No Doughnuts Today? Cyberattack Puts Krispy Kreme in a Sticky Situation
Donut and coffee retail chain Krispy Kreme on Wednesday confirmed a cyberattack led to operational disruptions of operations, including its online ordering system. The North Carolina company posted a message on its website referencing a “cybersecurity incident” but did not share any additional details. The incident has all the hallmarks of a data-extortion ransomware attack […]
Read More
BadRAM Attack Uses $10 Equipment to Break AMD Processor Protections
Academic researchers have devised a new attack that relies on cheap equipment to provide false information to the system processor during startup and break AMD’s latest trusted execution environment guarantees. Called BadRAM, the new attack uses $10 off-the-shelf equipment to break AMD SEV-SNP (Secure Encrypted Virtualization-Secure Nested Paging), cutting-edge memory integrity protections that rely on […]
Read More
Google Pays $55,000 for High-Severity Chrome Browser Bug
Google has pushed a major Chrome browser update to patch three vulnerabilities, including two high-severity memory safety bugs reported by external researchers. The first of the externally reported issues, tracked as CVE-2024-12381, is a type confusion flaw in the V8 JavaScript engine that earned the reporting researcher a $55,000 bug bounty reward. As customary, Google […]
Read More
Now on Demand: Inside a Hacker’s Playbook – How Cybercriminals Use Deepfakes
Ever wonder how cybercriminals infiltrate payment systems and steal funds? Join SecurityWeek and Rachel Tobac, ethical hacker and CEO of Social Proof Security, and Mahmood Khan, CISO, CNA Insurance, for this eye-opening session that pulls back the curtain on how bad actors exploit social engineering tactics, like deepfake technology and Business Email Compromise (BEC), to target your […]
Read More
Atlassian, Splunk Patch High-Severity Vulnerabilities
Atlassian and Splunk on Tuesday announced patches for more than two dozen vulnerabilities across their product portfolios, including multiple high-severity flaws in third-party components. Atlassian released fixes for 10 high-severity vulnerabilities in Bamboo Data Center and Server, Bitbucket Data Center and Server, and Confluence Data Center and Server, all rated high-severity and affecting third-party dependencies. […]
Read More
Cleo Vulnerability Exploitation Linked to Termite Ransomware Group
A recently emerged ransomware group named Termite may be behind the recent attacks exploiting a vulnerability in file transfer tools from enterprise software maker Cleo. It came to light on Monday that an improperly patched vulnerability affecting Cleo’s Harmony, VLTrader, and LexiCom products, which the vendor attempted to fix in late October with the release […]
Read More
Google’s Willow Chip Signals the Urgency of Post-Quantum Cryptography Migration
Forget the 10 septillion years needed for a classical computer to solve this problem, and focus instead on the falling number of necessary error correction qubits. Google announced its latest quantum computing advance, the Willow chip, on December 9, 2024. The announcement focuses on two aspects: current power and future potential. The power is demonstrated […]
Read More
446,000 Impacted by Center for Vein Restoration Data Breach
Vein care provider Center for Vein Restoration is notifying over 446,000 individuals that their personal, medical, and financial information was compromised in a recent cyberattack. Headquartered in Greenbelt, Maryland, Center for Vein Restoration provides patient-centered treatment options for venous insufficiency, including varicose veins and spider veins. The incident, the organization says in an incident notice, […]
Read More
ICS Patch Tuesday: Security Advisories Released by Siemens, Schneider, CISA, Others
The December 2024 ICS Patch Tuesday brings advisories from the cybersecurity agency CISA, as well as several major industrial automation companies. Schneider Electric published three new advisories this Patch Tuesday. One advisory describes a critical flaw in Modicon controllers that can allow an unauthenticated attacker to cause disruption to operations. Another advisory describes a high-severity […]
Read More
Ivanti Patches Critical Flaws in Connect Secure, Cloud Services Application
Ivanti on Tuesday announced patches for 11 vulnerabilities in its products, including five critical-severity bugs in Cloud Services Application, Connect Secure, and Policy Secure. The most severe of these issues is CVE-2024-11639 (CVSS score of 10/10), an authentication bypass affecting the Cloud Services Application (CSA) secure communication solution. Affecting the administrator web console of the […]
Read More