Exploited: Cisco, SharePoint, Chrome vulnerabilities
Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s Chrome browser (CVE-2024-4947). CVE-2024-20481 (Cisco ASA/FTD) In the past few.....»»
Stopping security breaches by managing AppSec posture
Many security vulnerabilities result from human error, and the majority of these are reflected in the application layer. These errors may occur at any stage in the software development life cycle, from code to cloud. In this Help Net Security video,.....»»
New covert SharePoint data exfiltration techniques revealed
Varonis Threat Labs researchers have uncovered two techniques attackers can use can use for covert data and file exfiltration from companies’ SharePoint server. “These techniques can bypass the detection and enforcement policies of tradit.....»»
Eclypsium Automata discovers vulnerabilities in IT infrastructure
Eclypsium launches Automata, a new AI-assisted feature for its digital supply chain security platform. Available now, Automata is an automated binary analysis system that replicates the knowledge and tooling of expert security researchers to discover.....»»
Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234)
On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro.....»»
Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234)
On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro.....»»
Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234)
On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro.....»»
Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234)
On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro.....»»
LG smart TVs may be taken over by remote attackers
Bitdefender researchers have uncovered four vulnerabilities in webOS, the operating system running on LG smart TVs, which may offer attackers unrestricted (root) access to the devices. “Although the vulnerable service is intended for LAN access.....»»
Thousands of LG TVs are vulnerable to takeover—here’s how to ensure yours isn’t one
LG patches four vulnerabilities that allow malicious hackers to commandeer TVs. Enlarge (credit: Getty Images) As many as 91,000 LG TVs face the risk of being commandeered unless they receive a just-released security upd.....»»
SINEC Security Guard identifies vulnerable production assets
Production facilities are increasingly the target of cyberattacks. Industrial companies are therefore required to identify and close potential vulnerabilities in their systems. To address the need to identify cybersecurity vulnerabilities on the shop.....»»
Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation
D-Link won't be patching vulnerable NAS devices because they're no longer supported. Enlarge (credit: Getty Images) Hackers are actively exploiting a pair of recently discovered vulnerabilities to remotely commandeer net.....»»
92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273)
A vulnerability (CVE-2024-3273) in four old D-Link NAS models could be exploited to compromise internet-facing devices, a threat researcher has found. The existence of the flaw was confirmed by D-Link last week, and an exploit for opening an interact.....»»
April 2024 Patch Tuesday forecast: New and old from Microsoft
This month, we have a new product preview from Microsoft, and some older products are being prepared for end-of-support. But before we go there, March 2024 Patch Tuesday was pretty mild, with 60 unique vulnerabilities addressed. We saw updates to Mic.....»»
Threat actors are raising the bar for cyber attacks
From sophisticated nation-state-sponsored intrusions to opportunistic malware campaigns, cyber attacks manifest in various forms, targeting vulnerabilities in networks, applications, and user behavior. The consequences of successful cyber attacks can.....»»
Ivanti vows to transform its security operating model, reveals new vulnerabilities
Ivanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure (SSL VPN solution) and Ivanti Policy Secure (NAC solution), some of which could also lead to execution of arbitrary code or information disclosure. Also, three mo.....»»
NVD: NIST is working on longer-term solutions
The recent conspicuous faltering of the National Vulnerability Database (NVD) is “based on a variety of factors, including an increase in software and, therefore, vulnerabilities, as well as a change in interagency support,” says the U.S......»»
How Google plans to make stolen session cookies worthless for attackers
Google is working on a new security feature for Chrome called Device Bound Session Credentials (DBSC), meant to prevent attackers from using stolen session cookies to gain access user accounts. Session (i.e., authentication) cookies are stored by bro.....»»
Apple, Google fail in legal challenge against patent review rule
Apple, Google, and a number of other tech companies have failed to convince a court that the U.S. Patent and Trademark Office's rule denying some inter partes reviews of patents is illegal.A gavel [Pexels]Apple, along with Google, Cisco, Intel, and E.....»»
73% brace for cybersecurity impact on business in the next year or two
Only 3% of organizations across the globe have the ‘mature’ level of readiness needed to be resilient against modern cybersecurity risks, according to Cisco. The 2024 Cisco Cybersecurity Readiness Index highlights that readiness is down significa.....»»
Google agrees to delete Incognito data despite prior claim that’s “impossible”
What a lawyer calls "a historic step," Google considers not that "significant." Enlarge (credit: Anadolu / Contributor | Anadolu) To settle a class-action dispute over Chrome's "Incognito" mode, Google has agreed to dele.....»»