Chinese state-sponsored hackers are targeting unpatched BeyondTrust systems, using a vulnerability (CVE-2024-12356) with a CVSS score of 9.8. Although all self-hosted instances have allegedly been force updated, there are still 8,602 instances connected to the internet, mostly in the US, and it’s unclear if they’re patched. The vulnerability has been used to infiltrate the US Dept of Treasury. Companies are urged to limit inbound connectivity to these systems to trusted IP addresses only.
Android Security Update – Patch for Vulnerabilities that Allows Privilege Escalation
Google has released a significant security update for Android, addressing numerous high-severity vulnerabilities, particularly in GPU drivers from Arm, Imagination Technologies, and Qualcomm. Notable issues
