Microsoft Patched 6 Actively Exploited Zero-Day Flaws

Microsoft Patched 6 Actively Exploited Zero-Day Flaws

Patch Tuesday, Microsoft’s monthly report of security updates, brought 90 CVEs, including some vulnerabilities that were being actively exploited. Some vulnerabilities originated in Chromium, meaning both Microsoft Edge and Google Chrome may have been affected. Here are the most critical flaws and patches disclosed by Microsoft on Aug. 13. Six zero-day flaws had been exploited Threat actors had already taken advantage of six zero-day exploits in particular: CVE-2024-38106: an elevation of privilege vulnerability in the…

Read More

StormBamboo Compromises ISP to Spread Malware via Updates

StormBamboo Compromises ISP to Spread Malware via Updates

New research from cybersecurity company Volexity revealed details about a highly sophisticated attack deployed by a Chinese-speaking cyberespionage threat actor named StormBamboo. StormBamboo compromised an ISP to modify some DNS answers to queries from systems requesting legitimate software updates. Multiple software vendors were targeted. The altered responses led to malicious payloads served by StormBamboo in addition to the legitimate update files. The payloads targeted both macOS and Microsoft Windows operating systems. Who is StormBamboo? StormBamboo…

Read More

Google Cloud Next 2024: New Data Center Chip Joins Ecosystem

Google Cloud Next 2024: New Data Center Chip Joins Ecosystem

Google Cloud announced a new enterprise subscription for Chrome and a bevy of generative AI add-ons for Google Workspace during the Cloud Next ‘24 conference, held in Las Vegas from April 9 – 11. Overall, Google Cloud is putting its Gemini generative AI in place as much as it can; for instance, the company is betting on providing Vertex AI infrastructure for other companies’ AI and hardware like the new Axion CPU. We attended a…

Read More

Apple Security Update Fixes Zero-Day Webkit Exploits

Apple Security Update Fixes Zero-Day Webkit Exploits

Apple recommends users update to iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2. Google’s Threat Analysis Group discovered these security bugs. Apple has patched two zero-day vulnerabilities affecting iOS, iPadOS and macOS; users are advised to update to iOS 17.1.2, iPadOS 17.1.2 and macOS 14.1.2. The vulnerabilities were discovered by Google’s Threat Analysis group, which has been working on fixes for active Chrome vulnerabilities this week as well. Jump to: What are these Apple OS vulnerabilities?…

Read More

Atomic Stealer Distributes Malware to Macs Through False Browser Downloads

Atomic Stealer Distributes Malware to Macs Through False Browser Downloads

Atomic Stealer malware advertises itself through ClearFake browser updates disguised as Google’s Chrome and Apple’s Safari. Anti-malware software provider Malwarebytes has described a new variant of Atomic Stealer (also known as AMOS), which is malware targeting Apple users. The new malware variant, distributed through the fake browser update delivery mechanism ClearFake, advertises itself as updates for Apple’s Safari browser and Google’s Chrome browser. The malware is capable of grabbing a user’s data and sending it…

Read More