Exploited: Cisco, SharePoint, Chrome vulnerabilities
Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s Chrome browser (CVE-2024-4947). CVE-2024-20481 (Cisco ASA/FTD) In the past few.....»»
There’s a scary new way to undo Windows security patches
A security researcher has released a new tool that can unpatch your Windows computer and expose it to old vulnerabilities......»»
Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)
Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made web shell dubbed VersaMem by the researchers. The malware harvests credentia.....»»
Hackers infect ISPs with malware that steals customers’ credentials
Zero-day that was exploited since June to infect ISPs finally gets fixed. Enlarge (credit: Getty Images) Malicious hackers likely working on behalf of the Chinese government have been exploiting a high-severity zero-day.....»»
Adversaries love bots, short-lived IP addresses, out-of-band domains
Fastly found 91% of cyberattacks – up from 69% in 2023 – targeted multiple customers using mass scanning techniques to uncover and exploit software vulnerabilities, revealing an alarming trend in attacks spreading across a broader target base. In.....»»
Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: PostgreSQL databases under attack Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers......»»
New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971)
A new Chrome zero-day vulnerability (CVE-2024-7971) exploited by attackers in the wild has been fixed by Google. About CVE-2024-7971 CVE-2024-7971 is a high-severity vulnerability caused by a type confusion weakness in V8, the open-source JavaScript.....»»
Google can’t defend shady Chrome data hoarding as “browser agnostic,” court says
Court reverses Google win in case from Chrome users who chose not to sync data. Enlarge (credit: Thomas Trutschel / Contributor | Photothek) Chrome users who declined to sync their Google accounts with their browsing dat.....»»
According to the UN, Canadians with intellectual disabilities are being exploited
Canada was recently criticized by Tomoya Obokata, the United Nations Special Rapporteur on Contemporary Forms of Slavery, in relation to the shortcomings of the temporary foreign worker program......»»
Screen sharing on Chrome for Android just got a huge privacy upgrade
Google is looking to introduce new privacy features on Chrome for Android when it comes to screen sharing, to protect sensitive information. The post Screen sharing on Chrome for Android just got a huge privacy upgrade appeared first on Phandroid......»»
0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)
CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ computers, Gen Digital researchers have revealed. About CVE-2024-38193 CVE-202.....»»
Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera
Vulnerabilities in popular Microsoft apps for macOS can be abused by attackers to record video and audio clips, take pictures, access and exfiltrate data and send emails, Cisco Talos researchers have discovered. Library injection vulnerabilities in M.....»»
Vulnerability in Microsoft apps allowed hackers to spy on Mac users
A vulnerability found in Microsoft apps for macOS allowed hackers to spy on users. Security researchers from Cisco Talos reported in a blog post how the vulnerability could be exploited by attackers and what Microsoft has been doing to fix the explo.....»»
Windows 0-day was exploited by North Korea to install advanced rootkit
FudModule rootkit burrows deep into Windows, where it can bypass key security defenses. Enlarge (credit: Getty Images) A Windows zero-day vulnerability recently patched by Microsoft was exploited by hackers working on be.....»»
Apple Podcasts launches web app, listen to your Up Next queue and library in a browser
Apple Podcasts is expanding to the web, starting today. You can access the new web app version at podcasts.apple.com, in desktop web browsers including Safari, Chrome, Edge and Firefox. For the first time, Apple Podcasts users can access their Up.....»»
Security flaws in Microsoft Mac apps could let attackers spy on users
Cisco Talos recently uncovered security vulnerabilities in several Microsoft apps for macOS that can potentially let attackers spy on your camera and other system components.Security flaws found in Microsoft apps for MacTalos claims to have found eig.....»»
Common API security issues: From exposed secrets to unauthorized access
Despite their role in connecting applications and driving innovation, APIs often suffer from serious security vulnerabilities. Recent investigations reveal that many organizations are struggling with exposed secrets such as passwords and API keys, wh.....»»
Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200) A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited.....»»
Best Buy cut $150 off this 2-in-1 Chromebook for back to school
The Acer Chromebook Spin 714, a powerful 2-in-1 laptop that's powered by Google's Chrome OS, is on sale from Best Buy for only $550 following a $150 discount......»»
Critical Start helps organizations reduce cyber risk from vulnerabilities
Critical Start announced Critical Start Vulnerability Management Service (VMS) and Vulnerability Prioritization. These new offerings are a foundational pillar of Managed Cyber Risk Reduction, allowing organizations to assess, manage, prioritize, and.....»»
Business and tech consolidation opens doors for cybercriminals
Cyber threats continued to intensify in the first half of 2024 as cybercriminals exploited security gaps from growing business and technological consolidation, according to Resilience. Consolidation in business and tech fuels new third-party risks Re.....»»