Security Boulevard

Microsoft Copilot Spoofing: A New Phishing Vector

The post Microsoft Copilot Spoofing: A New Phishing Vector appeared first on Security Boulevard.

Injection vulnerabilities remain among the most critical and Injection vulnerabilities remain among the most critical and commonly exploited security risks in modern applications.

The post Code Injection Attacks appeared first on Cycode.

The post Code Injection Attacks appeared first on Security Boulevard.

Enhance ServiceNow CMDB with Grip Security’s automated SaaS integration. Eliminate blind spots, reduce risk, and keep your CMDB continuously updated.

The post Unlock the Power of ServiceNow CMDB with Grip Security appeared first on Security Boulevard.

Companies that sell software that can be used or downloaded by anyone in the European Union are facing a major new liability. Late last year, the European Commission finalized fundamental changes to the EU Product Liability Directive (PLD) — changes that have far-reaching ramifications. While the changes won’t apply broadly until 2026, they will likely lead to a significant change in how companies think about and handle software security. Let’s dive into what these changes entail and what they mean for you.

The post How the EU Product Liability Directive (EU PLD) is Changing Software Security | Contrast Security appeared first on Security Boulevard.

Boston, Mass., Mar. 11, 2025, CyberNewswire — GitGuardian, the security leader behind GitHub’s most installed application, today released its comprehensive “2025 State of Secrets Sprawl Report,” revealing a widespread and persistent security crisis that threatens organizations of all sizes.… (more…)

The post News alert: GitGuardian discloses 70% of leaked secrets remain active 2 years — remediation urgent first appeared on The Last Watchdog.

The post News alert: GitGuardian discloses 70% of leaked secrets remain active 2 years — remediation urgent appeared first on Security Boulevard.

Author/Presenter: Ben Helliwell

Our thanks to Bsides Exeter, and the Presenters/Authors for publishing their timely Bsides Exeter Conference content. All brought to you via the organizations YouTube channel.

Permalink

The post BSides Exeter 2024 – Purple Track – Exercise Army Cyber Spartan appeared first on Security Boulevard.

James Keiser, Director of Secured Managed Services Southeast, CISO Global, Inc. It’s been a while since I’ve put some thoughts together for the CISO Blog, and with World Backup Day coming at the end of this month, the timing felt right. I’ve mentioned in the past that backups are crucial to keeping your data preserved […]

The post Lessons from the Field, Part III: Why Backups Alone Won’t Save You appeared first on CISO Global.

The post Lessons from the Field, Part III: Why Backups Alone Won’t Save You appeared first on Security Boulevard.

1. 6Critical
2. 50Important
3. 0Moderate
4. 0Low

Microsoft addresses 56 CVEs, including seven zero-day flaws, with six of those being exploited in the wild.

Microsoft patched 56 CVEs in its March 2025 Patch Tuesday release, with six rated critical, and 50 rated as important.

This month’s update includes patches for:

• .NET
• ASP.NET Core & Visual Studio
• Azure Agent Installer
• Azure Arc
• Azure CLI
• Azure PromptFlow
• Kernel Streaming WOW Thunk Service Driver
• Microsoft Local Security Authority Server (lsasrv)
• Microsoft Management Console
• Microsoft Office
• Microsoft Office Access
• Microsoft Office Excel
• Microsoft Office Word
• Microsoft Streaming Service
• Microsoft Windows
• Remote Desktop Client
• Role: DNS Server
• Visual Studio
• Visual Studio Code
• Windows Common Log File System Driver
• Windows Cross Device Service
• Windows Fast FAT Driver
• Windows File Explorer
• Windows Hyper-V
• Windows Kernel Memory
• Windows Kernel-Mode Drivers
• Windows MapUrlToZone
• Windows Mark of the Web (MOTW)
• Windows NTFS
• Windows NTLM
• Windows Remote Desktop Services
• Windows Routing and Remote Access Service (RRAS)
• Windows Subsystem for Linux
• Windows Telephony Server
• Windows USB Video Driver
• Windows Win32 Kernel Subsystem
• Windows exFAT File System

Remote code execution (RCE) vulnerabilities accounted for 41.1% of the vulnerabilities patched this month, followed by elevation of privilege (EoP) vulnerabilities at 39.3%.

Important CVE-2025-26633 | Microsoft Management Console Security Feature Bypass Vulnerability

CVE-2025-26633 is a security feature bypass vulnerability in the Microsoft Management Console (MMC). It was assigned a CVSSv3 score of 7.0 and is rated important. An attacker could exploit this vulnerability by convincing a potential target with either standard user or admin privileges to open a malicious file.

According to Microsoft, CVE-2025-26633 was exploited in the wild as a zero-day. This is the second zero-day in the MMC to be exploited in the wild since CVE-2024-43572, a RCE vulnerability patched in October 2024.

Important CVE-2025-24985 | Windows Fast FAT File System Driver Remote Code Execution Vulnerability

CVE-2025-24985 is a RCE vulnerability in the Windows Fast FAT File System Driver. It was assigned a CVSSv3 score of 7.8 and is rated as important. A local attacker could exploit this vulnerability by convincing a potential target to mount a specially crafted virtual hard disk (VHD). Successful exploitation would grant an attacker arbitrary code execution.

According to Microsoft, CVE-2025-24985 was exploited in the wild as a zero-day. This is the first vulnerability in Windows Fast FAT File System to be reported since 2022 and the first to be exploited in the wild.

Important CVE-2025-24044 and CVE-2025-24983 | Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerabilities

CVE-2025-24044 and CVE-2025-24983 are EoP vulnerabilities in the Windows Win32 Kernel Subsystem. CVE-2025-24044 and CVE-2025-24983 were assigned CVSSv3 scores of 7.8 and 7.0 respectively, while both vulnerabilities are rated as important. A local, authenticated attacker would need to win a race condition in order to exploit CVE-2025-24983. Successful exploitation of either vulnerability would allow the attacker to gain SYSTEM privileges.

According to Microsoft, CVE-2025-24983 was exploited in the wild as a zero-day. While CVE-2025-24044 was not exploited, Microsoft assessed it as “Exploitation More Likely” according to Microsoft’s Exploitability Index. Prior to this month, Microsoft patched seven vulnerabilities in the Win32 Kernel Subsystem (one in 2022, five in 2024, one earlier in 2025), though CVE-2025-24983 is the first to be exploited in the wild.

Important CVE-2025-24993 | Windows NTFS Remote Code Execution Vulnerability

CVE-2025-24993 is a RCE vulnerability in Windows New Technology File System (NTFS). It was assigned a CVSSv3 score of 7.8 and is rated as important. According to Microsoft, a heap-based buffer overflow can be exploited in order to execute arbitrary code on an affected system. In order to exploit this vulnerability, an attacker must entice a local user to mount a crafted VHD. According to Microsoft, this flaw was reportedly exploited in the wild as a zero-day.

Important CVE-2025-24984, CVE-2025-24991, CVE-2025-24992 | Windows NTFS Information Disclosure Vulnerabilities

CVE-2025-24984, CVE-2025-24991 and CVE-2025-24992 are information disclosure vulnerabilities in Windows NTFS. Both CVE-2025-24991 and CVE-2025-24992 were assigned CVSSv3 scores of 5.5, while CVE-2025-24984 was assigned a score of 4.6. All three of these vulnerabilities were rated as important and can be exploited in physical attacks such as an attacker utilizing a malicious USB drive or by enticing a local user to mount a crafted VHD.

While two information disclosure vulnerabilities in Windows NTFS have previously been patched in 2022 (CVE-2022-26933) and 2023 (CVE-2023-36398), CVE-2025-24984 and CVE-2025-24991 are the first to have been exploited in the wild as zero-days.

Important CVE-2025-26630 | Microsoft Access Remote Code Execution Vulnerability

CVE-2025-26630 is a RCE vulnerability in Microsoft Access. It was assigned a CVSSv3 score of 7.8 and is rated as important. An attacker could exploit this vulnerability by using social engineering to convince a potential target to download and run a malicious file on their system. Successful exploitation would grant an attacker arbitrary code execution.

According to Microsoft, CVE-2025-26630 is considered a zero-day vulnerability as it was publicly disclosed prior to a patch being available. This is the sixth vulnerability in Microsoft Access disclosed since 2023. However, this is the fourth zero-day to be publicly disclosed and attributed to Unpatched.ai. Three were disclosed in Microsoft’s January 2025 Patch Tuesday release (CVE-2025-21186, CVE-2025-21366, CVE-2025-21395)

Critical CVE-2025-24035 and CVE-2025-24045 | Windows Remote Desktop Services Remote Code Execution Vulnerabilities

CVE-2025-24035 and CVE-2025-24045 are RCE vulnerabilities in Windows Remote Desktop Services. Each was assigned a CVSSv3 score of 8.1 and rated as critical. To exploit these flaws, an attacker must be able to win a race condition. Despite this requirement, Microsoft assessed both flaws as “Exploitation More Likely.”

Tenable Solutions

A list of all the plugins released for Microsoft’s March 2025 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

For more specific guidance on best practices for vulnerability assessments, please refer to our blog post on How to Perform Efficient Vulnerability Assessments with Tenable.

Get more information

• Microsoft's March 2025 Security Updates
• Tenable plugins for Microsoft March 2025 Patch Tuesday Security Updates

Join Tenable's Security Response Team on the Tenable Community.
Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

The post Microsoft’s March 2025 Patch Tuesday Addresses 56 CVEs (CVE-2025-26633, CVE-2025-24983, CVE-2025-24993) appeared first on Security Boulevard.

Lots of interesting details in the story:

The US Department of Justice on Wednesday announced the indictment of 12 Chinese individuals accused of more than a decade of hacker intrusions around the world, including eight staffers for the contractor i-Soon, two officials at China’s Ministry of Public Security who allegedly worked with them, and two other alleged hackers who are said to be part of the Chinese hacker group APT27, or Silk Typhoon, which prosecutors say was involved in the US Treasury breach late last year.

[…]

According to prosecutors, the group as a whole has targeted US state and federal agencies, foreign ministries of countries across Asia, Chinese dissidents, US-based media outlets that have criticized the Chinese government, and most recently the US Treasury, which was breached between September and December of last year. An internal Treasury report ...

The post Silk Typhoon Hackers Indicted appeared first on Security Boulevard.

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Tall Structures’ appeared first on Security Boulevard.

SSL/TLS certificate management developments are evolving rapidly, placing increasing pressure on businesses to maintain security, compliance, and operational efficiency. Sectigo’s Certificate as a Service (CaaS) model is a game-changer, providing a seamless approach to digital trust that not only simplifies management but also drives real value. Rather than simply adapting to industry changes, Sectigo is shaping the future of WebPKI - the framework that safeguards the confidentiality, integrity, and authenticity of online communications. By addressing longstanding challenges, empowering partners, and enhancing the customer experience, Sectigo is driving the next generation of secure digital interactions.

The post Sectigo’s Certificate as a Service: redefining industry leadership in certificate management appeared first on Security Boulevard.

Author/Presenter: Ricardo Sueiras

Our thanks to Bsides Exeter, and the Presenters/Authors for publishing their timely Bsides Exeter Conference content. All brought to you via the organizations YouTube channel.

Permalink

The post BSides Exeter 2024 – Purple Track – Cedar, An Open Source Project To Help You Decouple Your Authorisation Logic appeared first on Security Boulevard.

The cybersecurity industry has long treated patching as the gold standard for vulnerability management. It is the cornerstone of compliance frameworks, a key metric for security performance, and often the first response to a newly discovered vulnerability. But patching alone is no longer enough.  In the 2025 Gartner® report, We’re Not Patching Our Way Out […]

The post Beyond Patching: Why a Risk-Based Approach to Vulnerability Management Is Essential  appeared first on VERITI.

The post Beyond Patching: Why a Risk-Based Approach to Vulnerability Management Is Essential  appeared first on Security Boulevard.

Sony Music told UK regulators that it had to remove more than 75,000 deepfake songs and other material, the latest example of the burgeoning problem of AI-generated false videos, images, and sound that threaten everything from national security to business to individuals.

The post Sony Removes 75,000 Deepfake Items, Highlighting a Growing Problem appeared first on Security Boulevard.

On March 10, 2025, Xitter experienced major service disruptions throughout the day. Users couldn’t access the platform on both mobile apps and the website. Here’s what happened and why it matters. What Happened? X suffered multiple waves of outages starting early Monday morning: First wave: Around 6:00 AM Eastern Time, affecting about 20,000 users Second […]

The post Xitter Hit by Major Cyberattack appeared first on rud.is.

The post Xitter Hit by Major Cyberattack appeared first on Security Boulevard.

SonarQube Advanced Security includes Software Composition Analysis (SCA) and advanced Static Application Security Testing (SAST) extending SonarQube's core security capability.

The post Announcing SonarQube Advanced Security appeared first on Security Boulevard.

The use of AI coding assistants is on the rise, and while they can juice a developer's productivity, they also threaten the quality and security of software development, a recent study analyzing millions of lines of code has found.

The post Generative AI software development boosts productivity — and risk appeared first on Security Boulevard.

Nashville, TN – Mar. 11, 2025 – 360 Privacy, a leading digital executive protection platform, today announced that it has secured a $36 million growth equity investment from FTV Capital, a sector-focused growth equity firm with a successful … (more…)

The post News alert: 360 Privacy secures $36M to deliver turnkey digital executive protection platform first appeared on The Last Watchdog.

The post News alert: 360 Privacy secures $36M to deliver turnkey digital executive protection platform appeared first on Security Boulevard.

Boston, USA, 11th March 2025, CyberNewsWire

The post GitGuardian Report: 70% of Leaked Secrets Remain Active for Two Years, Urging Immediate Remediation appeared first on Security Boulevard.

Overview Recently, NSFOCUS CERT detected that Apache issued a security announcement and fixed the remote code execution vulnerability of Apache Tomcat (CVE-2025-24813). An unauthenticated attacker can execute arbitrary code to gain server privileges when the application has servlet write enabled (disabled by default), uses Tomcat file session persistence and a default storage location, and contains […]

The post Apache Tomcat Remote Code Execution Vulnerability (CVE-2025-24813) appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post Apache Tomcat Remote Code Execution Vulnerability (CVE-2025-24813) appeared first on Security Boulevard.