November 19, 2024 at 04:57PM Apple issued emergency security updates to address two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. The updates aim to enhance security and protect users from potential threats. **Meeting Takeaways:** 1. Apple has released emergency security updates. 2. The updates address two zero-day vulnerabilities. 3. The vulnerabilities … Read more
November 19, 2024 at 04:54PM Apple addressed two vulnerabilities in Safari 18.1.1 for macOS Ventura and Sonoma, released on November 19, 2024. CVE-2024-44308 involves arbitrary code execution from malicious web content, while CVE-2024-44309 relates to cross-site scripting attacks. Both issues may have been actively exploited on Intel-based Mac systems. ### Meeting Notes Summary **Release Information** … Read more
November 19, 2024 at 04:28PM CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities catalog, including a critical OS command injection affecting Progress Kemp LoadMaster. This addition highlights the ongoing need for organizations to address cybersecurity risks through timely updates and patches. ### Meeting Notes Takeaways 1. **New Vulnerabilities Added**: The U.S. Cybersecurity … Read more
November 19, 2024 at 04:20PM CISA has added three new critical vulnerabilities to its KEV catalog, including CVE-2024-1212 in Progress Kemp LoadMaster, which allows remote system access. Organizations must implement updates by December 9, 2024, or cease usage. Additionally, another flaw, CVE-2024-7591, has also been identified but lacks observed exploitation. **Meeting Takeaways:** 1. **New Vulnerabilities … Read more
November 19, 2024 at 03:40PM SecurityWeek Network offers extensive resources on cybersecurity topics, including news on malware, cybercrime, ransomware, and data breaches. It features events like the ICS Cybersecurity Conference, daily newsletters, and insights into various security sectors, ensuring subscribers stay informed on key cybersecurity trends and practices. Unsubscribe options are available. ### Meeting Takeaways: … Read more
November 19, 2024 at 03:15PM Ford is investigating a potential data breach involving 44,000 customer records allegedly leaked by a hacker on a forum. The records, which include identifiable information, could facilitate phishing attacks. The company is currently assessing the situation, acknowledging the seriousness of the claims, and advising caution regarding unsolicited communications. ### Meeting … Read more
November 19, 2024 at 03:02PM A recent EPA study found that nearly one-third of U.S. drinking water systems have cybersecurity vulnerabilities, affecting approximately 82.7 million people. The agency lacks a tracking system for potential attacks, relies on DHS for incident reporting, and faces ongoing challenges in enhancing cybersecurity amidst aging infrastructure. ### Meeting Takeaways: 1. … Read more
November 19, 2024 at 03:00PM Oracle has addressed a critical unauthenticated file disclosure vulnerability (CVE-2024-21287) in its Agile PLM software, which was exploited as a zero-day. Users are urged to update immediately to prevent unauthorized file access. The flaw was reported by CrowdStrike and has a CVSS score of 7.5. **Meeting Takeaways:** 1. **Vulnerability Identified**: … Read more
November 19, 2024 at 02:43PM Apple has addressed two security vulnerabilities in visionOS 2.1.1 for the Apple Vision Pro, with release set for November 19, 2024. CVE-2024-44308 involves potential arbitrary code execution from malicious web content, while CVE-2024-44309 addresses cookie management issues that could lead to cross-site scripting attacks. ### Meeting Notes Takeaways 1. **Upcoming … Read more
November 19, 2024 at 01:57PM Ransomware gangs like Apos, Lynx, and Rabbit Hole are recruiting pen testers to enhance their operations, reflecting the professionalization of Russian cybercrime. A Cato Networks report highlights the growing threat of ransomware, unauthorized AI, and underutilization of Transport Layer Security (TLS) in cybersecurity practices. ### Meeting Takeaways 1. **Ransomware Gangs … Read more