brangberg – Page 595

Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise

A privilege escalation flaw has been demonstrated in Windows Server 2025 that makes it possible for attackers to compromise any user in Active Directory (AD).
“The attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server 2025, works with the default configuration, and is trivial to implement,” Akamai security researcher Yuval Gordon said in a

FTC finalizes order requiring GoDaddy to secure hosting services

The Federal Trade Commission (FTC) has finalized an order requiring web hosting giant GoDaddy to secure its services to settle charges of data security failures that led to several data breaches since 2018. […]

Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks

A recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-nexus threat actor to target a wide range of sectors across Europe, North America, and the Asia-Pacific region.
The vulnerabilities, tracked as CVE-2025-4427 (CVSS score: 5.3) and CVE-2025-4428 (CVSS score: 7.2), could be chained to execute arbitrary code on a

Marlboro-Chesterfield Pathology Data Breach Impacts 235,000 People

Marlboro-Chesterfield Pathology has been targeted by the SafePay ransomware group, which stole personal information from its systems.

The post Marlboro-Chesterfield Pathology Data Breach Impacts 235,000 People appeared first on SecurityWeek.

Webinar: Learn How to Build a Reasonable and Legally Defensible Cybersecurity Program

It’s not enough to be secure. In today’s legal climate, you need to prove it.
Whether you’re protecting a small company or managing compliance across a global enterprise, one thing is clear: cybersecurity can no longer be left to guesswork, vague frameworks, or best-effort intentions.
Regulators and courts are now holding organizations accountable for how “reasonable” their security programs are

Marks & Spencer Expects Ransomware Attack to Cost $400 Million

UK retailer Marks & Spencer expects the disruptions caused by the recent cyberattack to continue through July.

The post Marks & Spencer Expects Ransomware Attack to Cost $400 Million appeared first on SecurityWeek.

Signal now blocks Microsoft Recall screenshots on Windows 11

Signal has updated its Windows app to protect users’ privacy by blocking Microsoft’s AI-powered Recall feature from taking screenshots of their conversations. […]

Identity Security Has an Automation Problem—And It’s Bigger Than You Think

For many organizations, identity security appears to be under control. On paper, everything checks out. But new research from Cerby, based on insights from over 500 IT and security leaders, reveals a different reality: too much still depends on people—not systems—to function. In fact, fewer than 4% of security teams have fully automated their core identity workflows.
Core workflows, like

Taming the Hacker Storm: Why Millions in Cybersecurity Spending Isn’t Enough

Despite massive investment, the explosion of sophisticated malware and deepfake attacks persists because organizations struggle to verify digital identities and establish fundamental trust.

The post Taming the Hacker Storm: Why Millions in Cybersecurity Spending Isn’t Enough appeared first on SecurityWeek.

Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE

Critical vulnerabilities in Versa Concerto that are still unpatched could allow remote attackers to bypass authentication and execute arbitrary code on affected systems. […]

Author: brangberg