August 22, 2024 at 06:21AM Google has released Chrome 128, addressing 38 vulnerabilities, including 20 reported by external researchers. Seven high-severity flaws were identified, with one exploited in the wild as a zero-day (CVE-2024-7971). The update also resolves other high, medium, and low-severity bugs and includes bug bounty rewards totaling $95,000. Users are urged to … Read more
August 22, 2024 at 02:00AM Google has released security fixes for a high-severity vulnerability (CVE-2024-7971) in its Chrome browser, actively exploited in the wild. It’s a type confusion bug in the V8 engine. The flaw was discovered by Microsoft Threat Intelligence Center and Microsoft Security Response Center. Users are urged to update to Chrome version … Read more
August 21, 2024 at 12:54PM ESET warns of new phishing tactic targeting iOS and Android users with web applications mimicking banking software to steal login credentials. Cybercriminals use Progressive Web Applications and WebAPKs to bypass security measures. The attacks combine voice calls, social media malvertising, and SMS messages to distribute links, mainly targeting mobile banking … Read more
August 21, 2024 at 11:00AM Google is discontinuing its Google Play Security Reward Program (GPSRP) after achieving its goal of increasing Android OS security. Bug submissions will be accepted until August 31, 2024, with final rewards decided by September 30. The program has incentivized developers to improve their app security, paying out a total of … Read more
August 20, 2024 at 09:22PM Microchip Technology disclosed an unauthorized party disrupting its server use and business operations, impacting manufacturing facilities and order fulfillment. Actions were taken to contain the incident, with external cybersecurity advisors involved. The cause and extent of the disruption remain undisclosed, raising concerns given the company’s critical role in supplying chips … Read more
August 20, 2024 at 06:42AM Microsoft will make multi-factor authentication (MFA) mandatory for all Azure customers starting in October. This measure aims to reduce the risk of account compromise and data breaches. Notifications will be sent out to customers to prepare for the enforcement date, and various MFA options will be available, with exceptions until … Read more
August 15, 2024 at 03:15PM SolarWinds advises customers to patch a critical CVE-2024-28986 vulnerability in its Web Help Desk platform, a Java deserialization RCE flaw. If exploited, attackers can run commands on the host machine. The software vendor recommends immediate patch application, urging all versions to be upgraded to 12.8.3 and the hotfix installed. Based … Read more
August 15, 2024 at 07:51AM Palo Alto Networks has released patches for high-severity vulnerabilities in its products, including a command injection issue in Cortex XSOAR, impacting the CommonScripts Pack. The Prisma Access Browser and two medium-severity issues have also been addressed. The company is not aware of any exploited vulnerabilities but has experienced targeted attacks … Read more
August 14, 2024 at 12:41PM AutoCanada was hit by a cyberattack last Sunday, impacting their internal IT systems and could cause disruptions. Based on the meeting notes provided, the clear takeaway is that AutoCanada was targeted by hackers in a cyberattack last Sunday, leading to an impact on the automobile dealership group’s internal IT systems. … Read more
August 14, 2024 at 11:16AM Tenable researchers identified vulnerabilities in Microsoft’s Azure Health Bot Service that could have been exploited by threat actors to access sensitive patient data. The vulnerabilities involved a data connection feature that allowed bots to interact with external sources, potentially leading to a server-side request forgery (SSRF) vulnerability. Microsoft released server-side … Read more