Google has launched kvmCTF, a new vulnerability reward program (VRP) first announced in October 2023 to improve the security of the Kernel-based Virtual Machine (KVM) hypervisor that comes with $250,000 bounties for full VM escape exploits. KVM, an open-source hypervisor with over 17 years of development, is a crucial component in consumer and enterprise settings, powering…
Read More
Recently patched vulnerabilities in a software dependency management tool used by developers of applications for Apple’s iOS and MacOS platforms, could have opened the door for attackers to insert malicious code into many of the most popular apps on those platforms. One particular security weakness in the CocoaPods dependency manager created a mechanism for hackers…
Read More
Patelco Credit Union has disclosed it experienced a ransomware attack that led to the proactive shutdown of several of its customer-facing banking systems to contain the incident’s impact. Patelco is an American credit union with assets exceeding $9 billion. It offers a wide range of financial services, including checking and savings accounts, loans, credit cards, investment…
Read More
Buy now, pay later loan company Affirm is warning that holders of its payment cards had their personal information exposed due to a data breach at its third-party issuer, Evolve Bank & Trust (Evolve). Affirm is a fintech firm that provides consumer-friendly alternatives to traditional credit options. It also offers point-of-sale financing, virtual cards on…
Read MoreCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog…
Read MoreJuniper Networks released a security bulletin to address a vulnerability in Junos OS: SRX Series. A cyber threat actor could exploit this vulnerability to cause a denial-of-service condition. Users and administrators are encouraged to review the following and apply the necessary updates: Source link lol
Read More
From handshake deals to digital pat-downs, the rental market is filled with great opportunities (that is, for scammers). Our very own producer, Andrew Steven recently got some first-hand experience when he and his partner tried to find a new place. We talked to real estate professionals–one rents a cottage, another has a slightly bigger portfolio…
Read MoreCISA released seven Industrial Control Systems (ICS) advisories on July 2, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. Source link lol
Read More
CRN rounds up the 10 hottest IoT startups of 2024 so far, which range from Artisight and AssetWatch to TXOne Networks and Xage Security. While the Internet of Things may have lost its sheen as a top buzzword to the tech world’s fevered discussions around generative AI, there remains ample opportunity for companies to grow…
Read More
First, the agents were able to discover new vulnerabilities in a test environment — but that doesn’t mean that they can find all kinds of vulnerabilities in all kinds of environments. In the simulations that the researchers ran, the AI agents were basically shooting fish in a barrel. These might have been new species of…
Read More