Leave a Comment

Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks – Trend Micro

Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks – Trend Micro

Business
Bridge threat protection and cyber risk management
The leader in Exposure Management – turning cyber risk visibility into decisive, proactive security.
Stop adversaries with unrivaled visibility, powered by the intelligence of XDR, Agentic SIEM, and Agentic SOAR to leave attackers with nowhere left to hide.
The most trusted cloud security platform for developers, security teams, and businesses
Cloud asset discovery, vulnerability prioritization, security posture management, and attack surface management – all in one
Extend visibility to the cloud and streamline SOC investigations
Secure your data center, cloud, and containers without compromising performance by leveraging a cloud security platform with CNAPP capabilities
Simplify security for your cloud-native applications with advanced container image scanning, policy-based admission control, and container runtime protection
Protect application workflow and cloud storage against advanced threats
Unify multi-cloud visibility, eliminate hidden exposure, and secure your future.
Defend the endpoint through every stage of an attack
Stop adversaries faster with a broader perspective and better context to hunt, detect, investigate, and respond to threats from a single platform
Optimized prevention, detection, and response for endpoints, servers, and cloud workloads
Expand the power of XDR with network detection and response
Stop adversaries faster with a broader perspective and better context to hunt, detect, investigate, and respond to threats from a single platform
Protect against known, unknown, and undisclosed vulnerabilities in your network
Redefine trust and secure digital transformation with continuous risk assessments
Stay ahead of phishing, BEC, ransomware and scams with AI-powered email security, stopping threats with speed, ease and accuracy.
See threats coming from miles away
End-to-end identity security from identity posture management to detection and response
Discover AI solutions designed to protect your enterprise, support compliance, and enable responsible innovation
Strengthen your defenses with the industry's first proactive cybersecurity AI – no blind spots, no surprises
The industry’s first proactive cybersecurity AI
Harness unparalleled breadth and depth of data, high-quality analysis, curation, and labeling to reveal meaningful, actionable insights
Secure your AI journey and eliminate vulnerabilities before attacks happen – so you can innovate with confidence
Shaping the future of cybersecurity through AI innovation, regulatory leadership, and trusted standards
Accelerate enterprise AI deployment with security, compliance, and trust
High-fidelity digital twins enable predictive planning, strategic investments, and resilience optimization
Prevent, detect, respond and protect without compromising data sovereignty
Protect patient data, devices, and networks while meeting regulations
Stop threats with easy-to-use solutions designed for your growing business
Extend your team with trusted 24/7 cybersecurity experts to predict, prevent, and manage breaches.
Augment security teams with 24/7/365 managed detection, response, and support
Assess, understand, and mitigate cyber risk with strategic guidance
Augment threat detection with expertly managed detection and response (MDR) for email, endpoints, servers, cloud workloads, and networks
Our trusted experts are on call whether you're experiencing a breach or looking to proactively improve your IR plans
Stop breaches with the best response and detection technology on the market and reduce clients’ downtime and claim costs
Grow your business and protect your customers with the best-in-class complete, multilayered security
Stand out to customers with competency endorsements that showcase your expertise
Deliver proactive security services from a single, partner-centric security platform built for MSPs, MSSPs, and DFIR teams
We work with the best to help you optimize performance and value
Discover resources designed to accelerate your business’s growth and enhance your capabilities as a Trend Micro partner
Accelerate your learning with Trend Campus, an easy-to-use education platform that offers personalized technical guidance
Access collaborative services designed to help you showcase the value of Trend Vision One™ and grow your business
Locate a partner from whom you can purchase Trend Micro solutions
Real-world stories of how global customers use Trend to predict, prevent, detect, and respond to threats.
See how cyber resilience led to measurable impact, smarter defense, and sustained performance.
Meet the people behind the protection – our team, customers, and improved digital well-being.
Hear directly from our users. Their insights shape our solutions and drive continuous improvement.
See how Trend outperforms the competition
Crowdstrike provides effective cybersecurity through its cloud-native platform, but its pricing may stretch budgets, especially for organizations seeking cost-effective scalability through a true single platform
Microsoft offers a foundational layer of protection, yet it often requires supplemental solutions to fully address customers' security problems
Palo Alto Networks delivers advanced cybersecurity solutions, but navigating its comprehensive suite can be complex and unlocking all capabilities requires significant investment
Demo Series: Agentic SIEM (September 18)
Discover how AI sets a new standard for intelligent cybersecurity >
Proactive email security: The power of AI
Learn more >
Crypto24 hackers exploit IT tools for custom malware
Learn more >
Charon ransomware bypasses EDR with process injection tricks
See how >
Task scam sites spoof real brands to gain trust
How to protect yourself >
Content has been added to your Folio
Exploits & Vulnerabilities
A previously disclosed vulnerability in NVIDIA Container Toolkit has an incomplete patch, which, if exploited, could put a wide range of AI infrastructure and sensitive data at risk.
By: Abdelrahman Esmail Read time:  ( words)
Save to Folio
Summary:
In September 2024, NVIDIA released several updates to address a critical vulnerability (CVE-2024-0132) in its NVIDIA Container Toolkit. If exploited, this vulnerability could expose AI infrastructure, data, or sensitive information. With a CVSS v3.1 rating of 9.0, all customers were advised to update their affected software immediately.
Further research, however, uncovered that the patch was incomplete. While analyzing the patch in October 2024, we identified a related performance flaw affecting Docker on Linux. These issues could enable attackers to escape container isolation, access sensitive host resources, and cause severe operational disruptions.

Analysis of CVE-2024-0132 uncovered an issue that could lead to denial of service
A time-of-check time-of-use (TOCTOU) vulnerability persists within the NVIDIA Container Toolkit, which allows a specially crafted container to access the host file system. Default configurations remain vulnerable for versions 1.17.3 and earlier, while version 1.17.4 requires the feature allow-cuda-compat-libs-from-container to be explicitly enabled.
This vulnerability was found during the review of patches for CVE-2024-0132 and this has been disclosed under ZDI-25-087.
Table 1. While earlier versions of the NVIDIA Container Toolkit are vulnerable, version 1.17.4 needs to have a feature enabled to be exploitable.
There’s also a performance issue potentially leading to a denial-of-service (DoS) vulnerability on the host machine. This issue affects Docker on Linux systems. According to the Docker security team:
The Docker API as a privileged interface. Consequently, any user with API access effectively holds root-level privileges on the host. It remains unclear whether this issue originates from Docker’s runtime or the Linux’s kernel handling of mount entries.
How the exploitation works for the DoS-binding issue
The same performance issue has also been reported independently by moby and NVIDIA:
An example of the potential exploitation of CVE-2025-23359
The following steps outline how a potential attack could unfold:
Security best practices for mitigating the vulnerability
To effectively mitigate vulnerabilities related to NVIDIA Container Toolkit (CVE-2024-0132 and associated Docker file system binding issue), we recommend the following best practices:
Proactive security with Trend Vision One™
Trend Vision One™ is the only AI-powered enterprise cybersecurity platform that centralizes cyber risk exposure management, security operations, and robust layered protection. This comprehensive approach helps you predict and prevent threats, accelerating proactive security outcomes across your entire digital estate. Backed by decades of cybersecurity leadership and Trend Cybertron, the industry’s first proactive cybersecurity AI, it delivers proven results: a 92% reduction in ransomware risk and a 99% reduction in detection time. Security leaders can benchmark their posture and showcase continuous improvement to stakeholders. With Trend Vision One, you’re enabled to eliminate security blind spots, focus on what matters most, and elevate security into a strategic partner for innovation.
Trend Vision One provides protection and detection capabilities through the following:

Trend Micro has also added a Time-Critical Vulnerability alert in the Trend Vision One Executive Dashboard that will be continually updated with additional information related to prevention and detection as it becomes available.
Rapid patching remains the most effective mitigation, but it might not always be feasible especially in complex or critical production environments. Trend Vision One™ Cloud Workload Security provides essential visibility and detection capabilities, such as detecting host file system binding to containers and running malicious containers escaping to the host file system.
Additionally, Trend Vision One™ Container Security proactively identifies vulnerabilities, malware, and compliance violations within container images. Detection capabilities for CVE-2024-0132 and the newly identified vulnerability from its failed patch are already available and integrates directly into Trend Vision One™ Cyber Risk Exposure Management.
As the attacker can create a malicious image with the exploit, Trend’s solutions can help detect this vulnerability on the pipeline before the image is pushed to production. This way, if the vulnerability is detected, Container Security (admission control policy enforcement) can block the container image from being deployed into the production environment. We also detect this vulnerability at runtime, ensuring customers have full visibility of this security issue across the entire environment.
Abdelrahman Esmail
Sr. Engineer
Select a country / region
Experience our enterprise cybersecurity platform for free

source

Leave a Comment

United Healthcare | 8/28/25 – ktnv.com

United Healthcare | 8/28/25 – ktnv.com

As kids head back to school, health experts stress the importance of annual well-child visits. These checkups are key for monitoring a child’s physical, emotional, and developmental health, giving doctors the opportunity to track growth, provide screenings, and offer guidance tailored to each stage of life. From birth through the teen years, these visits are essential for keeping kids on track.
Well-child visit rates dropped during the pandemic and still haven’t fully recovered, but catching up now makes a big difference. These appointments ensure timely assessments like hearing, vision, and behavioral screenings, while also keeping children up to date on critical immunizations — including flu, HPV, and meningitis. Parents can learn more and find helpful resources by visiting uhc.com/childrenswellness.
This segment was paid for by United Healthcare
Report a typo

source

Leave a Comment

Leave a Comment

Leave a Comment

Leave a Comment

Could Oregon chart the course for universal health care in the US? – Waging Nonviolence

Could Oregon chart the course for universal health care in the US? – Waging Nonviolence

In 2022, Oregonians narrowly passed Measure 111, amending their constitution and guaranteeing affordable health care as a fundamental right to every resident of the state. Through three years of organizing, coalition building and planning, Oregon may enact its Universal Health Plan as early as fall 2025
In the face of extreme Medicaid cuts from the Trump administration, which will leave roughly 16 million people without health coverage by 2034, a state-level universal plan could mean the difference between cared-for, insured patients and thousands of preventable deaths. 
Oregon’s single-payer health care dream still has hurdles to overcome, but with a constitutional amendment voted in by the people, it may have a leg up over previous state-level campaigns, such as Vermont’s Green Mountain Care in the early 2010s. Even so, a clear understanding of what went wrong in previous campaigns — as well as continued organizing in Oregon — is needed to push it through. 
If successful, Oregon could lead by example and set the stage for a better, more efficient health care system in other states. While a national campaign isn’t on the table, organizers can look to Oregon for how to push a bold health agenda in their state.
In 2011, Vermont’s state government set in motion the steps to enact a publicly-funded, universal health care program across the state. 
For over a decade, organizers in Vermont fought for a single-payer health care system. Through forums, rallies and public education campaigns, groups like Vermont Health Care for All, the Vermont Workers’ Center and Vermont Businesses for Social Responsibility built a broad coalition to push for universal coverage.
We’ll send you a weekly email with the latest articles.
The program, referred to as Green Mountain Care, came very close to implementation, but it was shot down in 2014. It did not have the buy-in from then-Gov. Peter Shumlin, who cited significant tax increases as his primary issue. 
Dr. Deborah Richter, a physician and president of Vermont Health Care for All, spoke at over 500 events in the lead-up to Green Mountain Care in 2011. Richter agreed that taxes were the greatest barrier in Vermont’s state-level campaign, but highlighted a key flaw with this logic. 
Under a publicly-funded system, the taxes are all out in the open, making it easier to criticize. Under the private insurance system, health care costs are generally hidden — often in the prices of goods — with the financial burden falling on individuals with medical needs. 
“We do a lot of cost shifting,” Richter said. “You don’t realize that when you go into a store, and they’re paying for health insurance, that you’re paying higher prices for that [through] the goods that are in that store. You’re paying higher property taxes to pay for public employees’ health insurance. You’re paying a lot of other hidden taxes to pay for health care for other people.”
For Vermont, this meant people saw a scary price tag and may not have understood the tangible benefits. According to Richter, what a publicly-funded system really does is shift the cost-burden onto the wealthy, creating a fairer, more efficient and more complete system. Getting that message across, however, is its own challenge.
A number of less-comprehensive plans would later be proposed in Vermont, such as universal primary care, but the single-payer system drifted into the background. Oregon will likely face many of the same challenges, but with the distinct advantage of a constitutional amendment on the books.
According to Collin Stackhouse, communications coordinator for Health Care for All Oregon, or HCAO, Oregon’s Universal Health Plan Governance Board aims to propose the next draft of the health care plan in fall 2025. Stackhouse and multiple other HCAO members and affiliates serve on the Universal Health Plan Governance Board and its four committees.
Over the past three years, HCAO has built a multifaceted organizing apparatus. With an emphasis on community outreach and voter education, they’ve conducted crowd canvassing, tabling at events and given presentations with a wide variety of community organizations, such as faith groups, Rotary clubs and neighborhood associations.
Robyn Gottlieb, an organizer with HCAO, emphasized a few key elements in their strategy. Throughout the process, HCAO asks people to sign up for their mailing list to further help mobilize volunteers and also informs people about the Governance Board. 
“We have folks writing testimony to the Governance Board advocating for the strongest health plan possible with the most coverage,” Gottlieb said. “We want dental, we want vision, we want all the things.” 
These efforts aim to create a strong network of advocates that can push a comprehensive health plan over the line without backstepping. With the final draft of the health plan due from the Governance Board by September 2026, engaging as many people as possible will be crucial over the next year.
Even with this push from HCAO, the general lack of knowledge about universal health care still presents a challenge.
“I answer the comments [on our organization’s social media] and there’s a lot of misinformed people,” Stackhouse said. “There’s no way to give any detail or nuance in a 90-second clip.”
Disinformation from opponents of Oregon’s universal health plan is expected, and Stackhouse emphasized the need to connect with people in their communities in order to overcome this — especially given how complicated the current health system is. 
“Part of our hope as an organization is that we can reach everybody, every person in every corner of the state in some capacity,” Stackhouse said. “It’s becoming a pretty central part of our next year, these things called community conversations: actually having local people … go speak publicly in these different communities with their neighbors about the plan.”
What this really boils down to is recognizing the lack of information around health care, then finding a way to pull back the veil on the health care system with people across the state. 
“One of the main key points that I think everybody [needs to know] is that universal health care is cheaper,” Stackhouse said. “Our taxes probably will change, but we have the most expensive health care system in the whole world. Everybody [else] is spending less money, and they have universal health care. All of the countries that have the best health care have universal health care.”
For some, the buy-in may come from learning about universal health care itself, but others may need a more personal understanding. Getting individuals to consider the reality of never needing to pay another copay or deductible can make the difference. If there’s time, Gottlieb emphasized the power of telling a personal story as well.
There are still some details to iron out in Oregon’s plan, such as residency requirements and how the system would work for Oregonians traveling in other states. However, if Oregon is able to overcome the many challenges, it could clear a path for the United States to join all other high-income countries in providing affordable health care to its people. 
Universal health care in Canada began with the founding of the Co-operative Commonwealth Federation, or CCF, in 1932, one of the earliest democratic socialist parties in North America. In the early 1940s, the party’s grassroots engagement and political education efforts dramatically boosted party membership and led to a sweeping victory in Saskatchewan, where they won 47 out of 52 seats in 1944.
Following through on one of its many political aims, in 1947, CCF introduced the Saskatchewan Hospital Services Plan, the first universal hospital insurance program in North America. By 1962, the Saskatchewan Medical Care Insurance Act took effect, bringing publicly-funded health insurance to the entire province. 
While the process wasn’t without pushback, including a failed doctors’ strike, Saskatchewan’s Medicare system would pave the way for Canada’s nationwide universal health plan, culminating in the Canada Health Act of 1984. 
Through effective organizing based on working-class values and affordability, the CCF was able to kickstart dramatic change. The first domino that fell in favor of national universal health care in Canada came from a rural province with only around five percent of the population at the time. 
In the U.S., Oregon is not the only state working on a single-payer plan. The nonprofit One Payer States lists 22 states across the country with active movements or infrastructure for universal health care plans, but Oregon is closest to the finish line. 
Even with cross-state support, significant resistance is expected in Oregon and nationally. 
Philip Verhoef, the immediate past president of Physicians for a National Health Plan, emphasized the need for administrative simplicity to build a viable health care system in Oregon, especially when facing down the private insurance industry. 
“I assume the various private insurance companies that do business in Oregon are going to fight this tooth and nail because it’s going to effectively take them out of the game,” Verhoef said. “You almost need to make the argument impervious to money. The people fighting for single-payer are never going to outspend the insurance company, so instead they simply have to get everyone on their side.”
Waging Nonviolence depends on reader support. Become a sustaining monthly donor today!
The reality facing advocacy groups like HCAO is a U.S. private health insurance industry worth over a trillion dollars. Getting everyone on your side is far from a simple task, but that’s where the on-the-ground organizing comes in. 
HCAO’s community conversations, health care education efforts and volunteer mobilizing could make the difference in passing a universal health care plan that is both comprehensive and affordable.  
Oregon could be the domino that universal health care needs to spread across the country. It will require community effort, cultivating a deeper understanding of the vast inefficiencies in American health care and ultimately realizing a dream of something better. 
As we careen toward significantly more health care-related deaths due to the Trump administration’s cuts, the situation may be bleak. However, Richter suggests universal coverage could be a light at the end of the tunnel.
“You hope [that people] at least wake up and realize you can’t just keep kicking the can down the road, that this is not going to get better,” Richter said. “I’m optimistic because things are so bad. There is no other way to solve this problem.”
Kevin Foster is a journalist who reports on the intersection of politics and social justice, aiming to increase representation for marginalized voices in the public sphere. He is also an associate producer on the new film “The Palestine Exception: What’s at Stake in the Campus Protests?”
Your email address will not be published. Required fields are marked *

Please keep comments constructive and relevant to the post. Digressions, personal attacks, hateful language and unsubstantiated claims will be removed — as will comments tied to false email addresses, impersonations and copyright-protected material.





Oregon is on the verge of enacting a single-payer health care plan, but continued organizing is needed to secure this historic victory.
Through fundraisers, grocery deliveries, ‘adopt a corner’ initiatives and ICE watch, Angelenos are coming together to support their immigrant neighbors.
More than providing frontline support to people facing deportation, court watch is a necessary primer on growing U.S. fascism.
Peace and justice organizations, as well as universities, publish their own independent content on Waging Nonviolence. This Community section offers just a sample of their latest stories. Visit their individual pages to see more.
Sign up for our weekly newsletter to get the latest in people-powered news and analysis.


Waging Nonviolence is a nonprofit organization and all donations are tax deductible.
To donate by check, cryptocurrency or other method, see our Ways to Give page.

source

Leave a Comment

Leave a Comment

Leave a Comment

Leave a Comment