Year: 2024

Video messaging giant Zoom on Tuesday announced patches for seven vulnerabilities in its desktop and mobile applications, including a critical-severity bug in Windows software. The critical issue, tracked as CVE-2024-24691 (CVSS score of 9.6), is described as an improper input validation that could allow an attacker with network access to escalate privileges. Zoom’s Desktop Client […]

VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as CVE-2024-22245 (CVSS score: 9.6), the vulnerability has been described as an arbitrary authentication relay bug. “A malicious actor could trick a target domain user with EAP installed in their web browser into requesting and relaying […]

Incident response (IR) is a race against time. You engage your internal or external team because there’s enough evidence that something bad is happening, but you’re still blind to the scope, the impact, and the root cause. The common set of IR tools and practices provides IR teams with the ability to discover malicious files […]

Microsoft has released an open access automation framework called PyRIT (short for Python Risk Identification Tool) to proactively identify risks in generative artificial intelligence (AI) systems. The red teaming tool is designed to “enable every organization across the globe to innovate responsibly with the latest artificial intelligence advances,” Ram Shankar Siva Kumar, AI red team lead at […]

NIST on Monday announced the official release of version 2.0 of its Cybersecurity Framework (CSF), the first major update since its creation a decade ago. The cybersecurity framework was originally aimed at critical infrastructure organizations, but it has been widely used and widely recommended and NIST highlighted that CSF 2.0 is designed to help all organizations reduce […]