The Mali GPU driver is a widely used Graphical Processing Unit for multiple devices, including Android and Linux.
A new vulnerability has been discovered in the Mali GPU Kernel driver. It allows an authenticated, low-privileged user to gain access to freed memory.
The CVE for this vulnerability has been assigned to CVE-2024-4610, and the severity has yet to be categorized.
However, Arm has patched this vulnerability, but there are reports that threat actors are exploiting it in the wild. Arm advises its users to upgrade their Mali GPU drivers to the latest versions.
A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates.
Veeam Backup Enterprise Manager (VBEM) is a web-based platform for managing Veeam Backup & Replication installations via a web console. It helps control backup jobs and perform restoration operations across an organization’s backup infrastructure and large-scale deployments.
Veeam issued a security bulletin about the critical flaw on May 21, warning about a critical vulnerability enabling remote unauthenticated attackers to log in to VBEM’s web interface as any user.
The vendor urged its customers to address the problem by upgrading to VBEM version 12.1.2.172, while also sharing mitigation tips for those unable to apply the update immediately.
The NHS is fighting on several fronts to recover from the impact of a crippling ransomware attack last week, issuing urgent appeals for blood donors and volunteers, according to reports.
Several London hospitals, including King’s College hospital and Guy’s and St Thomas’, were impacted by an attack on pathology service provider Synnovis last Monday.
It had an immediate and significant knock-on effect on blood transfusions and test results, and reportedly led to the cancellation of over 200 emergency and life-saving operations, as well as hundreds of urgently referred appointments for suspected cancer patients.
Now the health service is launching an appeal for O blood-type donations to help mitigate the impact of the attack, which has made it harder for doctors to match patients’ blood types as quickly as usual.
DuckDuckGo has unveiled a new feature, AI Chat, which offers users an anonymous way to access popular AI chatbots.
This innovative service includes models like OpenAI’s GPT 3.5 Turbo, Anthropic’s Claude 3 Haiku, and two open-source models, Meta Llama 3 and Mistral’s Mixtral 8x7B.
Exploring the intricate relationship between people and cybersecurity opens up a dynamic landscape where individuals’ decisions, habits, and intentions significantly impact the safety and integrity of digital systems.
Cybercriminals are savvy opportunists, and like pickpockets, they go where the crowds are. They scan the virtual world, identifying weaknesses in the popular sites and systems people use. Whether it’s social media platforms teeming with personal data or online marketplaces bustling with transactions, cybercriminals meticulously search for chinks in the digital armor.
Natural human biases are one such chink, and are easily exploitable to infiltrate networks, steal sensitive information, or deploy malicious software. This is because humans are not just users of technology but active participants in its ecosystem.
Check out the new ARIA program from NIST, designed to evaluate if an AI system will be safe and fair once it’s launched. Plus, the FBI offers to help LockBit victims with thousands of decryption keys. In addition, Deloitte finds that boosting cybersecurity is key for generative AI deployment success. And why identity security is getting harder. And much more!
1 – NIST program will test safety, fairness of AI systems
Will that artificial intelligence (AI) system now in development behave as intended once it’s released or will it go off the rails?
It’s a critical question for vendors, enterprises and individuals developing AI systems. To help answer it, the U.S. government has launched an AI testing and evaluation program.
Called Assessing Risks and Impacts of AI (ARIA), the National Institute of Standards and Technology (NIST) program will make a “sociotechnical” assessment of AI systems and models.
That means ARIA will determine whether an AI system will be valid, reliable, safe, secure, private and fair once it’s live in the real world.
“In order to fully understand the impacts AI is having and will have on our society, we need to test how AI functions in realistic scenarios – and that’s exactly what we’re doing with this program,” U.S. Commerce Secretary Gina Raimondo said in a statement.
Check Point Security Gateway is a secure web gateway that is an on-premises or cloud-delivered network security service. Check Point enforces network security policies, including firewall, VPN, and intrusion prevention capabilities.
Check Point published a zero-day advisory on May 28, 2024, regarding CVE-2024-24919 with a CVSS score of 8.6. As per the advisory, the vulnerability results in attackers accessing sensitive information and gaining domain privileges.
The vulnerability impacts various products from Check Point like CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark appliances. The vulnerability has been added to CISA’s Known Exploited Vulnerabilities catalog.
Check Point said, “The vulnerability potentially allows an attacker to read certain information on Internet-connected Gateways with remote access VPN or mobile access enabled…”
