Security Bulletin

Black Hat USA 2024 kicks off with powerhouse panel waxing on election integrity.

The “Shadow Resource” flaws enabled attackers to pre-claim other users’ S3 buckets as their own.

CrowdStrike admitted in its root cause analysis that a lack of proper testing was part of the cause of the outage.

The evolving malware is targeting hospitality and other B2C workers in Canada and Europe with capabilities that can evade Android 13 security restrictions.

See how to set up a working Auto-VPN architecture in a multi-cloud environment (AWS and Google Cloud). This guide provides actionable steps and techniques for designing and deploying Meraki vMX in a multi-cloud environment.

Infiltration of several Advanced health and care systems through a customer account without multi-factor authentication resulted in the widespread disruption of NHS services that lasted for weeks.

Aside from inconsistencies between Content Validator inputs and those received by the Content Interpreter, such an issue was also caused by an out-of-bounds flaw in the Content Interpreter and inadequate testing, according to a root cause analysis...

Such a security issue — which is a patch bypass for the already addressed path traversal flaw, tracked as CVE-2024-36104 — stems from an authentication mechanism vulnerability enabling unauthenticated access to critical endpoints.

Already exploited by attackers is the "LNK Stomping" method, which involves a Windows shortcut file management vulnerability that disregards Windows Mark of the Web, according to an Elastic Security Labs analysis.

Microsoft claims 50,000 organizations are using its new Copilot Creation tool, but researcher Michael Bargury demonstrated at Black Hat USA ways it could unleash insecure chatbots.

Included in the leaked 227 GB trove of data were individuals' names, addresses, states, counties, cities, and ZIP codes, as well as their Social Security numbers.

Operations of the affected museums, some of which are venues for the Summer Olympics, have not been disrupted, but while Louvre Chief of Staff Matthias Grolier denied the incidence of a ransomware attack, unknown threat actors have threatened to...