InfoSec News Nuggets 8/28/2024

Google tags a tenth Chrome zero-day as exploited this year Today, Google revealed that it patched the tenth zero-day exploited in the wild in 2024 by attackers or security researchers during hacking contests. Tracked as CVE-2024-7965 and reported by a security researcher known only as TheDog, the now-patched high-severity vulnerability is described as an inappropriate implementation in Google Chrome's V8 JavaScript engine that can let remote attackers exploit heap corruption via a crafted HTML page. This was announced in an update to…
Read More

InfoSec News Nuggets 7/22/2024

Russia-linked FIN7 hackers sell their security evasion tool to other groups on darknet A notorious cybercriminal group known as FIN7 advertises its custom tool for security evasion on darknet forums and sells it to other criminal gangs, researchers have found. The tool, known as AvNeutralizer, is used by criminal hackers to bypass threat detection systems on victims' devices. Researchers have previously discovered that the tool was used exclusively for six months by another hacker group,…
Read More

InfoSec News Nuggets 08/01/2023

Global Lawyers Unveil Cyber Best Practices for Execs  The International Bar Association (IBA) has published what it claims to be a “first-of-its-kind” report to guide senior executives and boards to protect their organization from cyber risk. Released today, Global perspectives on protecting against cyber risks: best governance practices for senior executives and boards of directors, is a lengthy document designed to give leaders insight into the main elements of a strong cyber-risk management program. Co-chairs of the IBA…
Read More