Windows 11 KB5048667 & KB5048685 cumulative updates released

December 10, 2024 at 01:23PM Microsoft has released cumulative updates KB5048667 and KB5048685 for Windows 11 versions 24H2 and 23H2 to address security vulnerabilities and other issues. **Meeting Takeaways:** 1. **Updates Released**: Microsoft has released cumulative updates for Windows 11, specifically KB5048667 and KB5048685. 2. **Supported Versions**: The updates are applicable to Windows 11 versions … Read more

About the security content of visionOS 2 – Apple Support

October 13, 2024 at 02:30PM Multiple vulnerabilities affecting visionOS 2 on Apple Vision Pro have been addressed in a September 2024 update. Issues include improved checks for root access, race conditions, out-of-bounds reads, cross-origin data exfiltration, denial-of-service risks, and unauthorized Bluetooth access. Users are encouraged to update to enhance security. **Meeting Takeaways: Security Updates for … Read more

Windows 11 KB5044284 and KB5044285 cumulative updates released

October 8, 2024 at 01:48PM Microsoft released KB5044284 and KB5044285 Windows 11 cumulative updates for versions 24H2 and 22H2/23H2, addressing security vulnerabilities and resolving 27 bugs and performance issues. Users can install the updates through Windows Update or manually from the Microsoft Update Catalog. The updates include various fixes and improvements, with details available in … Read more

Congress Advances Bill to Add AI to National Vulnerability Database

September 26, 2024 at 02:37PM The House committee advanced a bill allowing the NIST to formalize reporting of AI security vulnerabilities, facing funding concerns. The bipartisan AI Incident Reporting and Security Enhancement Act, now at full Congress, mandates NIST to incorporate AI systems into NVD. There’s concern over funding and clarifying certain terms in the … Read more

Android’s September 2024 Update Patches Exploited Vulnerability

September 4, 2024 at 05:36AM Google has released a new set of Android security updates addressing 35 vulnerabilities, including a high-severity local privilege escalation bug. The bug, tracked as CVE-2024-32896, was exploited in attacks and is addressed in the September 2024 Android security bulletin. The updates also resolve other high-severity flaws and issues in Framework … Read more

RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors

September 2, 2024 at 10:18AM RansomHub, a Ransomware-as-a-service variant, has targeted at least 210 victims across various sectors, using the double extortion model to extort data and funds. Exploiting security vulnerabilities, affiliates conduct reconnaissance and network scanning before targeting victim environments. The surge in Ransomware-as-a-service variants has led to new variants and collaborations with nation-state … Read more

31.5M invoices, contracts, patient consent forms, and more exposed to the internet

August 26, 2024 at 09:07AM Nearly 2.7 TB of sensitive data, including invoices, contracts, HIPPA patient consent forms, belonging to various businesses, has been exposed due to a non-password protected database. The exposed files, traced by security researcher Jeremiah Fowler, belonged to ServiceBridge and contained personal information from numerous clients. The database has since been … Read more

Major Backdoor in Millions of RFID Cards Allows Instant Cloning

August 20, 2024 at 02:24PM Quarkslab has uncovered a significant backdoor in Shanghai Fudan Microelectronics Group’s contactless cards, enabling instant cloning of RFID smart cards. This vulnerability affects widely-used MIFARE Classic cards and their variants, potentially compromising user-defined keys. Quarkslab urges swift infrastructure checks and risk assessment, as these cards are not limited to the … Read more

Every Google Pixel Phone Has a Verizon App that Doubles As a Backdoor

August 19, 2024 at 01:39PM A defunct application, “Showcase.apk,” has been discovered in the firmware of Google Pixel phones since September 2017. Despite being obsolete, it possesses significant privileges and potential for malicious activities. The app, pre-installed with Verizon, remains unremovable unless by Google. Although default-off, it poses a threat, especially for high-risk users and … Read more

Adobe Calls Attention to Massive Batch of Code Execution Flaws

August 13, 2024 at 01:45PM Adobe released 72 security vulnerability fixes for various products, warning Windows and macOS users of code execution and denial-of-service risks. Critical flaws were addressed in Adobe Acrobat, Reader, Illustrator, Photoshop, InDesign, Commerce, Bridge, Substance 3D Stager, Substance 3D Sampler, Substance 3D Designer, and InCopy, urging users to update to the … Read more