Tue.May 14, 2024

article thumbnail

Another Chrome Vulnerability

Schneier on Security

Google has patched another Chrome zero-day: On Thursday, Google said an anonymous source notified it of the vulnerability. The vulnerability carries a severity rating of 8.8 out of 10. In response, Google said, it would be releasing versions 124.0.6367.201/.202 for macOS and Windows and 124.0.6367.201 for Linux in subsequent days. “Google is aware that an exploit for CVE-2024-4671 exists in the wild,” the company said.

308
308
article thumbnail

Patch Tuesday, May 2024 Edition

Krebs on Security

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Upcoming Speaking Engagements

Schneier on Security

This is a current list of where and when I am scheduled to speak: I’m giving a webinar via Zoom on Wednesday, May 22, at 11:00 AM ET. The topic is “ Should the USG Establish a Publicly Funded AI Option? “ The list is maintained on this page.

234
234
article thumbnail

New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation

The Hacker News

Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-4761, is an out-of-bounds write bug impacting the V8 JavaScript and WebAssembly engine. It was reported anonymously on May 9, 2024.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

CVE-2024-33006: Critical SAP Vulnerability Exposes Systems to Complete Takeover

Penetration Testing

German enterprise software giant SAP has announced the release of 14 new security notes and three updates to previously released notes as part of its May 2024 Security Patch Day. The most significant new... The post CVE-2024-33006: Critical SAP Vulnerability Exposes Systems to Complete Takeover appeared first on Penetration Testing.

article thumbnail

VMware Patches Severe Security Flaws in Workstation and Fusion Products

The Hacker News

Multiple security flaws have been disclosed in VMware Workstation and Fusion products that could be exploited by threat actors to access sensitive information, trigger a denial-of-service (DoS) condition, and execute code under certain circumstances. The four vulnerabilities impact Workstation versions 17.x and Fusion versions 13.x, with fixes available in version 17.5.

143
143

More Trending

article thumbnail

VMware makes Workstation Pro and Fusion Pro free for personal use

Bleeping Computer

VMWare has made Workstation Pro and Fusion Pro free for personal use, allowing home users and students to set up their own virtualized test labs and play with another operating system at little to no cost. [.

Software 141
article thumbnail

Secrecy Concerns Mount Over Spy Powers Targeting US Data Centers

WIRED Threat Level

A coalition of digital rights groups is demanding the US declassify records that would clarify just how expansive a major surveillance program really is.

article thumbnail

Google fixes sixth actively exploited Chrome zero-day this year

Security Affairs

Google released emergency security updates to address an actively exploited Chrome zero-day vulnerability. Google has released emergency security updates to address a high-severity zero-day vulnerability vulnerability, tracked as CVE-2024-4761, in the Chrome browser. The vulnerability is an out-of-bounds write issue that resides in the V8 JavaScript engine of the Google web browser.

article thumbnail

Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code

The Hacker News

The maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security flaws, including two critical issues that could lead to the execution of arbitrary code. The most severe of the vulnerabilities are listed below - CVE-2024-25641 (CVSS score: 9.

138
138
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Ransomware attack on Singing River Health System impacted 895,000 people

Security Affairs

The Singing River Health System revealed that the ransomware attack that hit the organization in August 2023 impacted 895,204 people. At the end of August 2023, the systems at three hospitals and other medical facilities operated by Singing River Health System (SRHS) were hit by a Rhysida ransomware attack. The Singing River Health System runs 3 hospitals and 10 clinics and is the second largest employer on the Mississippi Gulf Coast.

article thumbnail

Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain

We Live Security

One of the most advanced server-side malware campaigns is still growing, with hundreds of thousands of compromised servers, and it has diversified to include credit card and cryptocurrency theft

article thumbnail

QakBot attacks with Windows zero-day (CVE-2024-30051)

SecureList

In early April 2024, we decided to take a closer look at the Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2023-36033 , which was previously discovered as a zero-day exploited in the wild. While searching for samples related to this exploit and attacks that used it, we found a curious document uploaded to VirusTotal on April 1, 2024.

Malware 137
article thumbnail

Russia-Linked Threats to Operational Technology

Digital Shadows

Discover key findings on Russia-linked APTs affecting OT, including detailed analyses, mitigation strategies, and future cybersecurity forecasts.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Incident response analyst report 2023

SecureList

Incident response analyst report 2023 As an information security company, our services include incident response and investigation, and malware analysis. Our customer base spans Russia, Europe, Asia, South and North America, Africa and the Middle East. Our annual Incident Response Report presents anonymized statistics on the cyberattacks we investigated in 2023.

article thumbnail

Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days

Security Affairs

Microsoft Patch Tuesday security updates for May 2024 fixed 59 flaws across various products including an actively exploited zero-day. Microsoft Patch Tuesday security updates for May 2024 addressed 59 vulnerabilities in Windows and Windows Components; Office and Office Components; NET Framework and Visual Studio; Microsoft Dynamics 365; Power BI; DHCP Server; Microsoft Edge (Chromium-based); and Windows Mobile Broadband.

Mobile 132
article thumbnail

6 Mistakes Organizations Make When Deploying Advanced Authentication

The Hacker News

Deploying advanced authentication measures is key to helping organizations address their weakest cybersecurity link: their human users. Having some form of 2-factor authentication in place is a great start, but many organizations may not yet be in that spot or have the needed level of authentication sophistication to adequately safeguard organizational data.

article thumbnail

VMware fixed zero-day flaws demonstrated at Pwn2Own Vancouver 2024

Security Affairs

VMware fixed four flaws in its Workstation and Fusion desktop hypervisors, including three zero-days exploited at the Pwn2Own Vancouver 2024 VMware addressed four vulnerabilities in its Workstation and Fusion desktop hypervisors, including three zero-day flaws demonstrated at the Pwn2Own Vancouver 2024. Below are descriptions of the flaws addressed by the virtualization giant CVE-2024-22267 (CVSS score: 9.3) – A use-after-free vulnerability in the Bluetooth device.

Hacking 130
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Ongoing Campaign Bombarded Enterprises with Spam Emails and Phone Calls

The Hacker News

Cybersecurity researchers have uncovered an ongoing social engineering campaign that bombards enterprises with spam emails with the goal of obtaining initial access to their environments for follow-on exploitation.

article thumbnail

MITRE released EMB3D Threat Model for embedded devices

Security Affairs

The non-profit technology organization MITRE released the EMB3D threat model for embedded devices used in critical infrastructure. MITRE announced the public release of its EMB3D threat model for embedded devices used in various industries (i.e. Automotive, healthcare, and manufacturing), including critical infrastructure. The threat model provides a knowledge base of cyber threats to embedded devices.

article thumbnail

ESET APT Activity Report Q4 2023–Q1 2024

We Live Security

This report summarizes notable activities of selected advanced persistent threat (APT) groups that were documented by ESET researchers from October 2023 until the end of March 2024.

129
129
article thumbnail

VMware fixes three zero-day bugs exploited at Pwn2Own 2024

Bleeping Computer

VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. [.

Hacking 121
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Easily Guessed Passwords for New Accounts Include “User”, “Temp”, “Welcome”

Security Boulevard

New account passwords, often used during onboarding, are vulnerable to sophisticated attacks from malicious actors. Good idea to check: What’s your company using? The post Easily Guessed Passwords for New Accounts Include “User”, “Temp”, “Welcome” appeared first on Security Boulevard.

Passwords 116
article thumbnail

Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws

Bleeping Computer

Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days. [.

119
119
article thumbnail

Unlock Your Cybersecurity Career: Exclusive Discounts on Top Training Courses!

Security Boulevard

There are tremendous opportunities in cybersecurity and the industry needs many more qualified workers. Training plays an important part. That is why I am partnering with Infosec4TC , an online training provider that offers free courses in addition to affordable classes, to offer huge discounts on cybersecurity training (links below have embedded discount codes).

article thumbnail

Security at Scale: The Benefits of Automation for Industrial IoT

GlobalSign

Automation is emerging as a critical defence for securing large-scale IIoT use cases. Learn more about Identity Lifecycle Management for IIoT.

IoT 115
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers

Bleeping Computer

The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port. [.

112
112
article thumbnail

USENIX Security ’23 – A Peek Into The Metaverse: Detecting 3D Model Clones In Mobile Games

Security Boulevard

Authors/Presenters: Chaoshun Zuo, Chao Wang, Zhiqiang Lin Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s content, and the organizations strong commitment to Open Access. Originating from the conference’s events situated at the Anaheim Marriott ; and via the organizations YouTube channel. Permalink The post USENIX Security ’23 – A Peek Into The Metaverse: Detecting 3D Model Clones In Mobile Games appeared first on Security Boulevard.

Mobile 104
article thumbnail

Ebury botnet malware infected 400,000 Linux servers since 2009

Bleeping Computer

A malware botnet known as 'Ebury' has infected almost 400,000 Linux servers since 2009, with roughly 100,000 still compromised as of late 2023.

Malware 108
article thumbnail

Black Basta ransomware group’s techniques evolve, as FBI issues new warning in wake of hospital attack

Graham Cluley

Security agencies in the United States have issued a new warning about the Black Basta ransomware group, in the wake of a high-profile attack against the healthcare giant Ascension. The cyber attack last week forced the Ascension computer systems offline, and caused some hospital emergency departments to turn away ambulances "in order to ensure emergency cases are triaged immediately.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.