Security
Headlines
HeadlinesLatestCVEs

Tag

#chrome

THN Cybersecurity Recap: Top Threats, Tools and News (Oct 14 - Oct 20)

Hi there! Here’s your quick update on the latest in cybersecurity. Hackers are using new tricks to break into systems we thought were secure—like finding hidden doors in locked houses. But the good news? Security experts are fighting back with smarter tools to keep data safe. Some big companies were hit with attacks, while others fixed their vulnerabilities just in time. It's a constant battle.

The Hacker News
Open in Source
#vulnerability#web#ios#android#mac#apple#google#microsoft#git#intel#c++#rce#auth#ssh#zero_day#chrome#kotlin#ssl#The Hacker News
“HM Surf” macOS Flaw Lets Attackers Access Camera and Mic – Patch Now!

Researchers at Microsoft discovered a new macOS vulnerability, “HM Surf” (CVE-2024-44133), which bypasses TCC protections, allowing unauthorized access…

Google Chrome’s uBlock Origin Purge Has Begun

Plus: The alleged SEC X account hacker gets charged, Kroger wriggles out of a face recognition scandal, and Microsoft deals with missing customer security logs.

Crypt Ghouls Targets Russian Firms with LockBit 3.0 and Babuk Ransomware Attacks

A nascent threat actor known as Crypt Ghouls has been linked to a set of cyber attacks targeting Russian businesses and government agencies with ransomware with the twin goals of disrupting business operations and financial gain. "The group under review has a toolkit that includes utilities such as Mimikatz, XenAllPasswordPro, PingCastle, Localtonet, resocks, AnyDesk, PsExec, and others,"

MacOS Safari 'HM Surf' Exploit Exposes Camera, Mic, Browser Data

Microsoft researchers toyed with app permissions to uncover CVE-2024-44133, using it to access sensitive user data. Adware merchants may have as well.

Unauthorized data access vulnerability in macOS is detailed by Microsoft

Microsoft disclosed details about the HM Surf vulnerability that could allow an attacker to gain access to the user’s data in Safari

Beware: Fake Google Meet Pages Deliver Infostealers in Ongoing ClickFix Campaign

Threat actors are leveraging fake Google Meet web pages as part of an ongoing malware campaign dubbed ClickFix to deliver infostealers targeting Windows and macOS systems. "This tactic involves displaying fake error messages in web browsers to deceive users into copying and executing a given malicious PowerShell code, finally infecting their systems," French cybersecurity company Sekoia said in

ClickFix Attack: Fake Google Meet Alerts Install Malware on Windows, macOS

Protect yourself from the ClickFix attack! Learn how cybercriminals are using fake Google Meet pages to trick users…

UAT-5647 targets Ukrainian and Polish entities with RomCom malware variants

By Dmytro Korzhevin, Asheer Malhotra, Vanja Svajcer and Vitor Ventura.  Cisco Talos has observed a new wave of attacks active since at least late 2023, from a Russian speaking group we track as “UAT-5647”, against Ukrainian government entities and unknown Polish entities.  UAT-5647 is also known

CVE-2024-9954: Chromium: CVE-2024-9954 Use after free in AI

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 130.0.2849.46 10/17/2024 130.0.6723.59