"Microsoft Patch Tuesday fixes 63 flaws, including two under active exploitation."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 12 February 2025, 1430 UTC.

Content and Source:  https://feedly.com.

 https://feedly.com/i/collection/content/user/f401222a-bca6-4c45-9cc1-183f239e8d86/category/7737d3c9-5fe2-4b34-8708-85e57085f895

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security News Bundle

20

Most popular

Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation

5 TTPs

•

91The Hacker News / 3h

•

PatchTuesday

Microsoft on Tuesday released fixes for 63 security flaws impacting its software products, including two vulnerabilities that it said has come under active exploitation in the wild. Of the 63 vulnerabilities, three are rated Critical, 57 are rated Important, one is rated Moderate, and two are rated Low in severity. This is aside from the 23 flaws Microsoft addressed in its Chromium-based Edge

Crimelords and spies for rogue states are working together, says Google

The Register – Security / 55min

Only lawmakers can stop them. Plus: software needs to be more secure, but what's in it for us? Google says the the world's lawmakers must take action against the increasing links between criminal and state-sponsored cyber activity.…

Ivanti, Fortinet Patch Remote Code Execution Vulnerabilities

3 TTPs

•

SecurityWeek / 56min

Ivanti and Fortinet on Tuesday released patches for multiple critical- and high-severity vulnerabilities in their products. The post appeared first on SecurityWeek .

Today

10 common dangers VPNs won't protect you from online - and how to avoid them

ZDNet | Security / 15min

Think a VPN makes you invincible online? Think again. While VPNs offer security, they won't protect you from these 10 mistakes that could expose your data, finances, and personal information.

Forget Sora: Adobe launches 'commercially safe' AI video generator. How to try it

ZDNet | Security / 23min

Generating only IP-friendly content, Adobe's Firefly Video model could be a boon to professionals such as filmmakers and marketers.

Drata to Acquire SafeBase in $250 Million Deal

Drata acquires SafeBase for Trust Management

•

SecurityWeek / 35min

Security and compliance automation firm Drata has acquired trust center platform SafeBase in a quarter billion dollar deal. The post appeared first on SecurityWeek .

I used Netflix's secret codes to quintuple my viewing options - here's how

ZDNet | Security / 47min

Netflix's secret codes open up searchable categories and genres - a lot of them. Here's how they work and where to find them.

Gartner: Most Security Leaders Cannot Balance Data Security, Business Goals

Dark Reading / 1h

The analyst firm recommends defining security and governance processes while reducing friction for business stakeholders.

GAO Tells Coast Guard to Improve Cybersecurity of Maritime Transportation System

Coast Guard finalizes maritime cybersecurity rule

•

SecurityWeek / 1h

A new GAO report assesses that the Coast Guard needs to improve Maritime Transportation System (MTS) cybersecurity. The post appeared first on SecurityWeek .

How to Steer AI Adoption: A CISO Guide

40The Hacker News / 1h

CISOs are finding themselves more involved in AI teams, often leading the cross-functional effort and AI strategy. But there aren’t many resources to guide them on what their role should look like or what they should bring to these meetings. We’ve pulled together a framework for security leaders to help push AI teams and committees further in their AI adoption—providing them with the

Drata Acquires SafeBase to Strengthen GRC Portfolio

Drata acquires SafeBase for Trust Management

•

Dark Reading / 1h

The combined companies will create a seamless ecosystem of trust, governance, risk, and compliance.

North Korea-linked APT Emerald Sleet is using a new tactic

Security Affairs / 1h

Microsoft Threat Intelligence has observed North Korea-linked APT Emerald Sleet using a new tactic, tricking targets into running PowerShell. Microsoft Threat Intelligence researchers spotted North Korea-linked threat actor Emerald Sleet (also known as Kimsuky and VELVET CHOLLIMA ) using a new tactic. They are tricking targets into running PowerShell as an administrator and executing code provide

Chipmaker Patch Tuesday: Intel, AMD, Nvidia Fix High-Severity Vulnerabilities

5 TTPs

•

SecurityWeek / 2h

•

PatchTuesday

Chipmakers Intel, AMD and Nvidia on Tuesday published new security advisories to inform customers about vulnerabilities found in their products. The post appeared first on SecurityWeek .

Cisco Says Ransomware Group’s Leak Related to Old Hack

Exfiltration (Enterprise TA0010)

•

SecurityWeek / 2h

•

Cisco suffers ransomware data breach

A fresh post on the Kraken ransomware group’s leak website refers to data stolen in a 2022 cyberattack, Cisco says. The post appeared first on SecurityWeek .

North Korean Hackers Exploit PowerShell Trick to Hijack Devices in New Cyberattack

11 TTPs

•

71The Hacker News / 3h

•

Kimsuky exploits PowerShell for cyberattacks

The North Korea-linked threat actor known as Kimsuky has been observed using a new tactic that involves deceiving targets into running PowerShell as an administrator and then instructing them to paste and run malicious code provided by them. "To execute this tactic, the threat actor masquerades as a South Korean government official and over time builds rapport with a target before sending a

Yesterday

ICS Patch Tuesday: Vulnerabilities Addressed by Schneider Electric, Siemens

4 TTPs

•

SecurityWeek / 4h

•

PatchTuesday

Industrial giants Schneider Electric and Siemens have released February 2025 Patch Tuesday ICS security advisories. The post appeared first on SecurityWeek .

U.S. CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog

8 TTPs

•

Security Affairs / 5h

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-40891 Zyxel DSL CPE OS Command Injection Vulnerability CVE-2024-40890 Zyxel DSL CPE OS Comma

Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs

6 TTPs

•

Security Affairs / 6h

•

PatchTuesday

Microsoft Patch Tuesday security updates for February 2025 addressed four zero-day flaws, two of which are actively exploited in the wild. Microsoft Patch Tuesday security updates for February 2025 addressed 57 vulnerabilities in Windows and Windows Components, Office and Office Components, Azure, Visual Studio, and Remote Desktop Services. Two of these vulnerabilities are listed as publicly know

Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now

Ivanti patches critical security vulnerabilities

•

38The Hacker News / 8h

Ivanti has released security updates to address multiple security flaws impacting Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) that could be exploited to achieve arbitrary code execution. The list of vulnerabilities is below - CVE-2024-38657 (CVSS score: 9.1) - External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy

India's Cybercrime Problems Grow as Nation Digitizes

Dark Reading / 9h

More than half of attacks on Indian businesses come from outside the country, while 45% of those targeting consumers come from Cambodia, Myanmar, and Laos.

End of feed