The recently disclosed Check Point VPN attacks involve the zero-day vulnerability CVE-2024-24919, which allows hackers to obtain passwords.
The post Check Point VPN Attacks Involve Zero-Day Exploited Since April appeared first on SecurityWeek.
Views: 0Source: www.securityweek.com – Author: Ionut Arghire Google on Thursday rolled out a fresh Chrome update to address another exploited vulnerability in the popular web browser, the fourth zero-day to be patched in two weeks. Tracked as CVE-2024-5274, the high-severity flaw is described as a type confusion in the V8 JavaScript and WebAssembly engine. “Google […]
La entrada Google Patches Fourth Chrome Zero-Day in Two Weeks – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Source: securityaffairs.com – Author: Pierluigi Paganini Google fixes eighth actively exploited Chrome zero-day this year, the third in a month Google rolled out a new emergency security update to fix another actively exploited zero-day vulnerability in the Chrome browser. Google has released a new emergency security update to address a new vulnerability, tracked as CVE-2024-5274, […]
La entrada Google fixes eighth actively exploited Chrome zero-day this year, the third in a month – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.
Dear Opera Users! The latest stable release of Opera – 110.0.5130.39, incorporates a crucial 0-day fix for CVE-2024-5274, enhancing user security. This update ensures safer browsing for everyone.Opera is available on Windows, macOS, Linux, Android and iOS. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
Tool consolidation continues, with Palo Alto’s plans to absorb IBM's QRadar software. This movement will continue and makes sense for the consumers of security software, as well. The reasons are clear: According to a recent report, 75% of IT professionals spend between at least half their day — 4-6 hours — managing their cybersecurity tools. Some — 14% — are spending more than an entire shift (7-9 hours) managing tools. There are far too many time-consuming chores, including monitoring security platforms, patching vulnerabilities, responding to high-priority alerts, responding to low-priority alerts, wasting time responding to vulnerabilities that can’t be attacked because they’re in lumps of code that never get called by the application, managing endpoint agents, integrating other security tools and analyzing alerts. This can’t go on. The future lies in consolidation.
The post Cybersecurity Insights with Contrast CISO David Lindner | 5/24/24 appeared first on Security Boulevard.
New paper: “Zero Progress on Zero Days: How the Last Ten Years Created the Modern Spyware Market“:
Abstract: Spyware makes surveillance simple. The last ten years have seen a global market emerge for ready-made software that lets governments surveil their citizens and foreign adversaries alike and to do so more easily than when such work required tradecraft. The last ten years have also been marked by stark failures to control spyware and its precursors and components. This Article accounts for and critiques these failures, providing a socio-technical history since 2014, particularly focusing on the conversation about trade in zero-day vulnerabilities and exploits. Second, this Article applies lessons from these failures to guide regulatory efforts going forward. While recognizing that controlling this trade is difficult, I argue countries should focus on building and strengthening multilateral coalitions of the willing, rather than on strong-arming existing multilateral institutions into working on the problem. Individually, countries should focus on export controls and other sanctions that target specific bad actors, rather than focusing on restricting particular technologies. Last, I continue to call for transparency as a key part of oversight of domestic governments’ use of spyware and related components.
Exploited in the wild, Chrome vulnerability CVE-2024-5274 is a high-severity flaw described as a type confusion in the V8 JavaScript and WebAssembly engine.
The post Google Patches Fourth Chrome Zero-Day in Two Weeks appeared first on SecurityWeek.
Google releases Chrome 125 to the stable channel with patches for nine vulnerabilities, including a zero-day.
The post Third Chrome Zero-Day Patched by Google Within One Week appeared first on SecurityWeek.
Google has patched CVE-2024-4761, the second exploited vulnerability addressed by the company within one week.
The post Google Patches Second Chrome Zero-Day in One Week appeared first on SecurityWeek.
Google has patched another Chrome zero-day:
On Thursday, Google said an anonymous source notified it of the vulnerability. The vulnerability carries a severity rating of 8.8 out of 10. In response, Google said, it would be releasing versions 124.0.6367.201/.202 for macOS and Windows and 124.0.6367.201 for Linux in subsequent days.
“Google is aware that an exploit for CVE-2024-4671 exists in the wild,” the company said.
Google didn’t provide any other details about the exploit, such as what platforms were targeted, who was behind the exploit, or what they were using it for.
Enlarge (credit: Getty Images)
Google has updated its Chrome browser to patch a high-severity zero-day vulnerability that allows attackers to execute malicious code on end user devices. The fix marks the fifth time this year the company has updated the browser to protect users from an existing malicious exploit.
The vulnerability, tracked as CVE-2024-4671, is a “use after free,” a class of bug that occurs in C-based programming languages. In these languages, developers must allocate memory space needed to run certain applications or operations. They do this by using “pointers” that store the memory addresses where the required data will reside. Because this space is finite, memory locations should be deallocated once the application or operation no longer needs it.
Use-after-free bugs occur when the app or process fails to clear the pointer after freeing the memory location. In some cases, the pointer to the freed memory is used again and points to a new memory location storing malicious shellcode planted by an attacker’s exploit, a condition that will result in the execution of this code.
A Chrome 124 update patches the second Chrome zero-day that has been found to be exploited in malicious attacks in 2024.
The post Exploited Chrome Zero-Day Patched by Google appeared first on SecurityWeek.
MITRE has shared more details on the recent hack, including the new malware involved in the attack and a timeline of the attacker’s activities.
The post MITRE Hack: China-Linked Group Breached Systems in December 2023 appeared first on SecurityWeek.
Login