The browser is the nerve center of the modern workspace. Ironically, however, the browser is also one of the least protected threat surfaces of the modern enterprise. Traditional security tools provide little protection against browser-based threats, leaving organizations exposed. Modern cybersecurity requires a new approach based on the protection of the browser itself, which offers both
Google Boosts Chrome Protections Against Malicious Files
Google has announced improved protections for Chrome users when downloading files from the internet.
The post Google Boosts Chrome Protections Against Malicious Files appeared first on SecurityWeek.
Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform
Cybersecurity researchers have disclosed a privilege escalation vulnerability impacting Google Cloud Platform’s Cloud Functions service that an attacker could exploit to access other services and sensitive data in an unauthorized manner.
Tenable has given the vulnerability the name ConfusedFunction.
“An attacker could escalate their privileges to the Default Cloud Build Service Account and
Tenable has given the vulnerability the name ConfusedFunction.
“An attacker could escalate their privileges to the Default Cloud Build Service Account and
Phone Lines Down in Multiple Courts Across California After Ransomware Attack
Phone lines down in multiple courts across California after ransomware attack on state’s largest trial court in Los Angeles County.
The post Phone Lines Down in Multiple Courts Across California After Ransomware Attack appeared first on SecurityWeek.
Nvidia Patches High-Severity Vulnerabilities in AI, Networking Products
Nvidia has patched high-severity vulnerabilities in its Jetson, Mellanox OS, OnyX, Skyway, and MetroX products.
The post Nvidia Patches High-Severity Vulnerabilities in AI, Networking Products appeared first on SecurityWeek.
Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins
Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ) under specific circumstances.
Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating maximum severity.
“An attacker could exploit a bypass using an API request with Content-Length set
Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating maximum severity.
“An attacker could exploit a bypass using an API request with Content-Length set
New Chrome Feature Scans Password-Protected Files for Malicious Content
Google said it’s adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser.
“We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions,” Jasika Bawa, Lily Chen, and Daniel Rubery from the Chrome Security team said.
To that
“We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions,” Jasika Bawa, Lily Chen, and Daniel Rubery from the Chrome Security team said.
To that
Over 3,000 GitHub accounts used by malware distribution service
Threat actors known as ‘Stargazer Goblin’ have created a malware Distribution-as-a-Service (DaaS) from over 3,000 fake accounts on GitHub that push information-stealing malware. […]
Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018
The vulnerability, tagged as CVE-2024-41110 with a CVSS severity score of 10/10, was originally found and fixed in 2018.
The post Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018 appeared first on SecurityWeek.
Docker fixes critical 5-year old authentication bypass flaw
Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances. […]