Combatting the Evolving SaaS Kill Chain: How to Stay Ahead of Threat Actors
The modern kill chain is eluding enterprises because they aren't protecting the infrastructure of modern business: SaaS. SaaS continues to dominate software adoption, and it accounts for the greatest share of public cloud spending. But enterprises and SMBs alike haven't revised their security...
7.4AI Score
Intel Chipset Device Software May 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Chipset Device Software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...
6.7CVSS
7.1AI Score
0.0004EPSS
Working with a cybersecurity committee of the board
I serve on the board of a publicly traded company. I fostered the creation of the board’s cybersecurity committee and I co-lead it. I’ve reflected on my work as a Global Black Belt, an advisor to chief information security officers (CISOs) and IT security and compliance teams, and studied best...
9.7AI Score
Takeaways From The Take Command Summit: Understanding Modern Cyber Attacks
In today's cybersecurity landscape, staying ahead of evolving threats is crucial. The State of Security Panel from our Take Command summit held May 21st delved into how artificial intelligence (AI) is reshaping cyber attacks and defenses. The discussion highlighted the dual role of AI in...
7.4AI Score
7.1AI Score
HP PC BIOS Additional Security Update for TOCTOU
A potential Time-of-Check to Time-of Use (TOCTOU) vulnerability has been identified in the HP BIOS for certain HP PC products, which might allow arbitrary code execution, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate the potential vulnerability. HP has...
7.6AI Score
0.0004EPSS
Takeaways From The Take Command Summit: Understanding Modern Cyber Attacks
In today's cybersecurity landscape, staying ahead of evolving threats is crucial. The State of Security Panel from our Take Command summit held May 21st delved into how artificial intelligence (AI) is reshaping cyber attacks and defenses. The discussion highlighted the dual role of AI in...
7.4AI Score
Ross Anderson’s Memorial Service
The memorial service for Ross Anderson will be held on Saturday, at 2:00 PM BST. People can attend remotely on Zoom. (The passcode is...
7.4AI Score
Cybercriminals Exploit Free Software Lures to Deploy Hijack Loader and Vidar Stealer
Threat actors are luring unsuspecting users with free or pirated versions of commercial software to deliver a malware loader called Hijack Loader, which then deploys an information stealer known as Vidar Stealer. "Adversaries had managed to trick users into downloading password-protected archive...
7.3AI Score
This is a current list of where and when I am scheduled to speak: I'm appearing on a panel on Society and Democracy at ACM Collective Intelligence in Boston, Massachusetts. The conference runs from June 26 through 29, 2024, and my panel is at 9:00 AM on Friday, June 28. I'm speaking on...
7.2AI Score
Learn to Secure Petabyte-Scale Data in a Webinar with Industry Titans
Data is growing faster than ever. Remember when petabytes (that's 1,000,000 gigabytes!) were only for tech giants? Well, that's so last decade! Today, businesses of all sizes are swimming in petabytes. But this isn't just about storage anymore. This data is ALIVE—it's constantly accessed,...
7.1AI Score
Zoom Workplace Desktop App < 5.17.11 Divide By Zero Vulnerability (ZSB-24018)
The version of Zoom Workplace Desktop App installed on the remote host is prior to 5.17.11. It is, therefore, affected by a vulnerability as referenced in the ZSB-24018 advisory. Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of ...
7.6AI Score
EPSS
Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability
Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, one is rated Critical and 50 are rated Important. This is in addition to 17 vulnerabilities resolved in the Chromium-based Edge browser over the past month....
9.8CVSS
8.7AI Score
0.05EPSS
Microsoft and Adobe Patch Tuesday, June 2024 Security Update Review
Microsoft's June Patch Tuesday is here, bringing fixes for vulnerabilities impacting its multiple products. This month's release highlights the ongoing battle against cybersecurity threats, from critical updates to important fixes. Let's dive into the crucial insights from Microsoft's Patch...
9.8CVSS
9.3AI Score
0.003EPSS
10 years of the GitHub Security Bug Bounty Program
Each year, we celebrate the GitHub Security Bug Bounty program, highlighting impressive bugs and researchers, rewards, live hacking events, and more. This year, we celebrate a new milestone: 10 years of the GitHub Security Bug Bounty program! While we've had some exciting growth over the last 10...
7AI Score
Intel 2024.2 IPU - BIOS May 2024 Security Update
Intel has informed HP of potential security vulnerabilities in some Intel® Processors, which might allow information disclosure and/or denial of service. Intel is releasing microcode updates to mitigate the potential vulnerabilities. Intel has released updates to mitigate the potential...
4.7CVSS
6.9AI Score
0.0004EPSS
Ultimate Cyber Hygiene Guide: Learn How to Simplify Your Security Efforts
2023 was a year of unprecedented cyberattacks. Ransomware crippled businesses, DDoS attacks disrupted critical services, and data breaches exposed millions of sensitive records. The cost of these attacks? Astronomical. The damage to reputations? Irreparable. But here's the shocking truth: many of.....
7.3AI Score
I don't think it's an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isn't necessarily interesting. But when an....
7.4AI Score
Indian National Pleads Guilty to $37 Million Cryptocurrency Theft Scheme
An Indian national has pleaded guilty in the U.S. over charges of stealing more than $37 million by setting up a website that impersonated the Coinbase cryptocurrency exchange platform. Chirag Tomar, 30, pleaded guilty to wire fraud conspiracy, which carries a maximum sentence of 20 years in...
7.5AI Score
How Do Hackers Blend In So Well? Learn Their Tricks in This Expert Webinar
Don't be fooled into thinking that cyber threats are only a problem for large organizations. The truth is that cybercriminals are increasingly targeting smaller businesses, and they're getting smarter every day. Join our FREE webinar "Navigating the SMB Threat Landscape: Key Insights from...
6.8AI Score
JAVS Courtroom Recording Software Backdoored - Deploys RustDoor Malware
Malicious actors have backdoored the installer associated with courtroom video recording software developed by Justice AV Solutions (JAVS) to deliver malware that's associated with a known implant called RustDoor. The software supply chain attack, tracked as CVE-2024-4978 (CVSS score: 8.7),...
8.4CVSS
6.7AI Score
0.028EPSS
Inside Operation Diplomatic Specter: Chinese APT Group's Stealthy Tactics Exposed
Governmental entities in the Middle East, Africa, and Asia are the target of a Chinese advanced persistent threat (APT) group as part of an ongoing cyber espionage campaign dubbed Operation Diplomatic Specter since at least late 2022. "An analysis of this threat actor's activity reveals long-term.....
7.5AI Score
Personal AI Assistants and Privacy
Microsoft is trying to create a personal digital assistant: At a Build conference event on Monday, Microsoft revealed a new AI-powered feature called "Recall" for Copilot+ PCs that will allow Windows 11 users to search and retrieve their past activities on their PC. To make it work, Recall...
7AI Score
Zoom Announces Advanced Encryption for Increased Meeting Security
By Deeba Ahmed Your Zoom meetings are now more secure than ever! This is a post from HackRead.com Read the original post: Zoom Announces Advanced Encryption for Increased Meeting...
7.4AI Score
Zoom Adopts NIST-Approved Post-Quantum End-to-End Encryption for Meetings
Popular enterprise services provider Zoom has announced the rollout of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, with support for Zoom Phone and Zoom Rooms coming in the future. "As adversarial threats become more sophisticated, so does the need to safeguard user data," the...
7.2AI Score
Improper Privilege Management vulnerability in Saleswonder Team WebinarIgnition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through...
9.8CVSS
6.8AI Score
0.0004EPSS
Improper Privilege Management vulnerability in Saleswonder Team WebinarIgnition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through...
9.8CVSS
9.6AI Score
0.0004EPSS
Improper Privilege Management vulnerability in Saleswonder Team WebinarIgnition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through...
9.8CVSS
9.6AI Score
0.0004EPSS
Improper Privilege Management vulnerability in Saleswonder Team WebinarIgnition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through...
9.8CVSS
6.9AI Score
0.0004EPSS
Rounding up some of the major headlines from RSA
While I one day wish to make it to the RSA Conference in person, I've never had the pleasure of making the trek to San Francisco for one of the largest security conferences in the U.S. Instead, I had to watch from afar and catch up on the internet every day like the common folk. This at least...
7.8CVSS
7.6AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 184 vulnerabilities disclosed in 146...
10CVSS
9.5AI Score
EPSS
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local...
6.7CVSS
6.7AI Score
0.0004EPSS
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local...
6.7CVSS
7AI Score
0.0004EPSS
Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network...
6.5CVSS
6.9AI Score
0.0004EPSS
Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network...
6.5CVSS
6.5AI Score
0.0004EPSS
CVE-2024-27244 Zoom Workplace VDI App for Windows - Insufficient Verification of Data Authenticity
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local...
6.7CVSS
6.9AI Score
0.0004EPSS
CVE-2024-27244 Zoom Workplace VDI App for Windows - Insufficient Verification of Data Authenticity
Insufficient verification of data authenticity in the installer for Zoom Workplace VDI App for Windows may allow an authenticated user to conduct an escalation of privilege via local...
6.7CVSS
7.1AI Score
0.0004EPSS
CVE-2024-27243 Zoom Apps - Buffer Overflow
Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network...
6.5CVSS
7AI Score
0.0004EPSS
CVE-2024-27243 Zoom Apps - Buffer Overflow
Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network...
6.5CVSS
6.7AI Score
0.0004EPSS
Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days
Microsoft has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024, including two zero-days which have been actively exploited in the wild. Of the 61 flaws, one is rated Critical, 59 are rated Important, and one is rated Moderate in severity.....
9.6CVSS
9.6AI Score
0.008EPSS
WebinarPress <= 1.33.19 - Cross-Site Request Forgery
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action granted they can trick a site administrator into performing an action such as...
7.1CVSS
7AI Score
0.0004EPSS
Microsoft and Adobe Patch Tuesday, May 2024 Security Update Review
Microsoft has released its May edition of Patch Tuesday. Let's take a deep dive into the crucial insights from Microsoft's Patch Tuesday updates for May 2024. Microsoft Patch Tuesday for May 2024 Microsoft Patch Tuesday's May 2024 edition addressed 67 vulnerabilities, including one critical and 59....
8.8CVSS
9AI Score
0.008EPSS
This is a current list of where and when I am scheduled to speak: I'm giving a webinar via Zoom on Wednesday, May 22, at 11:00 AM ET. The topic is "Should the USG Establish a Publicly Funded AI Option?" The list is maintained on this...
7.2AI Score
Cross-Site Request Forgery (CSRF) vulnerability in WebinarPress.This issue affects WebinarPress: from n/a through...
7.1CVSS
6.8AI Score
0.0004EPSS
Cross-Site Request Forgery (CSRF) vulnerability in WebinarPress.This issue affects WebinarPress: from n/a through...
7.1CVSS
7.1AI Score
0.0004EPSS
Intel Graphics Command Center Service Software May 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Graphics Command Center Service software (bundled in some Intel® Graphics Windows DCH driver software), which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential...
6.7CVSS
7.5AI Score
0.0004EPSS
Intel BIOS Guard and PPAM Firmware May 2024 Security Update
Intel has informed HP of potential security vulnerabilities in some Intel® BIOS Guard and Platform Properties Assessment Module (PPAM) firmware, which might allow escalation of privilege. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Intel has released updates...
7.2CVSS
7.6AI Score
0.0004EPSS
Intel Arc™ & Iris® Xe Graphics Software May 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Arc™ & Iris® Xe Graphics software which may allow escalation of privilege. Intel is releasing updates to mitigate the potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...
7.8CVSS
7.4AI Score
0.0004EPSS
Intel PROSet/Wireless WiFi and Bluetooth May 2024 Security Update
Intel has informed HP of potential security vulnerabilities in some Intel® PROSet/Wireless WiFi and Bluetooth® products, which might allow denial of service. Intel is releasing firmware and software updates to mitigate these potential vulnerabilities. Intel has released updates to mitigate the...
8.2CVSS
7.2AI Score
0.0004EPSS
This Week in Spring - May 14th, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! This week's highlights in the Spring ecosystem emphasize the ongoing advancements and applications of Spring AI. The discussions range from exploring the impressive VectorStore abstraction and enhanced structured output...
7.1AI Score