Microsoft on Tuesday fixed a total of 90 security flaws, including 10 zero-days, of which six have come under active exploitation in the wild. Of the 90 bugs, seven are rated Critical, 79 are rated Important, and one is rated Moderate in severity. This is also in addition to 36 …
Read More »
(CVE-2024-7569 and CVE-2024-7570)
Ivanti flags Critical Fixes for ITSM Vulnerabilities
Ivanti issued a security advisory about two important vulnerabilities in its Neurons for IT Service Management (ITSM) platform. Customers using the on-premise version should act quickly. The vulnerabilities (CVE-2024-7569 and CVE-2024-7570) affect Ivanti Neurons for ITSM versions 2023.4 and older, putting them at risk of unauthorized data access and system …
Read More »Microsoft discloses an unpatched Office zero-day
A high-severity zero-day vulnerability has been found affecting Office 2016 and later. Microsoft is currently working on a patch to fix this issue. The vulnerability, known as CVE-2024-38200, could let unauthorized people access protected data like system status, configuration data, personal information, or connection metadata. This zero-day affects different 32-bit …
Read More »0.0.0.0 Day: Exploiting Localhost APIs From the Browser
A recent study found a vulnerability in major internet browsers that has existed for 18 years. This vulnerability makes private and corporate networks open to cyberattacks. Researchers from Oligo Security discovered that hackers can take advantage of how browsers handle requests to the IP address 0.0.0.0 by redirecting them to …
Read More »Google says new Android Zero-day vulnerability was exploited
Google has patched a “high-severity” vulnerability that may be “under limited, targeted exploitation” in Android devices. Google issued an advisory stating that the bug, known as CVE-2024-36971, affects the Linux kernel. This kernel is a crucial part of an operating system, connecting the software to the computer’s hardware. According to …
Read More »Critical Vulnerability in Apache OFBiz Requires Patching
The Mirai botnet is exploiting a new directory traversal vulnerability in Apache OFBiz. This Java framework is supported by the Apache Foundation. It is used to create ERP (Enterprise Resource Planning) applications that manage sensitive business data. Despite being less common than commercial alternatives, ERP applications are crucial for businesses. Vulnerability …
Read More »Apple fixed multiple vulnerabilities in iOS and macOS
Apple released security updates for iOS, macOS, tvOS, visionOS, watchOS, and Safari to fix many vulnerabilities. The IT giant addressed numerous security vulnerabilities, such as authentication and policy bypasses, information disclosure, denial-of-service (DoS) issues, and bugs leading to memory leaks, unexpected application termination, or system shutdown, by releasing iOS 17.6 and …
Read More »Ransomware Gangs Exploiting VMware ESXi Flaw: Microsoft
Microsoft’s threat intelligence team has reported that ransomware groups are exploiting a critical vulnerability in VMware’s ESXi hypervisors. This allows them to gain full administrative access to systems that are joined to a domain. The flaw labeled CVE-2024-37085 with a severity score of 6.8 has been used by ransomware groups …
Read More »Patch Now! Cisco Confirms Critical RADIUS Protocol Vulnerability
Cisco has issued a security advisory (CVE-2024-3596) in the RADIUS protocol, which is widely used for network access authentication and authorization. This vulnerability could let an attacker bypass multi-factor authentication (MFA) and gain unauthorized network access. The vulnerability is due to a problem in the MD5 Response Authenticator signature in …
Read More »Google fixes Chrome Password Manager bug hiding credentials
Google fixed a bug in Chrome’s Password Manager that caused user credentials to vanish temporarily. A problem with Google Chrome’s Password Manager caused an 18-hour outage on Wednesday. This affected users who use the tool to save and automatically fill in their passwords. Many users said they couldn’t find their …
Read More »