Tag: software
-
Senator blasts Microsoft for ‘dangerous, insecure software’ that helped pwn US hospitals
Ron Wyden urges FTC to probe failure to secure Windows after attackers used Kerberoasting to cripple Ascension First seen on theregister.com Jump to article: www.theregister.com/2025/09/11/wyden_microsoft_insecure/
-
Kenyan Filmmakers Targeted with FlexiSPY Spyware Tracking Messages and Social Media
The revelation that commercially available FlexiSPY spyware was clandestinely installed on devices belonging to Kenyan filmmakers while in police custody has ignited fresh concerns over press freedom and governmental overreach. Forensic analysis conducted by the Citizen Lab at the University of Toronto confirmed that two of the filmmakers’ phones were infected with the intrusive software…
-
kkRAT Exploits Network Protocols to Exfiltrate Clipboard Data
The threat actor delivers three Remote Access Trojans (RATs)”, ValleyRAT, FatalRAT, and a newly discovered RAT dubbed kkRAT”, via phishing sites hosted on GitHub Pages. These sites masquerade as legitimate software installers for popular applications. In each instance, a ZIP archive contains a malicious executable that initiates a multi-stage attack chain designed to evade analysis,…
-
Attackers abuse ConnectWise ScreenConnect to drop AsyncRAT
Hackers exploit ConnectWise ScreenConnect to drop AsyncRAT via scripted loaders, stealing data and persisting with a fake Skype updater. LevelBlue researchers warn of a campaign abusing ConnectWise ScreenConnect to deploy AsyncRAT. Attackers use VBScript/PowerShell loaders and achieve persistence via a fake Skype updater. ConnectWise ScreenConnect is a remote desktop and remote support software designed to enable…
-
Vibe Coding-Fail: Drama in Brasilien, Dating-App für Lesben legt Daten offen
Von Protagonisten wird gerade “Vibe Coding” als Stein der Weisen und Revolution in der Software-Entwicklung gefeiert. Entwickler braucht es keine mehr, jedermann lässt seinen Code von KI stricken. In Basilien zeigt dieser Trend seine böse Fratze. Eine populäre Dating-App für … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/09/11/vibe-coding-fail-drama-in-brasilien-dating-app-fuer-lesben-legt-daten-offen/
-
Wyden Urges FTC to Investigate Microsoft Over Weak RC4 Encryption Enabling Kerberoasting
Tags: attack, cyber, cybersecurity, encryption, finance, infrastructure, microsoft, ransomware, software, vulnerability, windowsSenator Ron Wyden has formally requested the Federal Trade Commission investigate Microsoft for cybersecurity negligence that has enabled ransomware attacks against critical infrastructure organizations nationwide. In a September 10 letter to FTC Chair Andrew Ferguson, Wyden detailed how Microsoft’s dangerous software engineering decisions have made Windows systems extremely vulnerable to sophisticated cyberattacks. The senator’s investigation…
-
Cristie Software führt ‘Continuous Recovery Assurance” ein – Systemwiederherstellung im Clean-Room
Tags: softwareFirst seen on security-insider.de Jump to article: www.security-insider.de/systemwiederherstellung-im-clean-room-a-d4797d0f9eb125ebe517057c8a138003/
-
AsyncRAT Exploits ConnectWise ScreenConnect to Steal Credentials and Crypto
Cybersecurity researchers have disclosed details of a new campaign that leverages ConnectWise ScreenConnect, a legitimate Remote Monitoring and Management (RMM) software, to deliver a fleshless loader that drops a remote access trojan (RAT) called AsyncRAT to steal sensitive data from compromised hosts.”The attacker used ScreenConnect to gain remote access, then executed a layered VBScript and…
-
Managed SOC für mehr Sicherheit
Tags: awareness, cloud, compliance, cyberattack, encryption, germany, infrastructure, nis-2, password, risk, security-incident, service, soc, software, supply-chainAls zentrale Einheit überwachen Fachleute im SOC die gesamte IT-Infrastruktur eines Unternehmens. Rund um die Uhr analysieren sie alle sicherheitsrelevanten Ereignisse in Echtzeit.Die Anforderungen an IT-Sicherheit haben sich in den vergangenen Jahrzehnten drastisch verändert. Während früher ein einfaches Passwort als Schutzmaßnahme genügte, sind heute mehrschichtige Sicherheitskonzepte erforderlich. Nur so können sich Unternehmen effektiv vor Cyberangriffen…
-
Best Identity and Access Management (IAM) Software
Secure your data with the 15 best IAM software solutions. Find practical tools to manage user access and prevent identity attacks effectively. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/best-identity-and-access-management-iam-software/
-
Koi Raises $48M to Safeguard AI Models, Code and Extensions
Company Targets Non-Binary Software Blind Spots Left by Endpoint Security Tools. With $48 million in funding, Koi is scaling up efforts to help enterprises secure browser extensions, AI models and package code often missed by legacy tools. CEO Amit Assaraf says Koi is the only firm offering centralized governance for this fast-growing risk category. First…
-
AI Accelerates Code Development But Fuels New Security Risks
Former CSO Joe Sullivan on Vibe Coding Impact on Software Development. AI is reshaping how software is created, allowing more people to participate in the process through vibe coding. But as development accelerates, security challenges multiply as code is often deployed without thorough review, said Joe Sullivan, former CSO at Cloudflare, Facebook and Uber. First…
-
New Tenable Report: How Complexity and Weak AI Security Put Cloud Environments at Risk
Tags: access, ai, attack, authentication, breach, cloud, control, credentials, cyber, cybersecurity, data, governance, iam, identity, least-privilege, metric, mfa, monitoring, resilience, risk, security-incident, skills, software, strategy, threat, toolThis survey, commissioned by Tenable and developed in collaboration with the Cloud Security Alliance, warns that rapid cloud and AI adoption, combined with insecure identities and a reactive posture, leave organizations exposed. The report urges a strategic shift to preventive security with a unified view of risk and mature identity governance. Key takeaways Organizations are…
-
We’ve crossed the security singularity – Impart Security
Tags: access, ai, api, attack, authentication, breach, ciso, compliance, credentials, cyber, cyberattack, cybersecurity, data, data-breach, defense, detection, exploit, framework, group, hacker, incident response, injection, intelligence, Internet, msp, password, penetration-testing, ransomware, risk, risk-assessment, skills, software, sql, strategy, supply-chain, threat, update, vulnerability, zero-day, zero-trustThe Bottom Line: We’ve Crossed the Security Singularity “ The Security Singularity: When AI Democratized Cyberattacks We’ve crossed a threshold that fundamentally changes cybersecurity forever. Not with fanfare or headlines, but quietly, in the background of our AI-powered world. The expertise barrier that once separated script kiddies from sophisticated threat actors has simply… vanished. I…
-
Can I have a new password, please? The $400M question.
Scattered Spider didn’t need a zero-day to breach Clorox. They just phoned the help desk”, convincing agents to reset passwords & MFA without proper checks. The result: $380M in damages. Learn from Specops Software why caller verification and audit trails are critical. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/can-i-have-a-new-password-please-the-400m-question/
-
Microsoft Fixes 80 Flaws, Including SMB PrivEsc and Azure CVSS 10.0 Bugs
Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly known at the time of release.Of the 80 vulnerabilities, eight are rated Critical and 72 are rated Important in severity. None of the shortcomings has been exploited in the wild as a zero-day.…
-
Microsoft Fixes 80 Flaws, Including SMB PrivEsc and Azure CVSS 10.0 Bugs
Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly known at the time of release.Of the 80 vulnerabilities, eight are rated Critical and 72 are rated Important in severity. None of the shortcomings has been exploited in the wild as a zero-day.…
-
KillSec Ransomware Hits Brazilian Healthcare IT Vendor
A ransomware attack by KillSec on Brazil software provider MedicSolution threatens healthcare, impacting providers and patients First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/killsec-ransomware-hits-brazilian/
-
Veeam stellt erste vorkonfigurierte, gehärtete Software-Appliance zur Verfügung
Im Unterschied zu klassischen Hardware-Appliances ist die Lösung von Veeam komplett hardwareunabhängig. Unternehmen können also frei wählen, ob sie ihre bestehende Infrastruktur nutzen physisch, virtuell oder in der Cloud und profitieren trotzdem von Einfachheit, Sicherheit und Automatisierung einer vorkonfigurierten Lösung. Das bedeutet: schnellerer Nutzen, geringere Kosten und keine Abhängigkeit von spezieller Hardware. First seen on…
-
Veeam stellt erste vorkonfigurierte, gehärtete Software-Appliance zur Verfügung
Im Unterschied zu klassischen Hardware-Appliances ist die Lösung von Veeam komplett hardwareunabhängig. Unternehmen können also frei wählen, ob sie ihre bestehende Infrastruktur nutzen physisch, virtuell oder in der Cloud und profitieren trotzdem von Einfachheit, Sicherheit und Automatisierung einer vorkonfigurierten Lösung. Das bedeutet: schnellerer Nutzen, geringere Kosten und keine Abhängigkeit von spezieller Hardware. First seen on…
-
What the Salesloft Drift breaches reveal about 4th-party risk
Tags: access, ai, api, attack, breach, control, data, data-breach, email, exploit, google, hacker, incident response, intelligence, monitoring, risk, risk-assessment, saas, soc, software, startup, supply-chain, technology, threat, tool, zero-trustFebruary 2024: SalesLoft acquires Drift, an AI-powered chatbot companyThe hidden legacy: Drift’s existing OAuth tokens to thousands of Salesforce and Google Workspace instances probably remained activeTime passes: Tokens and app permissions remain valid unless explicitly rotated or revoked.August 2025: Attackers abuse OAuth tokens associated with the Drift application to enumerate and exfiltrate Salesforce data; a…
-
KI in der Cloud-Security Was es jetzt braucht, sind Tempo, Kontext und Verantwortung
Keine Technologie hat die menschliche Arbeit so schnell und weitreichend verändert wie die künstliche Intelligenz. Dabei gibt es bei der Integration in Unternehmensprozesse derzeit keine Tür, die man KI-basierter Technologie nicht aufhält. Mit einer wachsenden Anzahl von KI-Agenten, LLMs und KI-basierter Software gibt es für jedes Problem einen Anwendungsfall. Die Cloud ist mit ihrer immensen…
-
KillSec Ransomware is Attacking Healthcare Institutions in Brazil
KillSec Ransomware claimed responsibility for a cyberattack on MedicSolution, a software solutions provider for the healthcare industry in Brazil. The KillSec Ransomware group has threatened to leak sensitive data unless negotiations are initiated promptly. According to threat intelligence reporting by Resecurity, the root cause of the incident data exfiltration from insecure AWS S3 bucket. […]…
-
Open source security and sustainability remain unsolved problem
While software bills of materials offer some transparency over software components, they don’t solve the imbalance between corporate consumption of open source software and the lack of investment in its security and health First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366630429/Open-source-security-and-sustainability-remain-unsolved-problem
-
Microsoft, Adobe, SAP deliver critical fixes for September 2025 Patch Tuesday
On September 2025 Patch Tuesday, Microsoft has released patches for 80+ vulnerabilities in its various software products, but the good news is that none of them are actively … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/10/microsoft-adobe-sap-deliver-critical-fixes-for-september-2025-patch-tuesday/
-
Microsoft fixes streaming issues triggered by Windows updates
Microsoft has resolved severe lag and stuttering issues with streaming software affecting Windows 10 and Windows 11 systems after installing the August 2025 security updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-streaming-issues-triggered-by-windows-updates/
-
Analysis evidence from SonarQube now available in JFrog AppTrust
By integrating SonarQube’s industry-leading automated code review with JFrog’s new AppTrust governance platform, together we are providing the essential framework for software engineering teams to embrace AI-driven speed without compromising on control. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/09/analysis-evidence-from-sonarqube-now-available-in-jfrog-apptrust/
-
Hackers Compromise 18 NPM Packages in Supply Chain Attack
Attacker Socially Engineered Developer With Phishing Email. A hacker laced 18 popular npm packages with cryptocurrency stealing malware after socially engineering the developer into giving up his credentials to the JavaScript runtime environment. Aikido Security said the 18 software packages collectively have downloads of more than two billion each week. First seen on govinfosecurity.com Jump…