Google recently announced a new Chrome 128 update that addresses five vulnerabilities, including four reported by external researchers.  Google noted that all four externally reported flaws are high-severity memory safety issues that were reported in late August.  The first vulnerability, tracked as CVE-2024-8636, is a heap buffer overflow bug in Skia, the open-source 2D graphics library that serves as the graphics engine in the browser.  Next is CVE-2024-8637, a use-after-free security defect in Media Router.

Golf course management and hospitality company KemperSports Management recently disclosed a data breach impacting the personal information of tens of thousands of individuals.  The company said it became aware of suspicious activity on its network on April 1, 2024.  An investigation revealed that a threat actor had gained access to systems storing personal information, including names and Social Security numbers.  KemperSports told the AG that the data breach impacted more than 62,000 individuals.

Software maker Adobe recently released patches for at least 28 documented security vulnerabilities in a wide range of products and warned that both Windows and macOS users are exposed to code execution attacks.  The most urgent issue, affecting the widely deployed Acrobat and PDF Reader software, covers two memory corruption vulnerabilities that could be exploited to launch arbitrary code.

A group of schools in Washington State has been forced to close for at least two days following a cyberattack.  Highline Public Schools has more than 17,500 students in grades K-12.  The district has 34 schools and 2,000 staff.  Highline Public Schools are working closely with third-party, state, and federal partners to safely restore and test its systems.  Staff at Highline have been told not to use district issued computers and laptops as a precaution, and Highline said it has disconnected its network from the internet.

Wisconsin Physicians Service Insurance Corporation (WPS) recently started notifying roughly 950,000 individuals that their personal information was stolen in the MOVEit campaign last year. The MOVEit hack was disclosed in May 2023 after Progress Software discovered that the Russian-speaking Cl0p ransomware group had exploited a zero-day in the MOVEit Transfer managed file transfer (MFT) software to access customer data.

It has recently been announced that around 3000 victims of historic fraud facilitated by Western Union will receive millions of dollars in the latest round of reimbursements announced yesterday.  The Department of Justice (DoJ) said that the second distribution of the second phase of the Western Union Remission would compensate the victims another $18.5m forfeited to the government by the Colorado-headquartered money transfer business.

A new study conducted by security researchers at StormWall found that distributed denial of service (DDoS) attacks continue to grow, with the number of incidents doubling year-on-year (YoY).  The researchers said that DDoS attacks globally rose by 102% in the first half of this year compared to 2023.  The government sector was the hardest hit, with a 116% YoY increase.  The researchers noted that attacks on the government sector amounted to 29% of DDoS incidents.  The researchers attribute this, in part, to the large number of countries holding elections this year.

Progress Software has recently issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allow attackers to remotely execute commands on the device.  The company said the flaw tracked as CVE-2024-7591 is categorized as an improper input validation problem allowing an unauthenticated, remote attacker to access LoadMaster’s management interface using a specially crafted HTTP request.

Electronic payment gateway Slim CD recently announced that it had been hit by a cyberattack, potentially exposing the credit card details of 1.7 million individuals.  The firm, which handles electronic payments for US and Canadian-based merchants, revealed that it became aware of suspicious activity in its computer environment around June 15, 2024.  A subsequent investigation identified system access between August 17, 2023, and June 15, 2024, which may have enabled an attacker to view or obtain certain credit card information between June 14, 2024, and June 15, 2024.

Avis Car Rental recently started notifying close to 300,000 individuals that their personal information was stolen in an August 2024 data breach.  The company said the incident was discovered on August 5 when it flagged unauthorized access to one of its business applications.  Avis says it immediately took steps to contain the attack and notified the relevant authorities.