Cyber Defense Advisors

Month: August 2024

  • by
  • August 27, 2024

Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation

Google has revealed that a security flaw that was patched as part of a software update rolled out last week to its Chrome browser has come under active exploitation in the wild. Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine. “Inappropriate implementation in […]

Cyber News
  • by
  • August 26, 2024

SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access

SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices. The vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), has been described as an improper access control bug. “An improper access control vulnerability has been identified in the SonicWall SonicOS […]

Cyber News
  • by
  • August 26, 2024

Dutch Regulator Fines Uber €290 Million for GDPR Violations in Data Transfers to U.S.

The Dutch Data Protection Authority (DPA) has fined Uber a record €290 million ($324 million) for allegedly failing to comply with European Union (E.U.) data protection standards when sending sensitive driver data to the U.S. “The Dutch DPA found that Uber transferred personal data of European taxi drivers to the United States (U.S.) and failed […]

Cyber News
  • by
  • August 26, 2024

US Federal Court Rules Against Geofence Warrants

This is a big deal. A US Appeals Court ruled that geofence warrants—these are general warrants demanding information about all people within a geographical boundary—are unconstitutional. The decision seems obvious to me, but you can’t take anything for granted. Tags: courts, data privacy, geolocation, laws Sidebar photo of Bruce Schneier by Joe MacInnis.  

Cyber News
  • by
  • August 26, 2024

Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms

Cybersecurity researchers are warning about the security risks in the machine learning (ML) software supply chain following the discovery of more than 20 vulnerabilities that could be exploited to target MLOps platforms. These vulnerabilities, which are described as inherent- and implementation-based flaws, could have severe consequences, ranging from arbitrary code execution to loading malicious datasets. […]

Cyber News
  • by
  • August 26, 2024

Unpacking Slack Hacks: 6 Ways to Protect Sensitive Data with Secure Collaboration

Nowadays, sensitive and critical data is traveling in everyday business channels that offer only the basic level of security and encryption, and companies are often oblivious to the risk. A case in point: Disney suffered a devastating data leak by a hacktivist group known as NullBulge that got hold of over 1.2 terabytes of data […]

Cyber News
  • by
  • August 26, 2024

Critical Flaws in Traccar GPS System Expose Users to Remote Attacks

Two security vulnerabilities have been disclosed in the open-source Traccar GPS tracking system that could be potentially exploited by unauthenticated attackers to achieve remote code execution under certain circumstances. Both the vulnerabilities are path traversal flaws and could be weaponized if guest registration is enabled, which is the default configuration for Traccar 5, Horizon3.ai researcher […]

Cyber News
  • by
  • August 26, 2024

New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards

Cybersecurity researchers have uncovered new Android malware that can relay victims’ contactless payment data from physical credit and debit cards to an attacker-controlled device with the goal of conducting fraudulent operations. The Slovak cybersecurity company is tracking the novel malware as NGate, stating it observed the crimeware campaign targeting three banks in Czechia. The malware […]

Cyber News
  • by
  • August 25, 2024

Telegram Founder Pavel Durov Arrested in France for Content Moderation Failures

Pavel Durov, founder and chief executive of the popular messaging app Telegram, was arrested in France on Saturday, according to French television network TF1. Durov is believed to have been apprehended pursuant to a warrant issued in connection with a preliminary police investigation. TF1 said the probe was focused on a lack of content moderation […]

Cyber News