Aggregator

US org with ‘significant presence in China’ targeted by hackers, Symantec says

Global data breaches show no signs of slowing down as this year has already exceeded 2023 in the number of data breaches and consumers impacted, according to Experian. Younger cybercriminals on the rise Today, the world of cyber hacking is not confined to grown ups nor is the fallout. According to the FBI, the average age of someone arrested for cybercrime is 19 vs. 37 for any crime. Many teens will have been recruited into … More →

The post Teenagers leading new wave of cybercrime appeared first on Help Net Security.

frood, an Alpine initramfs NAS

A vulnerability has been found in Apple tvOS and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Bluetooth-Connected Microphone Handler. The manipulation leads to permission issues. This vulnerability is known as CVE-2024-23250. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iOS and iPadOS and classified as problematic. Affected by this issue is some unknown functionality of the component Bluetooth-Connected Microphone Handler. The manipulation leads to permission issues. This vulnerability is handled as CVE-2024-23250. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS. It has been classified as problematic. This affects an unknown part of the component Bluetooth-Connected Microphone Handler. The manipulation leads to permission issues. This vulnerability is uniquely identified as CVE-2024-23250. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple watchOS. It has been declared as problematic. This vulnerability affects unknown code of the component Bluetooth-Connected Microphone Handler. The manipulation leads to permission issues. This vulnerability was named CVE-2024-23250. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Apple macOS up to 14.3. This vulnerability affects unknown code of the component Photo Library. The manipulation leads to permission issues. This vulnerability was named CVE-2024-23253. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iOS and iPadOS and classified as critical. This issue affects some unknown processing of the component Hidden Photos Album. The manipulation leads to improper authentication. The identification of this vulnerability is CVE-2024-23255. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Navigating Firewall Security Policy Challenges in Technology Organizations: How FireMon Simplifies Complexity

PowerDMARC is recognized as a G2 Leader in DMARC Software for the fourth time in 2024, reflecting our commitment to innovation and customer satisfaction in email security.

The post PowerDMARC Named G2 Leader in DMARC Software for the 4th Time in 2024 appeared first on Security Boulevard.

In this Help Net Security interview, Gareth Lindahl-Wise, CISO at Ontinue, discusses how business leaders can align innovation with cybersecurity, tackle the risks posed by legacy systems, and build defenses for startups. Lindahl-Wise also highlights collaboration and strategic planning as essential for maintaining a strong security posture. What steps can senior business leaders take to align innovation goals with the need for cybersecurity without compromising either? Senior business leaders can effectively align innovation goals with … More →

The post Building a robust security posture with limited resources appeared first on Help Net Security.

AI Security Governance Insights from Security Leaders

US arrests Scattered Spider suspect linked to telecom hacks

GenAI is a powerful tool that can be used by security teams to protect organizations, however, it can also be used by malicious actors, making phishing-related attacks a growing and concerning threat vector, according to Ivanti. Ivanti’s research revealed that when asked which threats are increasing in severity due to GenAI, phishing was the top response (45%) among survey participants. Although training is a crucial part of a multi-layered cyber defense, many organizations have not … More →

The post GenAI makes phishing attacks more believable and cost-effective appeared first on Help Net Security.

A vulnerability was found in Linux Kernel up to 5.15.169/6.1.114/6.6.58/6.11.5 and classified as problematic. This issue affects the function bnep_init of the component Bluetooth. The manipulation leads to unchecked return value. The identification of this vulnerability is CVE-2024-50148. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.1.113/6.6.57/6.11.4 and classified as problematic. This vulnerability affects the function iso_init of the component Bluetooth. The manipulation leads to information disclosure. This vulnerability was named CVE-2024-50077. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.113/6.6.57/6.11.4 and classified as problematic. This issue affects the function iso_exit of the component Bluetooth. The manipulation leads to Privilege Escalation. The identification of this vulnerability is CVE-2024-50078. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.1.114/6.6.58/6.11.5. Affected is the function sco_sock_timeout of the component Bluetooth. The manipulation leads to use after free. This vulnerability is traded as CVE-2024-50125. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.226/5.15.167/6.1.112/6.6.56/6.11.3 and classified as critical. Affected by this issue is the function rfcomm_sk_state_change. The manipulation leads to deadlock. This vulnerability is handled as CVE-2024-50044. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.