Google has pushed a major Chrome browser update to patch three vulnerabilities, including two high-severity memory safety bugs reported by external researchers. The first of the externally reported issues, tracked as CVE-2024-12381, is a type confusion flaw in the V8 JavaScript engine that earned the reporting researcher a $55,000 bug bounty reward. As customary, Google […]
Ever wonder how cybercriminals infiltrate payment systems and steal funds? Join SecurityWeek and Rachel Tobac, ethical hacker and CEO of Social Proof Security, and Mahmood Khan, CISO, CNA Insurance, for this eye-opening session that pulls back the curtain on how bad actors exploit social engineering tactics, like deepfake technology and Business Email Compromise (BEC), to target your […]
Atlassian and Splunk on Tuesday announced patches for more than two dozen vulnerabilities across their product portfolios, including multiple high-severity flaws in third-party components. Atlassian released fixes for 10 high-severity vulnerabilities in Bamboo Data Center and Server, Bitbucket Data Center and Server, and Confluence Data Center and Server, all rated high-severity and affecting third-party dependencies. […]
A recently emerged ransomware group named Termite may be behind the recent attacks exploiting a vulnerability in file transfer tools from enterprise software maker Cleo. It came to light on Monday that an improperly patched vulnerability affecting Cleo’s Harmony, VLTrader, and LexiCom products, which the vendor attempted to fix in late October with the release […]
Forget the 10 septillion years needed for a classical computer to solve this problem, and focus instead on the falling number of necessary error correction qubits. Google announced its latest quantum computing advance, the Willow chip, on December 9, 2024. The announcement focuses on two aspects: current power and future potential. The power is demonstrated […]
Vein care provider Center for Vein Restoration is notifying over 446,000 individuals that their personal, medical, and financial information was compromised in a recent cyberattack. Headquartered in Greenbelt, Maryland, Center for Vein Restoration provides patient-centered treatment options for venous insufficiency, including varicose veins and spider veins. The incident, the organization says in an incident notice, […]
The December 2024 ICS Patch Tuesday brings advisories from the cybersecurity agency CISA, as well as several major industrial automation companies. Schneider Electric published three new advisories this Patch Tuesday. One advisory describes a critical flaw in Modicon controllers that can allow an unauthenticated attacker to cause disruption to operations. Another advisory describes a high-severity […]
Ivanti on Tuesday announced patches for 11 vulnerabilities in its products, including five critical-severity bugs in Cloud Services Application, Connect Secure, and Policy Secure. The most severe of these issues is CVE-2024-11639 (CVSS score of 10/10), an authentication bypass affecting the Cloud Services Application (CSA) secure communication solution. Affecting the administrator web console of the […]
The US government on Tuesday announced charges and sanctions against a Chinese national accused of being involved in the hacker attacks targeting Sophos firewalls. The attacks, which Sophos tracked over a period of five years, involved the exploitation of zero-day vulnerabilities in the security firm’s firewalls in an effort to plant backdoors and steal sensitive […]
Software giant Microsoft on Tuesday rolled out patches for more than 70 documented security defects and called urgent attention to an already-exploited zero-day in the Windows Common Log File System (CLFS). The CLFS vulnerability, tagged as CVE-2024-49138 and marked as actively exploited in the wild, was reported by anti-malware vendor CrowdStrike. It carries a CVSS […]