Month: June 2024

Vulnerabilities

Issued by: The Hacker News

Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors. Tracked as CVE-2024-0762 (CVSS score: 7.5), the “UEFIcanhazbufferoverflow” vulnerability has been described as a case of a buffer overflow stemming from the use of an unsafe variable in the…

Malware & Threats

Issued by: DataBreach Today

Popular artificial intelligence chatbots are rife with Russian disinformation, warns NewsGuard, the rating system for news and information websites. Researchers at NewsGuard entered prompts into 10 chatbots, including OpenAI’s ChatGPT-4, Elon Musk’s Grok and Mistral and found that about one-third of the responses contained disinformation culled from a network of fake local news sites and…

Vulnerabilities

Issued by: Security Affairs

Google has issued a Chrome 126 security update, addressing six vulnerabilities, including a flaw, tracked as CVE-2024-6100 which was demonstrated during the SSD Secure Disclosure’s TyphoonPWN 2024. TyphoonPWN is a live hacking competition held annually at TyphoonCon, an Offensive Security Conference in Seoul, South Korea. The vulnerability is a high-severity type confusion issue in the…

Malware & Threats

Issued by: CSO Online

The controversial spyware Pegasus and its operator, the Israeli NSO Group, is once again in the news. Last week, in documents filed in a judgment between NSO and WhatsApp, they admitted that any of their clients can target anyone with their spyware, including government or military officials because their jobs are inherently legitimate intelligence targets….

Malware & Threats

Issued by: Dark Reading

Blackbaud, a South Carolina-based software company, has been ordered by the California Attorney General’s Office to pay $6.75 million to settle a ransomware attack that took place in May 2020. The attack occurred due to poor security practices, the AG’s office said. After Blackbaud revealed that the threat actors compromised unencrypted Social Security numbers, bank…

Malware & Threats

Issued by: DataBreach Today

The ransomware attack on a key U.K. National Health Service IT vendor has forced two London hospitals to reschedule around 1,500 medical appointments including critical cancer treatments and organ transplant surgeries. The June 3 attack is disrupting operations at NHS King’s College and Guy’s and St. Thomas’ in London. Attackers compromised servers of Synovia, the…

Malware & Threats

Issued by: DataBreach Today

Cybersecurity researchers said an experiment in developing a fake, malicious extension for the world’s most popular integrated development environment succeeded beyond their wildest expectations. Researchers Amit Assaraf, Itay Kruk, and Idan Dardikman uploaded an extension to Microsoft source code editing platform Visual Studio Code masquerading as “Dracula Official,” a color theme that records nearly 7.2…

Vulnerabilities

Issued by: Dark Reading

Among the more dangerous of the flaws for which Microsoft released a patch this week on Patch Tuesday is a denial-of-service (DoS) vulnerability publicly disclosed back in February in the Domain Name System Security Extensions (DNSSEC) protocol. The vulnerability, identified as CVE-2023-50868 exists in a third-party DNSSEC mechanism called Next Secure Hash 3 (NSEC3) for…

Malware & Threats

Issued by: CSO Online

Cyber criminals are beginning to use artificial intelligence to make their operations more effective — and their use goes way beyond creating better bait for phishing. Just as in legitimate business, discussions about AI among criminals have accelerated this year compared to 2023, researchers from cybersecurity group Intel 471 reported in a new study published…