Month: June 2024

Vulnerabilities

Issued by: DataBreach Today

A ransomware operation with a history of exploiting widespread internet vulnerabilities lost little time in making use of a critical-severity vulnerability in Window installations of web-scripting language PHP. Imperva Threat Research in a Monday report said TellYouThePass ransomware operators began exploiting the PHP bug, tracked as CVE-2024-4577, hours after researchers released a proof of concept…

News

Issued by: DataBreach Today

Privacy regulators in the U.K. and Canada have launched a joint investigation into 23andMe following the direct-to-consumer genetic testing service suffering a massive data breach in October 2023. Britain’s Information Commissioner’s Office, and the Office of the Privacy Commissioner of Canada, said they’ll jointly investigate the publicly traded company’s compliance with their respective data protection…

Vulnerabilities

Issued by: SecurityWeek

Tracked as CVE-2024-4610, the bug is described as a use-after-free issue that could be exploited by local users to make improper GPU memory processing operations. Successful exploitation of the flaw allows a non-privileged attacker to access previously freed memory, Arm explains in an advisory. “Arm is aware of reports of this vulnerability being exploited in…

News

Issued by: DataBreach Today

An investigation into infostealer-driven attacks on Snowflake customers shows that approximately 165 clients potentially had data stolen by financially-motivated hackers, says cyber threat intel firm Mandiant. Snowflake, an data management platform provider, disclosed the campaign earlier this month along with a warning that customers without multifactor authentication enabled are vulnerable (see: Snowflake Clients Targeted With…