All SAP AI Core vulnerabilities were reported to SAP by Wiz and have since been fixed
Daily Archives: July 18, 2024
HotPage Malware Hijacks Browsers With Signed Microsoft Driver
HotPage manipulates browser traffic by hooking into network-based Windows API functions
Chainalysis Launches Public-Private Plans to Crack Down on Crypto Scams
Crypto accounts tied to scammers associated with $162m in crypto losses have been closed as part of Operation Spincaster
Criminal Gang Physically Assaulting People for Their Cryptocurrency
This is pretty horrific:
…a group of men behind a violent crime spree designed to compel victims to hand over access to their cryptocurrency savings. That announcement and the criminal complaint laying out charges against St. Felix focused largely on a single theft of cryptocurrency from an elderly North Carolina couple, whose home St. Felix and one of his accomplices broke into before physically assaulting the two victims—both in their seventies—and forcing them to transfer more than $150,000 in Bitcoin and Ether to the thieves’ crypto wallets.
I think cryptocurrencies are more susceptible to this kind of real-world attack because they are largely outside the conventional banking system. Yet another reason to stay away from them.
Nearly 13 Million Australians Affected by MediSecure Attack
MediSecure revealed that the personal and health data of approximately 12.9 million Australians has been affected by the May 2024 attack
CIS Controls Ambassador Spotlight: Chirag Arora
The CIS Controls Community includes many leaders who help to improve our security best practices. Learn how Chirag Arora does his part.
openvpn-2.5.11-1.el9
FEDORA-EPEL-2024-9376ff0291
Packages in this update:
openvpn-2.5.11-1.el9
Update description:
Update to upstream OpenVPN 2.5.11
Fixes CVE-2024-5594
Oracle Quarterly Critical Patches Issued July 16, 2024
Multiple vulnerabilities have been discovered in Oracle products, the most severe of which could allow for remote code execution.
USN-6902-1: Apache HTTP Server vulnerability
It was discovered that the Apache HTTP Server incorrectly handled certain
handlers configured via AddType. A remote attacker could possibly use this
issue to obtain source code.
US Data Breach Victim Numbers Surge 1170% Annually
New figures reveal a massive 1170% increase in people impacted by data breaches in Q2 2024 versus a year ago