Log4J patch to fix serious zero-day has its own vulnerability that is already actively exploited
Last week, security researchers notified developers that they had discovered an actively exploited zero-day vulnerability in the Apache Struts framework. The flaw was in the Log4J logging utility. The Apache Foundation issued a fix with version 2.15......»»
Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200) A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited.....»»
Critical Start helps organizations reduce cyber risk from vulnerabilities
Critical Start announced Critical Start Vulnerability Management Service (VMS) and Vulnerability Prioritization. These new offerings are a foundational pillar of Managed Cyber Risk Reduction, allowing organizations to assess, manage, prioritize, and.....»»
Business and tech consolidation opens doors for cybercriminals
Cyber threats continued to intensify in the first half of 2024 as cybercriminals exploited security gaps from growing business and technological consolidation, according to Resilience. Consolidation in business and tech fuels new third-party risks Re.....»»
Pixel problems: Google"s security nightmare caused by hidden software
A vulnerability included in every version of Android for previous Google Pixel models will soon be patched, but Pixel 9 buyers don't need to worry.Google Pixel 9The majority of Google Pixel smartphones sold from September 2017 onward have included a.....»»
Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)
SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the host machine. “While it was reported as an unauthenticated vulnerability, SolarWinds has been una.....»»
Ivanti Neurons for Patch Management enhancements automate patching process
Ivanti announced new features for Ivanti Neurons for Patch Management to help expand patch settings configuration to allow for multiple parallel deployment tasks such as regular maintenance, priority updates and zero-day response. Given the rise of c.....»»
Microsoft fixes 6 zero-days under active attack
August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly known. The zero-days under attack CVE-2024-38178 is a Scripting Engine Memor.....»»
Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200)
A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited by attackers to grab users’ NTLM hashes, Microsoft has shared late last week. The vulnerability is exploitable remotely and requires no special privileges or user interact.....»»
Week in review: Tips for starting your cybersecurity career, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: August 2024 Patch Tuesday forecast: Looking for a calm August release August 2024 July ended up being more ‘exciting’ than many of us wanted; we.....»»
1Password urges Mac users to patch now to avoid having their data stolen
This 1Password vulnerability could expose your vaults to theft, so patch now.....»»
August 2024 Patch Tuesday forecast: Looking for a calm August release
July ended up being more ‘exciting’ than many of us wanted; we’re supposed to be in the height of summer vacation season. First, we had a large set of updates on Patch Tuesday, then we had to work through the CrowdStrike event, and finally many.....»»
“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox
A “0.0.0.0-Day” vulnerability affecting Chrome, Safari and Firefox can be – and has been – exploited by attackers to gain access to services on internal networks, Oligo Security researchers have revealed. The vulnerability ste.....»»
1Password 8 for Mac flaw allows attackers to steal credentials, here’s how to patch it
1Password has shared that its software for Mac has a vulnerability that exposes users to a potentially serious threat. Along with attackers being able to compromise credentials, the flaw can give bad actors access to your account unlock key. more.....»»
This new patch might finally fix the issues with Intel CPUs
Intel's partners are beginning to release microcode patches that might fix the problems with 13th- and 14th-gen processors......»»
Prompt injection attack on Apple Intelligence reveals a flaw, but is easy to fix
A prompt injection attack on Apple Intelligence reveals that it is fairly well protected from misuse, but the current beta version does have one security flaw which can be exploited. However, the issue would be very easy for the company to fix, so.....»»
An 18-year-old Safari loophole exploited by hackers is finally being fixed by Apple
There’s a pesky loophole lurking in every major browser, including Apple’s Safari, Google Chrome, and Mozilla Firefox, that hackers have been exploiting for the past … The post An 18-year-old Safari loophole exploited by hackers is.....»»
macOS Sequoia to fix exploit that lets hackers access internal networks
Apple and other tech companies are constantly looking for ways to improve the security of their operating systems. Even so, some things go unnoticed. An exploit from 18 years ago is still being actively used by hackers to access internal networks, bu.....»»
Apple has closed an ancient macOS Safari security hole
Apple is fixing a vulnerability in Safari for macOS, that seems to date back to the dawn of Intel Macs.Icon for Safari in macOSThe Defcon hacking conference is taking place from August 8 to August 11 in Las Vegas, which hosts talks about newly discov.....»»
Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008)
Two cross-site scripting vulnerabilities (CVE-2024-42009, CVE-2024-42008) affecting Roundcube could be exploited by attackers to steal users’ emails and contacts, email password, and send emails from their account. About the vulnerabilities Rou.....»»
The Pixel Watch’s August 2024 Update is a Small One
It's your standard security patch. The post The Pixel Watch’s August 2024 Update is a Small One appeared first on Phandroid. If you own Google’s Pixel Watch or Watch 2, then you might want to check if your device has received the l.....»»