VMware patches CVE-2024-38814 and warns that attackers with non-administrator privileges can execute remote code on the HCX manager.
The post VMware Patches High-Severity SQL Injection Flaw in HCX Platform appeared first on SecurityWeek.
Critical Kubernetes Image Builder flaw gives SSH root access to VMs
A critical vulnerability in Kubernetes could allow unauthorized SSH access to a virtual machine running an image created with the Kubernetes Image Builder project. […]
Android 15 Rolling Out With New Theft, Application Protection Features
Google has released Android 15 with new security features to keep devices and sensitive applications better protected.
The post Android 15 Rolling Out With New Theft, Application Protection Features appeared first on SecurityWeek.
Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity
Threat actors are attempting to abuse the open-source EDRSilencer tool as part of efforts to tamper endpoint detection and response (EDR) solutions and hide malicious activity.
Trend Micro said it detected “threat actors attempting to integrate EDRSilencer in their attacks, repurposing it as a means of evading detection.”
EDRSilencer, inspired by the NightHawk FireBlock tool from MDSec, is
Trend Micro said it detected “threat actors attempting to integrate EDRSilencer in their attacks, repurposing it as a means of evading detection.”
EDRSilencer, inspired by the NightHawk FireBlock tool from MDSec, is
Understand these seven password attacks and how to stop them
Hackers are always looking for new ways to crack passwords and gain access to your organization’s data and systems. In this post, Specops Software discusses the seven most common password attacks and provide tips on how to defend against them. […]
Malicious ads exploited Internet Explorer zero day to drop malware
The North Korean hacking group ScarCruft launched a large-scale attack in May that leveraged an Internet Explorer zero-day flaw to infect targets with the RokRAT malware and exfiltrate data. […]
FIDO Alliance Drafts New Protocol to Simplify Passkey Transfers Across Different Platforms
The FIDO Alliance said it’s working to make passkeys and other credentials more easier to export across different providers and improve credential provider interoperability, as more than 12 billion online accounts become accessible with the passwordless sign-in method.
To that end, the alliance said it has published a draft for a new set of specifications for secure credential exchange,
To that end, the alliance said it has published a draft for a new set of specifications for secure credential exchange,
OT Risk Management Firm DeNexus Raises $17.5 Million
DeRisk is an AI and ML-driven data analytics platform that focuses on managing the cyber risk to the underserved operational technology of critical industries.
The post OT Risk Management Firm DeNexus Raises $17.5 Million appeared first on SecurityWeek.
Varsity Brands Data Breach Impacts 65,000 People
Apparel giant Varsity Brands has disclosed some information about a data breach impacting more than 65,000 individuals.
The post Varsity Brands Data Breach Impacts 65,000 People appeared first on SecurityWeek.
Microsoft Patches Vulnerabilities in Power Platform, Imagine Cup Site
Microsoft has patched ‘critical’ privilege escalation and information disclosure vulnerabilities in Power Platform, Dataverse and the Imagine Cup website.
The post Microsoft Patches Vulnerabilities in Power Platform, Imagine Cup Site appeared first on SecurityWeek.