Security News > 2024 > March

VMware has fixed four vulnerabilities in ESXi, Workstation, Fusion and Cloud Foundation, some of which could allow attackers to escape the sandbox and execute code on the host machine. VMware ESXi is a bare-metal hypervisor, VMware Workstation and Fusion are desktop hypervisors, and VMware Cloud Foundation is a hybrid cloud platform.

FBI's Internet Crime Complaint Center has released its 2023 Internet Crime Report, which recorded a 22% increase in reported losses compared to 2022, amounting to a record of $12.5 billion. The number of relevant complaints submitted to the FBI in 2023 reached 880,000, 10% higher than the previous year, with the age group topping the report being people over 60, which shows how vulnerable older adults are to cybercrime.

Belgian beer brewer Duvel says a ransomware attack has brought its facility to a standstill while its IT team works to remediate the damage. Duvel Moortgat not only brings Duvel to shop shelves, restaurants, and bars alike, but also other popular tipples such as La Chouffe, Vedett, Firestone Walker, and more.

To benefit society as a whole we also need strong public AI as a counterbalance to corporate AI, as well as stronger democratic institutions to govern all of AI. One model for doing this is an AI Public Option, meaning AI systems such as foundational large-language models designed to further the public interest. They would provide a mechanism for public input and oversight on the critical ethical questions facing AI development, such as whether and how to incorporate copyrighted works in model training, how to distribute access to private users when demand could outstrip cloud computing capacity, and how to license access for sensitive applications ranging from policing to medical use.

"Our Web-Based PLC malware resides in PLC memory, but ultimately gets executed client-side by various browser-equipped devices throughout the ICS environment. From there, the malware uses ambient browser-based credentials to interact with the PLC's legitimate web APIs to attack the underlying real-world machinery," the researchers explained. "While previous attacks on PLCs infect either the control logic or firmware portions of PLC computation, our proposed malware exclusively infects the web application hosted by the emerging embedded webservers within the PLCs," the researchers noted.

In today's rapidly evolving SaaS environment, the focus is on human users. This is one of the most compromised areas in SaaS security management and requires strict governance of user roles and...

The U.S. Department of Justice (DoJ) announced the indictment of a 38-year-old Chinese national and a California resident of allegedly stealing proprietary information from Google while covertly...

Facebook messages are being used by threat actors to a Python-based information stealer dubbed Snake that’s designed to capture credentials and other sensitive data. “The credentials harvested...

Hypervisor heavyweight VMware by Broadcom yesterday revealed its hypervisors are not quite so inviolable as it might like. The nastiest two - CVE-2024-22252 and 22253 - are rated 9.3/10 on VMware's Workstation and Fusion desktop hypervisors and 8.4 on the ESXi server hypervisor.

Stolen ChatGPT credentials are a hot commodity on the dark web, according to Singapore-based threat intelligence firm Group-IB, which claims to have found some 225,000 stealer logs containing login details for the service last year. According to Group-IB, it found around 130,000 of the ChatGPT credential-containing logs in the five months from June to October, 2023, representing a 36 percent increase in the number of logs found in the prior five-month period between January and May of last year.