How to Prevent Your First AI Data Breach

Don't let AI CoPilots be the source of your first data breach. Learn more from Varonis about the challengers of securing your data in the era of gen AI. [...]

https://www.bleepingcomputer.com/news/security/how-to-prevent-your-first-ai-data-breach/

 3AM ransomware stole data of 464,000 Kootenai Health patients

Kootenai Health has disclosed a data breach impacting over 464,000 patients after their personal information was stolen and leaked by the 3AM ransomware operation. [...]

https://www.bleepingcomputer.com/news/security/3am-ransomware-stole-data-of-464-000-kootenai-health-patients/

 Ivanti warns of critical vTM auth bypass with public exploit

​Today, Ivanti urged customers to patch a critical authentication bypass vulnerability impacting Virtual Traffic Manager (vTM) appliances that can let attackers create rogue administrator accounts. [...]

https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-vtm-auth-bypass-with-public-exploit/

 Windows 10 KB5041580 update released with 14 fixes, security updates

Microsoft has released the KB5041580 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes 14 changes and fixes, including BitLocker fixes and important security updates. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5041580-update-released-with-14-fixes-security-updates/

 Windows 11 KB5041585 cumulative update released with fixes, new features

Microsoft has released the KB5041585 cumulative update for Windows 11 23H2, which includes many improvements and changes, including the ability to directly drag apps from the Pinned section of the Start menu and pin them to the taskbar. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5041585-cumulative-update-released-with-fixes-new-features/

 Microsoft fixes issue that sent PCs into BitLocker recovery

Microsoft has fixed a known issue causing some Windows devices to boot into BitLocker recovery after installing last month's Windows security updates. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-issue-that-sent-pcs-into-bitlocker-recovery/

 Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited

Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2024-patch-tuesday-fixes-9-zero-days-6-exploited/

 Google: Gemini AI for Android processes sensitive data locally

Google says it is taking a privacy-minded approach to the integration of AI features like the Gemini assistant on Android devices, implementing end-to-end protection to secure data in transit while keeping the most sensitive data locally on the device. [...]

https://www.bleepingcomputer.com/news/google/google-gemini-ai-for-android-processes-sensitive-data-locally/

 Windows Server August updates fix Microsoft 365 Defender issue

The August 2024 Windows Server updates fix a known issue that breaks multiple Microsoft 365 Defender features after installing last month's security updates. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-server-august-updates-fix-microsoft-365-defender-issue/

 Critical SAP flaw allows remote attackers to bypass authentication

SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the system. [...]

https://www.bleepingcomputer.com/news/security/critical-sap-flaw-allows-remote-attackers-to-bypass-authentication/

 New Windows SmartScreen bypass exploited as zero-day since March

Today, Microsoft revealed that a Mark of the Web security bypass vulnerability exploited by attackers as a zero-day to bypass SmartScreen protection was patched during the June 2024 Patch Tuesday. [...]

https://www.bleepingcomputer.com/news/microsoft/new-windows-smartscreen-bypass-exploited-as-zero-day-since-march/

 SolarWinds fixes critical RCE bug affecting all Web Help Desk versions

A critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a security advisory today. [...]

https://www.bleepingcomputer.com/news/security/solarwinds-fixes-critical-rce-bug-affecting-all-web-help-desk-versions/

 AutoCanada discloses cyberattack impacting internal IT systems

Hackers targeted AutoCanada in a cyberattack last Sunday that impacted the automobile dealership group's internal IT systems, which may lead to disruptions. [...]

https://www.bleepingcomputer.com/news/security/autocanada-discloses-cyberattack-impacting-internal-it-systems/

 Microsoft retires Windows updates causing 0x80070643 errors

Microsoft has retired several Windows security updates released during the January 2024 Patch Tuesday that have been causing 0x80070643 errors when installing Windows Recovery Environment (WinRE) updates. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-retires-windows-updates-causing-0x80070643-errors/

 NIST releases first encryption tools to resist quantum computing

The U.S. National Institute of Standards and Technology (NIST) has released the first three encryption standards designed to resist future cyberattacks based on quantum computing technology. [...]

https://www.bleepingcomputer.com/news/security/nist-releases-first-encryption-tools-to-resist-quantum-computing/

 GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD workflows. [...]

https://www.bleepingcomputer.com/news/security/github-actions-artifacts-found-leaking-auth-tokens-in-popular-projects/

 Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled

Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems with IPv6 enabled. [...]

https://www.bleepingcomputer.com/news/microsoft/zero-click-windows-tcp-ip-rce-impacts-all-systems-with-ipv6-enabled/

 Russian who sold 300,000 stolen credentials gets 40 months in prison

​Georgy Kavzharadze, a 27-year-old Russian national, has been sentenced to 40 months in prison for selling login credentials for over 300,000 accounts on Slilpp, the largest online marketplace of stolen logins, until its seizure in June 2021. [...]

https://www.bleepingcomputer.com/news/security/russian-who-sold-300-000-stolen-credentials-gets-40-months-in-prison/

 Microsoft shares temp fix for Outlook, Word crashes when typing

​Microsoft has shared a temporary fix for a known issue that causes Microsoft 365 apps like Outlook, Word, and OneNote to unexpectedly crash while typing or spell-checking a text. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-temp-fix-for-outlook-word-crashes-when-typing/

 Microsoft disables BitLocker security fix, advises manual mitigation

Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-bitlocker-security-fix-advises-manual-mitigation/

 Ransomware gang deploys new malware to kill security software

RansomHub ransomware operators have been spotted deploying new malware to disable Endpoint Detection and Response (EDR) security software in Bring Your Own Vulnerable Driver (BYOVD) attacks [...]

https://www.bleepingcomputer.com/news/security/ransomware-gang-deploys-new-malware-to-kill-security-software/