IBM Boosts Guardium Platform to Address Shadow AI, Quantum Cryptography IBM is updating and upgrading its Guardium platform to provide security for the two primary new technology problems: AI models and quantum safety. IBM Guardium AI Security and IBM Guardium Quantum Safe combine to form the newly launched IBM Guardium Data Security Center, which operates across the entire enterprise hybrid infrastructure See more:
SecurityWeek
IBM Boosts Guardium Platform to Address Shadow AI, Quantum Cryptography
IBM announced updating and upgrading its Guardium platform to provide security for AI models and quantum safety.
 #cybersecurity
CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) A high-severity flaw impacting Microsoft SharePoint has been added to the Known Exploited Vulnerabilities (KEV) catalog by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday, citing evidence of active exploitation. The vulnerability, tracked as CVE-2024-38094 (CVSS score: 7.2), has been described as a deserialization vulnerability impacting SharePoint that could result in remote code execution. "An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server," Microsoft said in an alert for the flaw. See more:
The Hacker News
CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094)
CISA alerts on active exploitation of a SharePoint flaw, urging federal agencies to apply patches quickly.
 #cybersecurity #security
WhatsApp now encrypts contact databases for privacy-preserving synching The WhatsApp messenger platform has introduced Identity Proof Linked Storage (IPLS), a new privacy-preserving encrypted storage system designed for contact management. The new system solves two long-standing problems WhatsApp users have been dealing with for years, namely the risk of losing their contact lists if they lose their phone and the inability to sync contacts between different devices. With IPLS, WhatsApp contact lists will now bind to the account rather than the device, allowing users to easily manage them between device changes or replacements. See more:
BleepingComputer
WhatsApp now encrypts contact databases for privacy-preserving synching
The WhatsApp messenger platform has introduced Identity Proof Linked Storage (IPLS), a new privacy-preserving encrypted storage system designed for...
 #cybersecurity #security
Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. Kaspersky discovered the attacks on May 13, 2024, and reported the Chrome zero-day flaw to Google. Google issued a fix for CVE-2024-4947 on May 25, with Chrome version 125.0.6422.60/.61. See more:
BleepingComputer
Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day
The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game...
 #cybersecurity #security
Tor 14.0 browser is out! It’s based on Firefox ESR 128, with enhanced privacy protections and bug fixes. This is the first stable release based on Firefox ESR 128, incorporating a year's worth of changes shipped upstream in Firefox. Android adds desktop feature "New circuit for this site", allowing mobile users to request a new circuit, to refresh the connection, in a more targeted fashion. Extended support for legacy platforms: Windows 7, 8 and 8.1 and macOS 10.12, 10.13 and 10.14 will continue to receive critical security updates updates on a temporary basis until at least March 2025! See more:
New Release: Tor Browser 14.0 | Tor Project
Tor Browser 14.0 is now available, featuring an update to Firefox ESR 128, extended support for legacy Windows and macOS platforms, and the ability...
 Twitter post:
X (formerly Twitter)
The Tor Project (@torproject) on X
🚨 Tor Browser 14.0 is out! 🚀 It’s based on Firefox ESR 128, with enhanced privacy protections and bug fixes. https://t.co/JWp9w2y2dd
 #privacy #tor #security
Critical Vulnerabilities Expose mbNET.mini, Helmholz Industrial Routers to Attacks Germany’s CERT@VDE has alerted organizations to several critical and high-severity vulnerabilities discovered recently in industrial routers. Impacted vendors have released patches for their products. See more:
SecurityWeek
Critical Vulnerabilities Expose mbNET.mini, Helmholz Industrial Routers to Attacks
Critical vulnerabilities that can lead to full device compromise have been found in mbNET.mini and Helmholz industrial routers.
 #cybersecurity #security
VMware fixes bad patch for critical vCenter Server RCE flaw VMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not correctly fixed in the first patch from September 2024. The flaw is rated critical (CVSS v3.1 score: 9.8) and stems from a heap overflow weakness in vCenter's DCE/RPC protocol implementation, impacting the vCenter Server and any products incorporating it, such as vSphere and Cloud Foundation. The flaw does not require user interaction for exploitation, as remote code execution is triggered when a specially crafted network packet is received. See more:
BleepingComputer
VMware fixes bad patch for critical vCenter Server RCE flaw
VMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not c...
 #cybersecurity #security
Google Warns of Samsung Zero-Day Exploited in the Wild A zero-day vulnerability in Samsung’s mobile processors has been leveraged as part of an exploit chain for arbitrary code execution, Google’s Threat Analysis Group (TAG) warns. Tracked as CVE-2024-44068 (CVSS score of 8.1) and patched as part of Samsung’s October 2024 set of security fixes, the issue is described as a use-after-free bug that could be abused to escalate privileges on a vulnerable Android device. “An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, and W920. A use-after-free in the mobile processor leads to privilege escalation,” a NIST advisory reads. See more:
SecurityWeek
Google Warns of Samsung Zero-Day Exploited in the Wild
A zero-day vulnerability in Samsung mobile processors has been abused as part of an exploit chain for arbitrary code execution.
 #cybersecurity #security
Atlassian Patches Vulnerabilities in Bitbucket, Confluence, Jira Atlassian has announced security updates that resolve six high-severity vulnerabilities in Bitbucket, Confluence, and Jira Service Management products. See more:
SecurityWeek
Atlassian Patches Vulnerabilities in Bitbucket, Confluence, Jira
Atlassian has released patches for high-severity vulnerabilities in Bitbucket, Confluence, and Jira Service Management.
 #cybersecurity #security
Roundcube Webmail Vulnerability Exploited in Government Attack A threat actor was caught attempting to exploit a recent vulnerability in Roundcube Webmail against a governmental organization in a Commonwealth of Independent States (CIS) country, cybersecurity firm Positive Technologies reports. Tracked as CVE-2024-37383 and described as a cross-site scripting (XSS) issue affecting the way Roundcube was handling SVG animate attributes, the bug was patched on May 19 in Roundcube Webmail versions 1.5.7 and 1.6.7. See more:
SecurityWeek
Roundcube Webmail Vulnerability Exploited in Government Attack
An XSS vulnerability in Roundcube Webmail has been targeted for code execution against a governmental organization in a CIS country.
 #cybersecurity #security