The Information Highway

Ariane Systems self check-in systems installed at thousands of hotels worldwide are vulnerable to a kiosk mode bypass flaw that could allow access to guests' personal information and the keys for other rooms.

A new Google Ads malvertising campaign, coinciding with the launch of the Arc web browser for Windows, was tricking people into downloading trojanized installers that infect them with malware payloads. 

Microsoft says the Cortana, Tips, and WordPad applications will be automatically removed on systems upgraded to the upcoming Windows 11 24H2 release.

After over a 24-hour outage, Microsoft's Bing, Copilot, and Copilot in Windows services are back online worldwide, with no information released as to what caused the problem.

Some of the largest drug companies in the world have disclosed data breaches due to a February 2024 cyberattack at Cencora, whom they partner with for pharmaceutical and business services.

Security researchers reverse-engineered Apple's recent iOS 17.5.1 update and found that a recent bug that restored images deleted months or even years ago was caused by an iOS bug and not an issue with iCloud.

Microsoft announced today that it will start deprecating VBScript in the second half of 2024 by making it an on-demand feature until it's completely removed.

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three security vulnerabilities to its 'Known Exploited Vulnerabilities' catalog, one impacting Google Chrome and two affecting some D-Link routers.

Starting in July, Microsoft will begin gradually enforcing multi-factor authentication (MFA) for all users signing into Azure to administer resources.

The Securities and Exchange Commission (SEC) has adopted amendments to Regulation S-P that require certain financial institutions to disclose data breach incidents to impacted individuals within 30 days of discovery.

The WebTPA Employer Services (WebTPA) data breach disclosed earlier this month is impacting close to 2.5 million individuals, the U.S. Department of Health and Human Services notes.

The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks. 

Microsoft has acknowledged a new known issue causing this month's KB5037765 security update for Windows Server 2019 to fail to install with 0x800f0982 errors.

Over the past year, we've witnessed an explosive growth spurt in consumer-focused AI productivity tools that has once again transformed the way we work. Once the realm of data science and engineering teams, generative AI was packaged and delivered to the masses in 2023.

Threat update

 A critical vulnerability in GitLab, labeled CVE-2023-7028, is under active attack by threat actors to achieve account takeover, as reported by the Cybersecurity and Infrastructure Security Agency (CISA).

Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks.

The City of Wichita, Kansas, disclosed it was forced to shut down portions of its network after suffering a weekend ransomware attack.

Microsoft announced that Windows users can now log into their Microsoft consumer accounts using a passkey, allowing users to authenticate using password-less methods such as Windows Hello, FIDO2 security keys, biometric data (facial scans or fingerprints), or device PINs.

CISA and the FBI urged software companies today to review their products and eliminate path traversal security vulnerabilities before shipping.

 Given the surge of incidents within the past decade, many people are becoming familiar with ransomware and data breaches. However, a new type of cyberattack known as killware has emerged in recent years. It's now a major security issue for organizations. But what does the term "killware" actually mean? Let's take a look: