Chipmaker Patch Tuesday: Intel, AMD, Nvidia Fix High-Severity Vulnerabilities
Source: Security Week
Chipmakers Intel, AMD and Nvidia on Tuesday published new security advisories to inform customers about vulnerabilities found in their products. Intel, which in 2024 patched a total of 374 vulnerabilities, published 34 new advisories on Tuesday. AMD has also published new advisories on Patch Tuesday, significantly more than in a typical month. Nvidia on Tuesday published four new security advisories. One of them describes a high-severity vulnerability in Container Toolkit and GPU Operator, which could allow arbitrary code execution, privilege escalation, DoS attacks, information disclosure, and data tampering.
The Alarming Backdoor Hiding in 2 Chinese Patient Monitors
Source: Data Breach Today
A hidden reverse backdoor in low-cost vital sign monitors used globally in patient homes and healthcare settings is hardcoded with an IP address connecting to a Chinese government-funded education and research network, which poses serious potential privacy, safety and other concerns, said security researcher Jason Sinchak of ELTON.
Apple Releases Urgent Patch for USB Vulnerability
Source: Dark Reading
The vulnerability could allow a threat actor to disable the security feature on a locked device and gain access to user data. Apple has released a security update for a vulnerability that the tech giant reports may have been exploited in an "extremely sophisticated attack."
SonicWall firewall exploit lets hackers hijack VPN sessions, patch now
Source: Bleeping Computer
Security researchers at Bishop Fox have published complete exploitation details for the CVE-2024-53704 vulnerability that allows bypassing the authentication mechanism in certain versions of the SonicOS SSLVPN application. The vendor warned about the high exploitation possibility of the flaw in a bulletin on January 7, urging administrators to upgrade their SonicOS firewalls' firmware to address the problem.
Over 120K impacted by Memorial Hospital & Manor ransomware attack
Source: SC Media
Georgia-based Memorial Hospital & Manor had information from 120,085 patients stolen following a November ransomware attack claimed by the Embargo ransomware operation to have resulted in the exfiltration of 1.15 TB of data, SecurityWeek reports.