brangberg – Page 782

CISA Warns of Active Exploitation in Trimble Cityworks Vulnerability Leading to IIS RCE

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild.
The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution.
“This could

UK Engineering Giant IMI Hit by Cyberattack

UK engineering firm IMI says it suffered a cyberattack that resulted in unauthorized access to some of its systems.

The post UK Engineering Giant IMI Hit by Cyberattack appeared first on SecurityWeek.

430,000 Impacted by Data Breaches at New York, Pennsylvania Healthcare Organizations

University Diagnostic Medical Imaging and Allegheny Health Network have disclosed data breaches impacting approximately 430,000 patients.

The post 430,000 Impacted by Data Breaches at New York, Pennsylvania Healthcare Organizations appeared first on SecurityWeek.

Microsoft has finally fixed Date & Time bug in Windows 11

Windows 11’s January 28 optional update has fixed a long-standing issue in Windows 11 24H2 that prevents non-admin users from changing their time zone in Date & Time Settings. […]

Ransomware Payments Dropped to $813 Million in 2024

An analysis by Chainalysis shows that ransomware payments dropped to $813 million in 2024, from $1.25 billion in 2023.

The post Ransomware Payments Dropped to $813 Million in 2024 appeared first on SecurityWeek.

Microsoft Edge update adds AI-powered Scareware Blocker

Microsoft Edge 133 is now rolling out globally, and it ships with several improvements, including a new scareware blocker feature. In addition, Microsoft is updating the backend of the Downloads UI with performance improvements. […]

AI-Powered Social Engineering: Reinvented Threats

The foundations for social engineering attacks – manipulating humans – might not have changed much over the years. It’s the vectors – how these techniques are deployed – that are evolving. And like most industries these days, AI is accelerating its evolution.
This article explores how these changes are impacting business, and how cybersecurity leaders can respond.
Impersonation attacks:

Microsoft Identifies 3,000+ Publicly Disclosed ASP.NET Machine Keys Vulnerable to Code Injection

Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers’ pathway.
The tech giant’s threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NET

India’s RBI Introduces Exclusive “bank.in” Domain to Combat Digital Banking Fraud

India’s central bank, the Reserve Bank of India (RBI), said it’s introducing an exclusive “bank.in” internet domain for banks in the country to combat digital financial fraud.
“This initiative aims to reduce cyber security threats and malicious activities like phishing; and, streamline secure financial services, thereby enhancing trust in digital banking and payment services,” the RBI said in a

Trimble Cityworks Customers Warned of Zero-Day Exploitation

Trimble Cityworks is affected by a zero-day vulnerability that has been exploited in attacks involving the delivery of malware.

The post Trimble Cityworks Customers Warned of Zero-Day Exploitation appeared first on SecurityWeek.

Author: brangberg