Cyber Defense Advisors

Year: 2024

  • by
  • May 14, 2024

Patch Tuesday, May 2024 Edition

Microsoft today released updates to fix more than 60 security holes in Windows computers and supported software, including two “zero-day” vulnerabilities in Windows that are already being exploited in active attacks. There are also important security patches available for macOS and Adobe users, and for the Chrome Web browser, which just patched its own zero-day […]

Cyber News
  • by
  • May 14, 2024

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m giving a webinar via Zoom on Wednesday, May 22, at 11:00 AM ET. The topic is “Should the USG Establish a Publicly Funded AI Option?“ The list is maintained on this page. Tags: Schneier news Sidebar photo of Bruce Schneier […]

Cyber News
  • by
  • May 14, 2024

VMware Patches Severe Security Flaws in Workstation and Fusion Products

Multiple security flaws have been disclosed in VMware Workstation and Fusion products that could be exploited by threat actors to access sensitive information, trigger a denial-of-service (DoS) condition, and execute code under certain circumstances. The four vulnerabilities impact Workstation versions 17.x and Fusion versions 13.x, with fixes available in version 17.5.2 and 13.5.2, respectively, the […]

Cyber News
  • by
  • May 14, 2024

New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation

Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-4761, is an out-of-bounds write bug impacting the V8 JavaScript and WebAssembly engine. It was reported anonymously on May 9, 2024. Out-of-bounds write bugs […]

Cyber News
  • by
  • May 14, 2024

Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code

The maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security flaws, including two critical issues that could lead to the execution of arbitrary code. The most severe of the vulnerabilities are listed below – CVE-2024-25641 (CVSS score: 9.1) – An arbitrary file write vulnerability in the “Package Import” […]

Cyber News
  • by
  • May 14, 2024

Another Chrome Vulnerability

Google has patched another Chrome zero-day: On Thursday, Google said an anonymous source notified it of the vulnerability. The vulnerability carries a severity rating of 8.8 out of 10. In response, Google said, it would be releasing versions 124.0.6367.201/.202 for macOS and Windows and 124.0.6367.201 for Linux in subsequent days. “Google is aware that an […]

Cyber News
  • by
  • May 14, 2024

6 Mistakes Organizations Make When Deploying Advanced Authentication

Deploying advanced authentication measures is key to helping organizations address their weakest cybersecurity link: their human users. Having some form of 2-factor authentication in place is a great start, but many organizations may not yet be in that spot or have the needed level of authentication sophistication to adequately safeguard organizational data. When deploying advanced […]

Cyber News
  • by
  • May 14, 2024

Ongoing Campaign Bombards Enterprises with Spam Emails and Phone Calls

Cybersecurity researchers have uncovered an ongoing social engineering campaign that bombards enterprises with spam emails with the goal of obtaining initial access to their environments for follow-on exploitation. “The incident involves a threat actor overwhelming a user’s email with junk and calling the user, offering assistance,” Rapid7 researchers Tyler McGraw, Thomas Elkins, and Evan McCann […]

Cyber News
  • by
  • May 14, 2024

Black Basta ransomware group’s techniques evolve, as FBI issues new warning in wake of hospital attack

Sales: 0845 470 4001 | Support: 0845 230 6001 | Contact Form | NPS Company Cyber Security Ransomware 524 Hits Security agencies in the United States have issued a new warning about the Black Basta ransomware group, in the wake of a high-profile attack against the healthcare giant Ascension. The cyber attack last week forced […]

Cyber News