On September 25th, NVIDIA issued a security advisory regarding a critical vulnerability (CVE-2024-0132) in the NVIDIA Container Toolkit. This Time-of-Check Time-of-Use (TOCTOU) flaw allows a specially crafted container image to access the host file system. The vulnerability impacts most AI applications in both cloud and on-prem environments using NVIDIA GPUs.

If hackers follow the Willie Sutton rule — going where the money/data/geopolitical leverage is, then professional sports organizations, or PSOs, represent a kind of perfect storm of motivation.

On August 12, Ivanti issued an advisory regarding a critical vulnerability in the Ivanti Virtual Traffic Manager (vTM), identified as CVE-2024-7593 with a CVSS score of 9.8. The vulnerability stems from an incorrect implementation of an authentication algorithm. Patches were released on August 19th for all affected versions. On September 24th, the vulnerability was added to the CISA Known Exploited Vulnerabilities Catalog (KEV), elevating its priority and risk.

In June, a cyberattack struck CDK Global, a software provider serving over 15,000 car dealerships across North America, causing widespread operational disruption. Beyond the immediate chaos, the cyberattack poses serious concerns for recent car buyers. If your dealership uses CDK Global software, personal data such as your Social Security number, employment details, and home address—may have been compromised.

A vulnerability affecting Apache HugeGraph-Server, categorized as CVE-2024-27348, was disclosed in August 2024 and recently added to the CISA Known Exploited Vulnerabilities (KEV) catalog on 9/18/2024. This flaw, found in Apache HugeGraph-Server versions 1.0.0 through 1.3.0, and affecting instances running Java 8 or 11, can result in remote code execution (RCE). Proof of Concept (PoC) exploit code has been released, along with a detailed analysis from SecureLayer7.

In December 2020, Ticketmaster was hit with a $10 million fine for an act of corporate espionage. The company had engaged in unauthorized access to a competitor's computer systems, using stolen login credentials to gather confidential business intelligence. Although this scandal broke nearly four years ago, it serves as a reminder of the legal and ethical responsibilities businesses must adhere to in today’s marketplace.

Adobe released a patch for a suspected zero-day vulnerability in Adobe Reader, identified as CVE-2024-41869. This vulnerability, a Use After Free (UAF) issue, can lead to arbitrary code execution, system crashes, or the return of unexpected values.

Last month, NIST published its first set of post-quantum cryptography (PQC) standards, setting a new benchmark for enterprises, government agencies, and vendors to withstand future cyberattacks from quantum computers. The time to start transitioning is now. Discover what’s at stake with CyberWatch.

Every second Tuesday of the month, Microsoft releases patches to their applications, services, and operating systems. Typically, these patches include a myriad of security fixes and this time around, for September of 2024, 79 different vulnerabilities have been addressed, including 4 zero-day vulnerabilities and 10 critical vulnerabilities.