Schneier on Security
MAY 14, 2024
Google has patched another Chrome zero-day: On Thursday, Google said an anonymous source notified it of the vulnerability. The vulnerability carries a severity rating of 8.8 out of 10. In response, Google said, it would be releasing versions 124.0.6367.201/.202 for macOS and Windows and 124.0.6367.201 for Linux in subsequent days. “Google is aware that an exploit for CVE-2024-4671 exists in the wild,” the company said.
Krebs on Security
MAY 14, 2024
Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
MAY 14, 2024
This is a current list of where and when I am scheduled to speak: I’m giving a webinar via Zoom on Wednesday, May 22, at 11:00 AM ET. The topic is “ Should the USG Establish a Publicly Funded AI Option? “ The list is maintained on this page.
Penetration Testing
MAY 14, 2024
German enterprise software giant SAP has announced the release of 14 new security notes and three updates to previously released notes as part of its May 2024 Security Patch Day. The most significant new... The post CVE-2024-33006: Critical SAP Vulnerability Exposes Systems to Complete Takeover appeared first on Penetration Testing.
Speaker: Speakers:
In today's digital age, having an untrained workforce can be a significant risk to your business. Cyber threats are evolving; without proper training, your employees could be the weakest link in your defense. This webinar empowers leaders like you with the tools and strategies needed to transform your employees into a robust frontline defense against cyber attacks.
Bleeping Computer
MAY 14, 2024
VMWare has made Workstation Pro and Fusion Pro free for personal use, allowing home users and students to set up their own virtualized test labs and play with another operating system at little to no cost. [.
The Hacker News
MAY 14, 2024
Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-4761, is an out-of-bounds write bug impacting the V8 JavaScript and WebAssembly engine. It was reported anonymously on May 9, 2024.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
Malwarebytes
MAY 14, 2024
Google has released an emergency security update for its Chrome browser. The update includes a patch released four days earlier for a vulnerability which Google say is already being exploited. The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never close the browser or if something goes wrong—such as an extension stopping you from updating the browser.
Bleeping Computer
MAY 14, 2024
VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. [.
SecureList
MAY 14, 2024
In early April 2024, we decided to take a closer look at the Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2023-36033 , which was previously discovered as a zero-day exploited in the wild. While searching for samples related to this exploit and attacks that used it, we found a curious document uploaded to VirusTotal on April 1, 2024.
Digital Shadows
MAY 14, 2024
Discover key findings on Russia-linked APTs affecting OT, including detailed analyses, mitigation strategies, and future cybersecurity forecasts.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Bleeping Computer
MAY 14, 2024
The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port. [.
We Live Security
MAY 14, 2024
This report summarizes notable activities of selected advanced persistent threat (APT) groups that were documented by ESET researchers from October 2023 until the end of March 2024.
The Hacker News
MAY 14, 2024
Multiple security flaws have been disclosed in VMware Workstation and Fusion products that could be exploited by threat actors to access sensitive information, trigger a denial-of-service (DoS) condition, and execute code under certain circumstances. The four vulnerabilities impact Workstation versions 17.x and Fusion versions 13.x, with fixes available in version 17.5.
Security Affairs
MAY 14, 2024
Google released emergency security updates to address an actively exploited Chrome zero-day vulnerability. Google has released emergency security updates to address a high-severity zero-day vulnerability vulnerability, tracked as CVE-2024-4761, in the Chrome browser. The vulnerability is an out-of-bounds write issue that resides in the V8 JavaScript engine of the Google web browser.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Boulevard
MAY 14, 2024
New account passwords, often used during onboarding, are vulnerable to sophisticated attacks from malicious actors. Good idea to check: What’s your company using? The post Easily Guessed Passwords for New Accounts Include “User”, “Temp”, “Welcome” appeared first on Security Boulevard.
Bleeping Computer
MAY 14, 2024
Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days. [.
Security Boulevard
MAY 14, 2024
There are tremendous opportunities in cybersecurity and the industry needs many more qualified workers. Training plays an important part. That is why I am partnering with Infosec4TC , an online training provider that offers free courses in addition to affordable classes, to offer huge discounts on cybersecurity training (links below have embedded discount codes).
The Hacker News
MAY 14, 2024
The maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security flaws, including two critical issues that could lead to the execution of arbitrary code. The most severe of the vulnerabilities are listed below - CVE-2024-25641 (CVSS score: 9.
Advertisement
Within the past few years, ransomware attacks have turned to critical infrastructure, healthcare, and government entities. Attackers have taken advantage of the rapid shift to remote work and new technologies. Add to that hacktivism due to global conflicts and U.S. elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024.
Security Boulevard
MAY 14, 2024
Authors/Presenters: Chaoshun Zuo, Chao Wang, Zhiqiang Lin Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – A Peek Into The Metaverse: Detecting 3D Model Clones In Mobile Games appeared first on Security Boulevard.
Bleeping Computer
MAY 14, 2024
Microsoft has fixed a known issue causing NTLM authentication failures and domain controller reboots after installing last month's Windows Server security updates. [.
Security Affairs
MAY 14, 2024
VMware fixed four flaws in its Workstation and Fusion desktop hypervisors, including three zero-days exploited at the Pwn2Own Vancouver 2024 VMware addressed four vulnerabilities in its Workstation and Fusion desktop hypervisors, including three zero-day flaws demonstrated at the Pwn2Own Vancouver 2024. Below are descriptions of the flaws addressed by the virtualization giant CVE-2024-22267 (CVSS score: 9.3) – A use-after-free vulnerability in the Bluetooth device.
Bleeping Computer
MAY 14, 2024
Microsoft is rolling out the KB5037771 cumulative update for Windows 11 23H3 with thirty bug fixes and changes, including a fix for a bug breaking VPN connections. [.
Advertisement
The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.
SecureList
MAY 14, 2024
Incident response analyst report 2023 As an information security company, our services include incident response and investigation, and malware analysis. Our customer base spans Russia, Europe, Asia, South and North America, Africa and the Middle East. Our annual Incident Response Report presents anonymized statistics on the cyberattacks we investigated in 2023.
Bleeping Computer
MAY 14, 2024
A malware botnet known as 'Ebury' has infected almost 400,000 Linux servers since 2009, with roughly 100,000 still compromised as of late 2023.
Security Affairs
MAY 14, 2024
The non-profit technology organization MITRE released the EMB3D threat model for embedded devices used in critical infrastructure. MITRE announced the public release of its EMB3D threat model for embedded devices used in various industries (i.e. Automotive, healthcare, and manufacturing), including critical infrastructure. The threat model provides a knowledge base of cyber threats to embedded devices.
Bleeping Computer
MAY 14, 2024
Google has released emergency security updates for the Chrome browser to address a high-severity zero-day vulnerability tagged as exploited in attacks. [.
Advertisement
The losses companies suffered in 2023 ransomware attacks increased by 74% compared to those of the previous year, according to new data from the Federal Bureau of Investigation (FBI). The true figure is likely to be even higher, though, as many identity theft and phishing attacks go unreported. Ransomware attackers can potentially paralyze not just private sector organizations but also healthcare facilities, schools, and entire police departments.
Security Affairs
MAY 14, 2024
Microsoft Patch Tuesday security updates for May 2024 fixed 59 flaws across various products including an actively exploited zero-day. Microsoft Patch Tuesday security updates for May 2024 addressed 59 vulnerabilities in Windows and Windows Components; Office and Office Components; NET Framework and Visual Studio; Microsoft Dynamics 365; Power BI; DHCP Server; Microsoft Edge (Chromium-based); and Windows Mobile Broadband.
Penetration Testing
MAY 14, 2024
Microsoft has urgently addressed a critical zero-day vulnerability, known as CVE-2024-30051, that was actively exploited by attackers to deliver the notorious QakBot malware and other malicious payloads. This security flaw, residing in the Windows... The post CVE-2024-30051: Windows Zero-Day Vulnerability Exploited to Deliver QakBot Malware appeared first on Penetration Testing.
SecureWorld News
MAY 14, 2024
Artificial intelligence is rapidly reshaping many industries, and healthcare is no exception. AI's growing capabilities are sparking an intense debate over whether it will eventually replace human clinicians altogether or emerge as an invaluable collaborative partner. Leading healthcare providers and companies are avidly adopting advanced generative AI tools to drive operational efficiencies and improve patient care.
Penetration Testing
MAY 14, 2024
In a recent security advisory, Broadcom has revealed a series of critical vulnerabilities affecting VMware Workstation and Fusion, popular virtualization software used by businesses and individuals worldwide. These flaws, tracked as CVE-2024-22267, CVE-2024-22268, CVE-2024-22269,... The post Broadcom Reveals Critical VMware Flaws: Code Execution (CVE-2024-22267) and Data Leaks appeared first on Penetration Testing.
Speaker: Blackberry, OSS Consultants, & Revenera
Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. In the U.S. alone, cyber losses totaled $10.3 billion in 2022. All of these stats beg the question, “Do you know what’s in your software?
Expert insights. Personalized for you.
254 
Let's personalize your content