto transfers via software patching. First seen on hackread.com Jump to article: hackread.com/npm-malware-atomic-exodus-wallets-hijack-crypto/
-
Boeing 787 radio software safety fix didn’t work, says Qatar
by
in SecurityNews
Tags: software‘Loss of safe separation between aircraft, collision, or runway incursion’ is not what we want to hear First seen on theregister.com Jump to article: www.theregister.com/2025/04/08/boeing_787_radio_software_patch/