Week in review: Google fixes yet another Chrome zero-day exploit, YouTube as a cybercrime channel

Google fixes yet another Chrome zero-day exploited in the wildFor the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability with an in-the-wild exploit.
Authelia: Open-source authentication and authorization serverAuthelia is an open-source authentication and authorization server that offers 2FA and SSO for applications through a web portal.
Fail2Ban: Ban hosts that cause multiple authentication errorsFail2Ban is an open-source tool that monitors log files, such as /var/log/auth.
Strategies for transitioning to a SASE architectureIn this Help Net Security, Prakash Mana, CEO at Cloudbrink, discusses the primary challenges companies face when transitioning to a SASE architecture and how to overcome them.
Strategies for combating AI-enhanced BEC attacksIn this Help Net Security interview, Robert Haist, CISO at TeamViewer, discusses how AI is being leveraged by cybercriminals to enhance the effectiveness of BEC scams.
Grafana: Open-source data visualization platformGrafana is an open-source solution for querying, visualizing, alerting, and exploring metrics, logs, and traces regardless of where they are stored.
Compromised courtroom recording software was served from vendor's official siteCourtroom recording software JAVS Viewer has been saddled with loader malware and has been served from the developer's site since at least April 2, a threat researcher has warned last month.
GitHub fixes maximum severity Enterprise Server auth bypass bugA critical, 10-out-of-10 vulnerability allowing unrestricted access to vulnerable GitHub Enterprise Server instances has been fixed by Microsoft-owned GitHub.
HHS pledges $50M for autonomous vulnerability management solution for hospitalsAs organizations in the healthcare sector continue to be a prime target for ransomware gangs and CISA warns about a vulnerability in a healthcare-specific platform being leveraged by attackers, the Advanced Research Projects Agency for Health has announced the Universal PatchinG and Remediation for Autonomous DEfense program aimed at developing a vulnerability management platform for healthcare IT teams.
Veeam fixes auth bypass flaw in Backup Enterprise ManagerVeeam has patched four vulnerabilities in Backup Enterprise Manager, one of which may allow attackers to bypass authentication and log in to its web interface as any user.
Critical Fluent Bit flaw affects major cloud platforms, tech companies' offeringsTenable researchers have discovered a critical vulnerability in Fluent Bit, a logging utility used by major cloud providers and tech companies, which may be leveraged for denial of service, information disclosure, or remote code execution.
PoC exploit for Ivanti EPMM privilege escalation flaw releasedTechnical details about and a proof-of-concept exploit for CVE-2024-22026, a privilege escalation bug affecting Ivanti EPMM, has been released by the vulnerability's reporter.
CISOs pursuing AI readiness should start by updating the org's email security policyOver the past few years, traditional phishing messages - with their pervasive linguistic errors, thinly-veiled malicious payloads, and often outlandish pretexts - have been on the decline.
Easily detected by most of today's standard email security tools, this prototypical form of phishing may soon be a thing of the past.
2024 sees continued increase in ransomware activityIn this Help Net Security video, Ryan Bell, Threat Intelligence Manager at Corvus Insurance, discusses how ransomware will continue to grow in 2024.
Consumers continue to overestimate their ability to spot deepfakesThe Jumio 2024 Online Identity Study reveals significant consumer concerns about the risks posed by generative AI and deepfakes, including the potential for increased cybercrime and identity fraud.
SEC requires financial institutions to notify customers of breaches within 30 daysThe Securities and Exchange Commission announced the adoption of amendments to Regulation S-P to modernize and enhance the rules that govern the treatment of consumers' nonpublic personal information by certain financial institutions.
Technological complexity drives new wave of identity risksSecurity leaders are facing increased technological and organizational complexity, which is creating a new wave of identity risks for their organizations, according to ConductorOne.
Product showcase: Alert - Data breach detector for your email, credit card, and IDWith Alert, you can easily monitor your most important credentials, such as your email, credit card, and ID. Alert will instantly notify you if it appears in breached online databases.
New infosec products of the week: May 24, 2024Here's a look at the most interesting products from the past week, featuring releases from CyberArk, OneTrust, PlexTrac, and Strike Graph.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Sun, 26 May 2024 19:13:08 +0000


Cyber News related to Week in review: Google fixes yet another Chrome zero-day exploit, YouTube as a cybercrime channel

Google Chrome Zero-Day Bug Under Attack, Allows Code Injection - Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. The vulnerability, assigned as CVE-2024-0519, is the first Chrome zero-day bug that Google has disclosed in 2024, and the second in the ...
11 months ago Darkreading.com
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
11 months ago Darkreading.com
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
6 months ago Securityaffairs.com
Google fixes first actively exploited Chrome zero-day of 2024 - Google has released security updates to fix the first Chrome zero-day vulnerability exploited in the wild since the start of the year. The company fixed the zero-day for users in the Stable Desktop channel, with patched versions rolling out worldwide ...
11 months ago Bleepingcomputer.com
Google Patches Another Chrome Zero-Day as Browser Attacks Mount - For the fourth time since August, Google has disclosed a bug in its Chrome browser technology that attackers were actively exploiting in the wild before the company had a fix for it. Integer Overflow Bug The latest zero-day, which Google is tracking ...
1 year ago Darkreading.com
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own - Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. The company addressed the security flaw on systems running macOS Monterey and macOS ...
7 months ago Bleepingcomputer.com
Google patches third exploited Chrome zero-day in a week - Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week. The company fixed the zero-day flaw with the release of 125.0.6422.60/.61 for Mac/Windows and 125.0.6422.60. ...
7 months ago Bleepingcomputer.com
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
11 months ago Techtarget.com
Week in review: Google fixes yet another Chrome zero-day exploit, YouTube as a cybercrime channel - Google fixes yet another Chrome zero-day exploited in the wildFor the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability with an in-the-wild exploit. Authelia: Open-source ...
7 months ago Helpnetsecurity.com
Apple fixes two new iOS zero-days in emergency updates - Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. "Apple is aware of a report that this issue may ...
1 year ago Bleepingcomputer.com
Google Chrome emergency update fixes 6th zero-day exploited in 2023 - Google has fixed the sixth Chrome zero-day vulnerability this year in an emergency security update released today to counter ongoing exploitation in attacks. The company acknowledged the existence of an exploit for the security flaw in a new security ...
1 year ago Bleepingcomputer.com
Google discloses 2 zero-day vulnerabilities in less than a week - Google patched another Chrome zero-day vulnerability on Monday, the second one in the span of four days. In a blog post on Monday, Daniel Yip, technical program manager at Google, disclosed a high-severity out-of-bounds write vulnerability tracked as ...
7 months ago Techtarget.com
Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance ...
1 year ago Bleepingcomputer.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
9 months ago Cisa.gov
The New Cybercrime Atlas: A Collaborative Approach to Fighting Digital Crime - The global transition to the digital economy means that the operations of governments, critical infrastructures, businesses, and individuals are now a tightly integrated system of interconnected resources. Cybercrime presents a significant risk to ...
10 months ago Feeds.fortinet.com
Google says spyware vendors behind most zero-days it discovers - Commercial spyware vendors were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group discovered in 2023 and used to spy on devices worldwide. Zero-day vulnerabilities are security flaws the vendors of impacted software do not ...
10 months ago Bleepingcomputer.com
Microsoft fixes Windows zero-day exploited in QakBot malware attacks - Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems. Tracked as CVE-2024-30051, this privilege escalation bug is caused by a heap-based buffer overflow in the ...
7 months ago Bleepingcomputer.com
YouTube Not Working on iPhone? Here's How to Fix It - If the YouTube app on your iPhone is crashing or will not open, there are various fixes you can try, such as force quitting the app, rebooting your device, and updating its version. Restarting your device provides a fresh start and can address minor ...
11 months ago Hackercombat.com
Latest Adblock update causes massive YouTube performance hit - Adblock and Adblock Plus users report performance issues on YouTube, initially blamed on Google but later determined to be an issue in the popular ad-blocking extension. Adblock and Adblock Plus are two ad blockers created by the same developer for ...
11 months ago Bleepingcomputer.com
VMware fixes three zero-day bugs exploited at Pwn2Own 2024 - VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. The most severe flaw patched today is CVE-2024-22267, a ...
7 months ago Bleepingcomputer.com
Google fixes 8th Chrome zero-day exploited in attacks this year - Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, the eighth patched since the start of the year. The company fixed the zero-day bug for users in the Stable Desktop channel, with patched ...
1 year ago Bleepingcomputer.com
Cisco discloses new IOS XE zero-day exploited to deploy malware implant - Cisco disclosed a new high-severity zero-day today, actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week. The company said it found a fix for both vulnerabilities ...
1 year ago Bleepingcomputer.com
CISA warns of hackers exploiting Chrome, EoL D-Link bugs - The U.S. Cybersecurity & Infrastructure Security Agency has added three security vulnerabilities to its 'Known Exploited Vulnerabilities' catalog, one impacting Google Chrome and two affecting some D-Link routers. Adding the issues to the KEV catalog ...
7 months ago Bleepingcomputer.com
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
1 year ago Bleepingcomputer.com
Apple backports fix for RTKit iOS zero-day to older iPhones - Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks. The flaw is a memory corruption issue in Apple's RTKit real-time operating system that enables attackers ...
7 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)