Exploited: Cisco, SharePoint, Chrome vulnerabilities
Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s Chrome browser (CVE-2024-4947). CVE-2024-20481 (Cisco ASA/FTD) In the past few.....»»
Chrome will now prompt some users to send passwords for suspicious files
Google says passwords and files will be deleted shortly after they are deep-scanned. (credit: Chrome) Google is redesigning Chrome malware detections to include password-protected executable files that users can upload f.....»»
Docker fixes critical auth bypass flaw, again (CVE-2024-41110)
A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, allowing them to perform unauthorized actions, including privilege escalation. A.....»»
This new Google Chrome security warning is very important
Chrome changes how it warns users of suspicious downloads by offering easily digestible explanations with it anti-phishing Enhanced protection feature......»»
Apple Maps launches on the web in new public beta
Apple is bringing Apple Maps to the web for the first time. In a press release today, the company announced that you can now access Apple Maps on the web using Safari and Chrome on Mac and iPad, as well as Chrome and Edge on Windows PCs. more….....»»
Coalfire announces Cyber Security On-Demand portfolio
Coalfire announced its Cyber Security On-Demand portfolio to provide a flexible set of services that reduce cyber risks and remediate security vulnerabilities in customer environments. As attack surfaces grow, defenders need flexibility and a hacker.....»»
Which operating system is safest to use?
Windows, macOS, Chrome OS, Linux -- which is the safest to use? Each have their strengths and weaknesses. Here's which we think is the most secure......»»
Google halts its 4-plus-year plan to turn off tracking cookies by default in Chrome
A brief history of Google's ideas, proposals, and APIs for cookie replacements. Enlarge / Google, like most of us, has a hard time letting go of cookies. Most of us just haven't created a complex set of APIs and brokered deals ac.....»»
Google gives up on Chrome plan to ditch third-party cookies
Four years after declaring it wanted to block third-party cookies in Chrome, Google has confirmed it won't block the online trackers after all.Google Chrome iconIn 2020, around the time when Apple blocked third-party cookies in Safari, Google insiste.....»»
Google changes their mind, won’t remove third-party cookies from Chrome
It seems that Google is walking back on their plans to remove third-party cookies from Chrome, offering users an alternative option instead. The post Google changes their mind, won’t remove third-party cookies from Chrome appeared first on Phandroi.....»»
Google Chrome is no longer ‘deprecating third-party cookies’
In a rather stark turnaround, Google is no longer ending support for third-party cookies in its Chrome browser. more….....»»
One-third of dev professionals unfamiliar with secure coding practices
Attackers consistently discover and exploit software vulnerabilities, highlighting the increasing importance of robust software security, according to OpenSSF and the Linux Foundation. Despite this, many developers lack the essential knowledge and sk.....»»
Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991)
A recently fixed vulnerability (CVE-2024-36991) affecting Splunk Enterprise on Windows “is more severe than it initially appeared,” according to SonicWall’s threat researchers. Several PoC exploits have been published, including one.....»»
NDAY Security ATTACKN identifies critical exploitable security vulnerabilities
NDAY Security unveiled the latest release to its automated offensive security platform, ATTACKN. This all-in-one platform enables organizations to deploy, monitor, and manage critical offensive security measures, including: Point-in-time Penetration.....»»
Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419)
Cisco has fixed two critical vulnerabilities that may allow attackers to overwrite files on its Secure Email Gateways (CVE-2024-20401) and change the password of any user on its Smart Software Manager On-Prem license servers (CVE-2024-20419). Neither.....»»
Grype: Open-source vulnerability scanner for container images, filesystems
Grype is an open-source vulnerability scanner designed for container images and filesystems that seamlessly integrates with Syft, a powerful Software Bill of Materials (SBOM) tool. Find vulnerabilities for major operating system packages Alpine Amazo.....»»
Vulnerability in Cisco Smart Software Manager lets attackers change any user password
Yep, passwords for administrators can be changed, too. Enlarge Cisco on Wednesday disclosed a maximum-security vulnerability that allows remote threat actors with no authentication to change the password of any user, in.....»»
Apple touts Safari privacy features in new ad: ‘Your browsing is being watched’
Apple is kicking off a new high-profile ad campaign today focused on Safari. The campaign takes direct aim at other browsers, such as Chrome, where “your browsing is being watched.” Safari, meanwhile, offers several robust privacy protections to.....»»
Void Banshee APT exploited “lingering Windows relic” in zero-day attacks
The zero-day exploit used to leverage CVE-2024-38112, a recently patched Windows MSHTML vulnerability, was wielded by an APT group dubbed Void Banshee to deliver malware to targets in North America, Europe, and Southeast Asia, threat hunters with Tre.....»»
Week in review: RADIUS protocol critical vuln, Microsoft 0-day exploited for a year, AT&T breach
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Hackers stole call, text records of “nearly all” of AT&T’s cellular customers Hackers leveraging stolen Snowflake account credentials have sto.....»»
Threat actors exploited Windows 0-day for more than a year before Microsoft fixed it
The goal of the exploits was to open Explorer and trick targets into running malicious code. Enlarge (credit: Getty Images) Threat actors carried out zero-day attacks that targeted Windows users with malware for more tha.....»»