Patch Tuesday, May 2024 Edition

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day flaw. Continue reading Patch Tuesday, May 2024 Edition

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)

The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of which (CVE-2024-29204, CVE-2024-24996) are critical and may allow a remote unauth… Continue reading Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988)

On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro&#821… Continue reading Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988)

AI Deepfakes Rising as Risk for APAC Organisations

A cyber security expert from Tenable has called on large tech platforms to do more to identify AI deepfakes for users, while APAC organisations may need to include deepfakes in risk assessments. Continue reading AI Deepfakes Rising as Risk for APAC Organisations

Cyber attacks on critical infrastructure show advanced tactics and new capabilities

In this Help Net Security interview, Marty Edwards, Deputy CTO OT/IoT at Tenable, discusses the impact of geopolitical tensions on cyber attacks targeting critical infrastructure. Edwards highlights the need for collaborative efforts between policymake… Continue reading Cyber attacks on critical infrastructure show advanced tactics and new capabilities

Infosec products of the month: March 2024

Here’s a look at the most interesting products from the past month, featuring releases from: Appdome, AuditBoard, Bedrock Security, Cado Security, Check Point, CyberArk, Cynerio, DataDome, Delinea, Drata, Exabeam, GitGuardian, GitHub, GlobalSign, Legat… Continue reading Infosec products of the month: March 2024

PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800)

Arcserve has fixed critical security vulnerabilities (CVE-2024-0799, CVE-2024-0800) in its Unified Data Protection (UDP) solution that can be chained to upload malicious files to the underlying Windows system. Tenable researchers have published a PoC e… Continue reading PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800)

Tenable enhances ExposureAI capabilities to directly query AI engine and reduce risk

Tenable has unveiled enhancements to ExposureAI, the generative AI capabilities and services within its Tenable One Exposure Management Platform. The new features enable customers to quickly summarize relevant attack paths, ask questions of an AI assis… Continue reading Tenable enhances ExposureAI capabilities to directly query AI engine and reduce risk

Patch Tuesday, March 2024 Edition

Apple and Microsoft recently released software updates to fix dozens of security holes in their operating systems. Microsoft today patched at least 60 vulnerabilities in its Windows OS. Meanwhile, Apple’s new macOS Sonoma addresses at least 68 security weaknesses, and its latest updates for iOS fixes two zero-day flaws. Continue reading Patch Tuesday, March 2024 Edition