December 11, 2023 at 06:53AM 23andMe’s data breach revealed that 5.5 million sets of “DNA relatives” profiles were stolen, along with 1.4 million sets of Family Tree data. Additionally, hundreds of laptops stolen from a Bay Area tech company were recovered, and Henry Schein employees’ personal data was stolen in a ransomware attack. These incidents … Read more
November 28, 2023 at 09:06AM Ray, an open source compute framework for AI, has a critical vulnerability that allows unauthorized access to all nodes, warns cybersecurity firm Bishop Fox. The bug, known as CVE-2023-48023, exists because Ray does not properly enforce authentication on its dashboard and client components. Attackers can exploit this vulnerability to submit … Read more
November 24, 2023 at 01:20PM Open-source file sharing software ownCloud has issued warnings about three critical security vulnerabilities. The first flaw exposes administrator passwords and mail server credentials. The second flaw allows unauthorized access to files without authentication. The third flaw bypasses subdomain validation in the OAuth2 library. Users are advised to apply recommended fixes … Read more
November 14, 2023 at 04:51PM Frontegg has released an open source tool called HARmor to help secure HTTP Archive (HAR) files from unauthorized access. HAR files are commonly used by developers and support teams for debugging, performance analysis, and investigating security vulnerabilities of web applications. HAR files can contain sensitive data, making them potential targets … Read more
November 14, 2023 at 03:45PM Microsoft released patches for 59 security vulnerabilities, including two zero-days being exploited in the wild. The vulnerabilities in Windows OS and components could allow attackers to gain SYSTEM privileges. Microsoft’s bulletins did not provide details on the live attacks. Adobe also released patches for 72 security bugs, including code-execution defects … Read more
November 14, 2023 at 01:38PM Microsoft has released the KB5032190 cumulative update for Windows 11, enabling Moment 4 features for all users. The update includes new features like Copilot and the ability to ungroup apps on the taskbar. There are also some known issues that Microsoft plans to address in a future update. The patch … Read more
November 7, 2023 at 11:42AM Veeam Software has released patches for four severe security vulnerabilities in its Veeam ONE product. The vulnerabilities could lead to remote code execution attacks and password acquisition. Administrators are urged to promptly download and install the patches. There is no evidence of the vulnerabilities being exploited, but attackers have previously … Read more
October 20, 2023 at 11:06AM Researchers discovered three critical remote code execution vulnerabilities in SolarWinds Access Rights Manager (ARM), allowing attackers to run code with SYSTEM privileges. SolarWinds ARM helps organizations manage and audit user access rights. The vendor promptly released a patch in version 2023.2.1 of the system. The vulnerabilities’ severity ratings are all … Read more