AMD announced patches on Monday for a microprocessor vulnerability that risks the loss of Secure Encrypted Virtualization (SEV) protection, potentially allowing attackers to load harmful microcode. CVE-2024-56161, with a CVSS score of 7.2, is a bug involving improper signature verification in the AMD CPU microcode patch loader’s read-only memory. The …

Hackers are using HTTP client tools for advanced account takeover attacks on Microsoft 365. Seventy-eight percent of Microsoft 365 tenants have been targeted by attacks, showing the changing tactics of threat actors. HTTP client tools are software that allows users to send HTTP requests and receive responses from web servers. …

Google has released patches for 47 security flaws in Android, including one that is actively being exploited. CVE-2024-53104 (CVSS score: 7.8) is a vulnerability that allows privilege escalation in the USB Video Class (UVC) driver kernel component. Successful exploitation of the flaw could lead to physical escalation of privilege, Google said, …