Security News

Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on...

The bug allows malicious software and rogue privileged users with access to the operating system kernel to run code in System Management Mode, a highly privileged execution environment present in x86 processors from Intel and AMD. SinkClose is unique to AMD. SMM sits below the kernel and hypervisor, as well as applications, in that the management mode has unrestricted access to and control of the machine. ZenHammer comes down on AMD Zen 2 and 3 systems Apple, AMD, Qualcomm GPU security hole lets miscreants snoop on AI training and chats What's going on with AMD funding a CUDA translation layer, then nuking it? AMD's latest desktop CPUs feature lower prices yet again as Intel readies a fightback.

The maintainers of the FreeBSD Project have released security updates to address a high-severity flaw in OpenSSH that attackers could potentially exploit to execute arbitrary code remotely with elevated privileges. The vulnerability, tracked as CVE-2024-7589, carries a CVSS score of 7.4 out of a maximum of 10.0, indicating high severity.

Scaling data security solutions: What you need to knowIn this Help Net Security interview, Bruno Kurtic, President and CEO at Bedrock Security, discusses the role of data visibility in enhancing cybersecurity. AI security 2024: Key insights for staying ahead of threatsIn this Help Net Security interview, Kojin Oshiba, co-founder of Robust Intelligence, discusses his journey from academic research to addressing AI security challenges in the industry.

Microsoft has disclosed a high-severity zero-day vulnerability affecting Office 2016 and later, which is still waiting for a patch. [...]

First, we had a large set of updates on Patch Tuesday, then we had to work through the CrowdStrike event, and finally many of us had Azure outages due to Microsoft responding to a DDoS attack. The July 2024 Patch Tuesday release kept everyone busy with updates for Microsoft Windows, Office, SharePoint, SQL Server and.

Password manager 1Password is warning that all Mac users running versions before 8.10.36 are vulnerable to a bug that allows attackers to steal vault items. Based on 1Password's description of the vulnerability, an attacker would need to develop and install a specific program on a victim's machine that targeted 1Password on Mac, either through social engineering or other means.

A critical security flaw impacting Progress Software WhatsUp Gold is seeing active exploitation attempts, making it essential that users move quickly to apply the latest. The vulnerability in question is CVE-2024-4885, an unauthenticated remote code execution bug impacting versions of the network monitoring application released before 2023.1.3.

Although endpoint anti-malware and other security controls are now standard at the operating system level, keeping all endpoint software up-to-date and secure remains an open issue for many organizations. Having worked with many enterprise security software, I noticed that established market players tend to accumulate substantial technical debt, which translates into bloated endpoints that spawn several processes and services bolted together as new functionalities get added, ultimately noticeably hitting endpoint performance and hampering employee productivity.

Livne explains the role of effective patch management in minimizing business risk and maintaining strong cybersecurity. Can you speak to the importance of a good patch management strategy in reducing business risk?