AMD is aware of a newly reported processor vulnerability. Execution of the attack requires both local administrator-level access to the system, and the development and execution of malicious microcode.

The vulnerabilities were promptly patched by AWS after being reported by Aqua Security researchers. These flaws in services like CloudFormation, CodeStar, and Service Catalog could potentially lead to a full account takeover if exploited.

The non-profit cybersecurity organization, the Shadowserver Foundation, has observed exploitation attempts against CVE-2024-5806. They noted that the exploitation began soon after the vulnerability details were made public.

While third-party ChatGPT plugins can significantly enhance productivity and efficiency, they also present unique security challenges for enterprises, including data privacy, compliance risks, vendor dependencies, and more.

According to a new report by Mandiant, which is based on Mandiant Consulting investigations during 2023, the global median dwell time for attackers fell to its lowest point since the company began tracking the metric in 2011.

Iranian state-backed actors have consistently targeted the U.S. and Israel with cyberattacks, including destructive malware and influence campaigns, before and after the Israel-Hamas war.

The deal will result in the formation of a separate company called DataCo to handle Veritas' remaining assets, while Cohesity will follow a "no customer left behind" approach.

The Post-Quantum Cryptography Alliance aims to drive the adoption of post-quantum cryptography to address security risks posed by quantum computing, with support from industry leaders like Google, IBM, Amazon Web Services, and Cisco.

With its second acquisition in two months, SonicWall aims to help enterprises with growing remote workforces through zero-trust network and security service edge offerings.

The vulnerabilities, CVE-2023-35384 and CVE-2023-36710, allow an attacker to bypass security measures and execute code on a victim's machine by tricking Outlook into downloading a specially crafted sound file.