Security News > 2024 > May > Week in review: Google fixes yet another Chrome zero-day exploit, YouTube as a cybercrime channel

Google fixes yet another Chrome zero-day exploited in the wildFor the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability with an in-the-wild exploit.

GitHub fixes maximum severity Enterprise Server auth bypass bugA critical, 10-out-of-10 vulnerability allowing unrestricted access to vulnerable GitHub Enterprise Server instances has been fixed by Microsoft-owned GitHub.

HHS pledges $50M for autonomous vulnerability management solution for hospitalsAs organizations in the healthcare sector continue to be a prime target for ransomware gangs and CISA warns about a vulnerability in a healthcare-specific platform being leveraged by attackers, the Advanced Research Projects Agency for Health has announced the Universal PatchinG and Remediation for Autonomous DEfense program aimed at developing a vulnerability management platform for healthcare IT teams.

Veeam fixes auth bypass flaw in Backup Enterprise ManagerVeeam has patched four vulnerabilities in Backup Enterprise Manager, one of which may allow attackers to bypass authentication and log in to its web interface as any user.

15 QNAP NAS bugs and one PoC disclosed, update ASAP!Researchers have found 15 vulnerabilities in QNAP's network attached storage devices, and have released a proof-of-concept for one: an unauthenticated stack overflow vulnerability that may be leveraged for remote code execution.

PoC exploit for Ivanti EPMM privilege escalation flaw releasedTechnical details about and a proof-of-concept exploit for CVE-2024-22026, a privilege escalation bug affecting Ivanti EPMM, has been released by the vulnerability's reporter.

News URL

https://www.helpnetsecurity.com/2024/05/26/week-in-review-google-fixes-yet-another-chrome-zero-day-exploit-youtube-as-a-cybercrime-channel/