Adobe’s December 2024 Patch Tuesday updates address a total of more than 160 vulnerabilities across 16 products. Roughly 90 of the vulnerabilities were patched in Adobe Experience Manager. A majority are important-severity (medium based on CVSS score) and they allow arbitrary code execution. Some of the flaws can be exploited to bypass security features. CVE-2024-43711 […]
Palo Alto, California-based startup Wald.ai on Tuesday announced the launch of what it describes as a contextual AI and data loss protection platform. Wald has developed a platform that enables enterprises to use AI assistants such as Gemini and ChatGPT for business purposes, but not have to worry about exposing sensitive information. Organizations can use […]
Cybersecurity firm Huntress warned on Monday that an improperly patched vulnerability affecting several file transfer products from enterprise software maker Cleo has been exploited in the wild for at least the past week. Cleo is an Illinois-based company that provides supply chain and B2B integration solutions to more than 4,200 organizations. The firm informed customers […]
Enterprise software maker SAP on Tuesday announced the release of nine new and four updated security notes as part of its December 2024 Security Patch Day. Marked as ‘hot news’, the highest severity in SAP’s notebook, the first new security note addresses three vulnerabilities in NetWeaver AS for JAVA (Adobe Document Services), including a critical […]
Microsoft is offering $10,000 in prizes as part of a new hacking challenge focused on breaking the protections of a realistic simulated LLM-integrated email client. The client, LLMail, includes an assistant that uses an instruction-tuned large language model (LLM) to answer questions based on emails and perform specific actions on behalf of the user. As […]
Ever wonder how cybercriminals infiltrate payment systems and steal funds? Join SecurityWeek and Rachel Tobac, ethical hacker and CEO of Social Proof Security, and Mahmood Khan, CISO, CNA Insurance, on December 10th at 1:00 PM ET for a live, eye-opening session that pulls back the curtain on how bad actors exploit social engineering tactics, like deepfake […]
Astrix Security, an early stage startup building technology to secure non-human identities and app-to-app connections, has bagged $45 million in a Series B funding round led by Menlo Ventures. The Tel Aviv company said the new financing included investments from Workday Ventures, Bessemer Venture Partners (BVP), CRV, and F2 Venture Capital, and brings the total […]
Cisco’s threat intelligence and research unit Talos has disclosed the details of several apparently unpatched vulnerabilities in an MC Technologies industrial router and the GoCast BGP tool. Talos published advisories for the vulnerabilities last month, and on Monday released a blog post announcing that they have yet to be patched, despite being responsibly disclosed to […]
Microsoft has announced new default security protections meant to make it more difficult for threat actors to mount NTLM relay attacks against on-premises Exchange servers. As part of such attacks, threat actors target the NTLM (New Technology LAN Manager) authentication protocol by tricking the victim into authenticating to an arbitrary endpoint and then relaying the […]
A North Korean threat actor was responsible for the $50 million heist that Radiant Capital fell victim to in October, the decentralized finance (DeFi) project says. The incident occurred on October 16, after three developers got infected with malware and their devices were used to sign fraudulent transactions during a routine multi-signature emissions adjustment process. […]