lemmydev2

joined 1 year ago
 

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2024-6600, CVE-2024-6601, CVE-2024-6604)

Ronald Crane discovered that Thunderbird did not properly manage certain memory operations in the NSS. An attacker could potentially exploit this issue to cause a denial of service. (CVE-2024-6602)

Irvan Kurniawan discovered that Thunderbird did not properly manage memory during thread creation. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-6603)

 

Rapid restore tool being tested as Microsoft estimates 8.5M machines went down CrowdStrike's now-infamous Falcon Sensor software, which last week led to widespread outages of Windows-powered computers, has also caused crashes of Linux machines.…

 

The Identity Theft Resource Center has published a report showing a 1,170% increase in compromised data victims compared to the same quarter last year.

 

WhatsApp owner Meta Platforms Inc. has been fined $220 million by Nigeria’s antitrust agency, which said its privacy policy breached data and privacy laws.

 

Comments

 

Wall Street Journal: Microsoft says it cannot wall off its OS due to a 2009 deal with the EC to give security software makers the same level of access to Windows that Microsoft gets  —  Global outage on Windows machines caused by CrowdStrike highlights Microsoft's security challenges

 

When it comes to website security, sometimes the most innocuous features can become powerful tools in the hands of attackers. Such was the case in a recent incident we investigated, where bad actors exploited the humble swap file to maintain a persistent credit card skimmer on a Magento e-commerce site. This clever tactic allowed the malware to survive multiple cleanup attempts — that is, until our analysts wrapped up their investigation. In this post, we’ll peel back the layers of this sophisticated ecommerce attack, offering valuable insights into how you can protect your own online store from similar threats. Continue reading Attackers Abuse Swap File to Steal Credit Cards at Sucuri Blog.

 

Washington Post: One defective CrowdStrike update for Windows breaking global systems resurfaces concerns about Microsoft's monopoly in government and enterprise IT systems  —  Officials say the incident highlights how much businesses and governments rely on the giant's products.

 

Law enforcement officials in the U.K. have arrested a 17-year-old boy from Walsall who is suspected to be a member of the notorious Scattered Spider cybercrime syndicate. The arrest was made "in connection with a global cyber online crime group which has been targeting large organizations with ransomware and gaining access to computer networks," West Midlands police said. "The arrest is part of

 

Cybersecurity experts have uncovered a concerning development following the recent CrowdStrike Falcon sensor issue that affected Windows systems on July 19, 2024. Threat actors are now actively exploiting this incident to target CrowdStrike customers through various malicious activities. The original issue stemmed from a content update for the CrowdStrike Falcon sensor on Windows hosts, which […] The post Alert! Hackers Exploiting CrowdStrike Issue in Cyber Attacks appeared first on Cyber Security News.

 

David E. Sanger / New York Times: The CrowdStrike debacle may have accidentally provided cybercriminals and countries like China a more detailed road map to disrupt US critical infrastructure  —  With each cascade of digital disaster, new vulnerabilities emerge.  The latest chaos wasn't caused by an adversary …

 

A cybercriminal gang that researchers track as Revolver Rabbit has registered more than 500,000 domain names for infostealer campaigns that target Windows and macOS systems. [...]

view more: next ›