ESET recently announced patches for two local privilege escalation vulnerabilities affecting multiple Windows and macOS products. The Windows products were found vulnerable to CVE-2024-7400, a high-severity bug affecting the file operations handling during the removal of a detected file. ESET noted that an attacker with low privileges on a system running an affected ESET product could exploit the flaw to delete arbitrary files and escalate privileges. ESET fixed the issue in the Cleaner module 1251, which was distributed automatically to ESET customers along with Detection engine updates.

By aekwall 

Versa Networks recently announced patches for a vulnerability in the virtualization and service creation platform Versa Director, warning that proof-of-concept (PoC) code exists.  The vulnerability is tracked as CVE-2024-45229 (CVSS score of 6.6) is related to the REST API in Versa Director used for orchestration and management and could lead to the exposure of authentication tokens.

The extraction of sensitive user data from web pages by thousands of browser extensions poses significant privacy risks, as revealed by research conducted by Georgia Tech. This underscores the need for more robust privacy measures and improved enforcement. A team of researchers led by Frank Li, assistant professor in the School of Cybersecurity and Privacy and the School of Electrical and Computer Engineering, and Ph.D. student Qinge Xie, developed a new system to monitor browser extensions' collection of user content from web pages.

The US Department of Justice (DOJ) announced a court-authorized operation to disrupt a botnet known as "Raptor Train," which has affected 200,000 devices in the US and other countries.

Dr. Honggang Wang, an Artificial Intelligence (AI) and digital health applications expert, received a three-year National Science Foundation (NSF) grant to improve cybersecurity education and research in mobile health. The project titled "Augmenting Cybersecurity Education in Mobile Health (mHealth) Through Curriculum and Experimental Platform Development" will introduce a new mobile health cybersecurity course with detailed modules covering wearable device security, body sensor network security, trustworthy AI, and more. Dr.

The National Football league has more to contend with than the actual games on the field. The teams have experienced cyberattacks on their customers, players, arenas, and data. In today’s digital age, the companies are protecting their assets that control the game and connecting with their fans as well as handling everything from concession sales, stadium operations, loyalty programs, bio-metric check-ins at stadiums, and WI-FI in the stands. Fan information, real-time player data, video broadcast, and their brands all need to be protected.

Ankita Gupta, Rita Chhikara, and Prabha Sharma of the NorthCap University in Gurugram, India, have introduced a new method for detecting hidden messages in digital images. Their work advances steganalysis, a key field in cybersecurity and digital forensics. Steganography involves embedding data within media (e.g., words hidden in a digital image's bits and bytes). There are legitimate uses of steganography, but there may be more malicious ones, so law enforcement and security need effective detection.

German authorities seized 47 cryptocurrency exchange services hosted in the country, which facilitated ransomware groups' illegal money laundering activities. The platforms enabled users to exchange cryptocurrencies without complying with applicable "Know Your Customer" regulations, ensuring that users remained completely anonymous during transactions. This created a low-risk environment where cybercriminals could launder their proceeds without fear of being prosecuted or tracked. This article continues to discuss the seizure of 47 cryptocurrency exchanges used by ransomware groups.