Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Cybersecurity Leaders Launch First Attack Matrix for Software Supply Chain Security

Current and former cybersecurity leaders from Microsoft, Google, GitLab, Check Point, OWASP, Fortinet and others have already joined the open framework initiative, which is being led by OX Security.

DARKReading
Open in Source
#google#microsoft#git
New Russian-Backed Gamaredon's Spyware Variants Targeting Ukrainian Authorities

The State Cyber Protection Centre (SCPC) of Ukraine has called out the Russian state-sponsored threat actor known as Gamaredon for its targeted cyber attacks on public authorities and critical information infrastructure in the country. The advanced persistent threat, also known as Actinium, Armageddon, Iron Tilden, Primitive Bear, Shuckworm, Trident Ursa, and UAC-0010, has a track record of

Discrepancies Discovered in Vulnerability Severity Ratings

Differences in how the National Vulnerability Database (NVD) and vendors score bugs can make patch prioritization harder, study says.

CVE-2022-43665: TALOS-2022-1682 || Cisco Talos Intelligence Group

A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger this vulnerability.

Ransomware in December 2022

Categories: Threat Intelligence Our Threat Intelligence team looks at known ransomware attacks by gang, country, and industry sector in December 2022, and looks at why LockBit had to make a public apology (Read more...) The post Ransomware in December 2022 appeared first on Malwarebytes Labs.

Contrast Security Launches Alliance Program to Change the Way Customers Scale Their Security Solutions

The Security Innovation Alliance (SIA) empowers customers to create holistic security programs by leveraging robust end-to-end integration partnerships.

Fortra's Terranova Security 2022 Gone Phishing Tournament Results Reveal Large Organizations at Highest Risk of Compromising Data

Findings underscore security awareness training that leverages practical, hands-on exercises is essential to creating a security-aware culture.

How to protect your business from supply chain attacks

Categories: Business Categories: News Many have been calling attention to supply chain attacks for years. Is your business ready to listen? (Read more...) The post How to protect your business from supply chain attacks appeared first on Malwarebytes Labs.

CVE-2022-27537: HP PC BIOS August 2022 Additional Updates for Potential SMM and TOCTOU Vulnerabilities

Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities.

CVE-2022-27538: HP PC BIOS December 2022 Security Update (TOCTOU)

A potential Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the BIOS for certain HP PC products which may allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability.