June 2024 - Page 32 of 62 - Cyber Security News

Demo of AES GCM Misuse Problems

This is really neat demo of the security problems arising from reusing nonces with a symmetric cipher in GCM mode. Read More

June 14, 2024

News

Microsoft Admits Security Failings Allowed China to Access US Government Emails

Microsoft President Brad Smith told US Congress that the tech giant accepts responsibility for security failings regarding the 2023 China hack Read More

June 14, 2024

Advisories

ghostscript-10.02.1-3.fc39

FEDORA-2024-029fa02f7a Packages in this update: ghostscript-10.02.1-3.fc39 Update description: Security fix for CVE-2024-33871 Read More

June 14, 2024

Advisories

ZDI-24-776: (Pwn2Own) Oracle VirtualBox OHCI USB Controller Use-After-Free Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Oracle VirtualBox. An attacker must first obtain the ability to execute high-privileged code...

June 14, 2024

Advisories

ZDI-24-777: Linux Kernel ksmbd Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Linux Kernel. Authentication may or may not be required to exploit this...

June 14, 2024

Advisories

ZDI-24-778: Linux Kernel USB Core Out-Of-Bounds Read Local Privilege Escalation Vulnerability

This vulnerability allows physically present attackers to escalate privileges on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability. The ZDI...

June 14, 2024

Advisories

DSA-5710-1 chromium – security update

Security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure. https://security-tracker.debian.org/tracker/DSA-5710-1 Read More

June 14, 2024

Advisories

python39-jinja2-epel-3.1.3-1.2.el8

FEDORA-EPEL-2024-f52b6219ca Packages in this update: python39-jinja2-epel-3.1.3-1.2.el8 Update description: Backported fix for CVE-2024-34064 Read More

June 13, 2024

News

Watch out! CISA warns it is being impersonated by scammers

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that scammers are impersonating its employees, in an attempt to commit fraud. Impersonation scams are...

June 13, 2024

News

Ascension Attack Caused by Employee Downloading Malicious File

Healthcare firm Ascension said that ransomware attackers gained access to its systems after an employee accidently downloaded a malicious file Read More

June 13, 2024

Friday Squid Blogging: Female Gonatus Onyx Squid Carrying Her Eggs

Palo Alto Networks Confirms New Zero-Day Being Exploited by Threat Actors

Bitfinex Hacker Jailed for Five Years Over Billion Dollar Crypto Heist

watchTowr Finds New Zero-Day Vulnerability in Fortinet Products

Good Essay on the History of Bad Password Policies

Ransomware Groups Use Cloud Services For Data Exfiltration

O2’s AI Granny Outsmarts Scam Callers with Knitting Tales

Safeguarding Healthcare Organizations from IoMT Risks

An Interview With the Target & Home Depot Hacker

Month: June 2024

Demo of AES GCM Misuse Problems

Microsoft Admits Security Failings Allowed China to Access US Government Emails

ghostscript-10.02.1-3.fc39

ZDI-24-776: (Pwn2Own) Oracle VirtualBox OHCI USB Controller Use-After-Free Local Privilege Escalation Vulnerability

ZDI-24-777: Linux Kernel ksmbd Out-Of-Bounds Read Information Disclosure Vulnerability

ZDI-24-778: Linux Kernel USB Core Out-Of-Bounds Read Local Privilege Escalation Vulnerability

DSA-5710-1 chromium – security update

python39-jinja2-epel-3.1.3-1.2.el8

Watch out! CISA warns it is being impersonated by scammers

Ascension Attack Caused by Employee Downloading Malicious File