Microsoft paid out $16.6 million to over 340 security researchers through its bug bounty programs over the past year.
The post Microsoft Bug Bounty Payouts Increased to $16.6 Million in Past Year appeared first on SecurityWeek.
SecurityWeek – Read More
CrowdStrike and Delta are fighting over who is to blame for the airline canceling thousands of flights following the massive outage.
The post CrowdStrike and Delta Fight Over Who’s to Blame for the Airline Canceling Thousands of Flights appeared first on SecurityWeek.
SecurityWeek – Read More
Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021.
Cybersecurity vendor Kaspersky, which discovered the malware in March 2024, noted its use of Yandex Cloud, a Russian cloud service, for command-and-control (C2) communications as a way to avoid having a dedicated infrastructure and evade detection.
“This threat is
The Hacker News – Read More
A new MaaS malware known as Mint Stealer has emerged, threatening confidential data. This malware, identified by experts from Cyfirma, is designed to steal a wide range of information by employing advanced encryption and obfuscation techniques.
Cyware News – Latest Cyber News – Read More
The vulnerability allows unauthenticated users to execute screen rendering code under certain conditions in versions up to 18.12.14, with version 18.12.15 addressing the issue.
Cyware News – Latest Cyber News – Read More
Google has patched a zero-day vulnerability in the Android kernel that was being exploited in targeted attacks. The vulnerability, tracked as CVE-2024-36971, allows for arbitrary code execution without user interaction on unpatched devices.
Cyware News – Latest Cyber News – Read More
Google has patched CVE-2024-36971, a high-severity kernel zero-day vulnerability in Android that has been exploited in targeted attacks.
The post Google Patches Android Zero-Day Exploited in Targeted Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Google has addressed a high-severity security flaw impacting the Android kernel that it has been actively exploited in the wild.
The vulnerability, tracked as CVE-2024-36971, has been described as a case of remote code execution impacting the kernel.
“There are indications that CVE-2024-36971 may be under limited, targeted exploitation,” the tech giant noted in its monthly Android security
The Hacker News – Read More
A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning (ERP) system that could allow threat actors to achieve remote code execution on affected instances.
Tracked as CVE-2024-38856, the flaw has a CVSS score of 9.8 out of a maximum of 10.0. It affects Apache OFBiz versions prior to 18.12.15.
“The
The Hacker News – Read More