Security Bulletin

Critical-rated CVE-2024-20017 allows remote code execution (RCE) on a range of phones and Wi-Fi access points from a variety of OEMs.

The company announced an update to its privacy policy, acknowledging it is using customer data to train its AI models.

The lack of abundant data on AI-enabled attacks in official reports shouldn't prevent us from preparing for and mitigating potential future threats.

Under the FOCAL plan, federal agencies have been urged to prioritize asset management, vulnerability management, defensible architecture, cyber supply chain risk management, and incident detection and response, as well as adhere to alignment goals...

Most recent of the newly added vulnerabilities is a critical remote command execution issue in Apache HugeGraph-Server, tracked as CVE-2024-27348, which could be leveraged to facilitate sandbox restriction evasion.

Aside from failing to remove data from former users, most of the said platforms also had no safeguards for data belonging to youths ages 13 to 17, according to the Federal Trade Commission.

Utilization of Slack will be halted across most of Disney's businesses by the end of the year, said Disney Chief Financial Officer Hugh Johnston in a report in the Status media newsletter.

Information leaked by grep on BreachForums included Dell employees' full names, IDs, active status, department numbers, and internal identifiers, as well as two email addresses with the "dell.com" domain but no plain text credentials or personally...

Attacks involved the utilization of Amazon S3 bucket and Content Delivery Network-hosted sites spoofing Google CAPTCHA pages and other verification sites, which include instructions that trigger a malicious PowerShell command downloading Lumma...

Some of the 340 GB of sensitive data purportedly stolen from the City of Pleasanton, including names, birthdates, credit card numbers, and other personal and corporate financial information, have already been exposed by Valencia.