Spring Framework Vulnerability CVE-2024-38816 fixed
A high severity vulnerability has been discovered in the Spring Framework, that allows attackers to gain unauthorized access to sensitive files on the server, posing a significant risk of data…
Docker Desktop bugs CVE-2024-8695 and CVE-2024-8696 fixed
Docker Desktop has been found to have two critical security vulnerabilities that could enable remote code execution (RCE) attacks. The vulnerabilities, tracked as CVE-2024-8695 with a CVSSv4 score of 9.0, and CVE-2024-8696 with…
Citrix Workspace vulnerabilities fixed
Cloud Software Group has disclosed two vulnerabilities affecting Citrix Workspace app for Windows that could allow a malicious actor with low-level access to escalate their privileges to the highest level…
23andMe and LVHN Data Breach lawsuit settlement
23andMe has agreed to pay $30 million to settle lawsuits over a data breach that ensnared 6.4 million users last year.
The breach resulted in the attacker pulling this off by first breaching 14,000 accounts and then exploiting the service’s optional “DNA relatives” feature to access the profiles of millions of other users.
The hacker tried to sell the stolen DNA-related information in a forum at $100,000 per 100,000 user profiles. The incident prompted some victims to hire lawyers and file class action lawsuits, alleging that 23andMe had failed to protect their data.
Advertisements
All affected wont get the settlement, However the settlement, needs final court approval, proposes offering up to $10,000 from the fund for users who file an “extraordinary claim,” meaning they can demonstrate the breach caused them to suffer financial fraud.
Other users are only entitled to a $100 payment. Apart from this settlement funds, 23andMe has also agreed to pay for identity monitoring services for three years to all affected users with a variety of products, including a password manager, anti-phishing protection, and medical record monitoring.
CISA adds Ivanti Bug CVE-2024-8190 to its Catalog
The US CISA added Ivanti vulnerability tracked as CVE-2024-8190 to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitation The vulnerability affects Ivanti Cloud Services Appliance (CSA)…
CISA releases RVA findings for FY23
CISA has released the findings based on an analysis and infographic detailing from the 143 Risk and Vulnerability Assessments (RVAs) conducted across multiple critical infrastructure in FY23. The analysis details…
Solarwinds fixes CVE-2024-28990 & CVE-2024-28991 in ARM Product
SolarWinds has released patches for two vulnerabilities affecting their Access Rights Manager (ARM) software, that have the potential to compromise the security of networks utilizing ARM, with impacts ranging from…
Apache OFBiz Vulnerability CVE-2024-45195 actively exploited
Apache OFBiz has got a security update for a flaw CVE-2024-45195 with a CVSS score of 7.5 that allows attackers to bypass authorization checks and execute arbitrary code on the…