Tag: update
-
Security Update: IBM X-Force Shows Hackers Using BEC to Steal Cloud Creds
First seen on scworld.com Jump to article: www.scworld.com/news/security-update-ibm-x-force-shows-hackers-using-bec-to-steal-cloud-creds
-
Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session and passwords bugs
Apple released iOS 18.0.1 update that addressed two vulnerabilities that exposed passwords and audio snippets to attackers. Apple released iOS 18.0.1 and iPadOS 18.0.1 updates to fix two vulnerabilities, respectively tracked as CVE-2024-44207 and CVE-2024-44204. The company addressed the vulnerability by improving checks. The flaw was reported by Michael Jimenez and an anonymous researcher. The…
-
Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability
Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user’s passwords to be read out aloud by its VoiceOver assistive technology.The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads. Security…
-
MSP Update: Kaseya Invests in FedRAMP for Partners
First seen on scworld.com Jump to article: www.scworld.com/news/msp-update-kaseya-invests-in-fedramp-for-partners
-
Ivanti Confirms Exploitation of an Old Critical Vuln
Remote Code Execution Bug Exploited in Limited Attacks. Ivanti confirmed that hackers are exploiting an SQL injection vulnerability in its Ivanti Endpoint Manager enabling remote code execution, despite the company addressing the issue with a patch in May. The flaw allows unauthenticated attackers within the same network to execute arbitrary code. First seen on govinfosecurity.com…
-
SonarQube 10.7 Release Announcement
Sonar introduces powerful AI-driven features, expanded support for new and existing languages and frameworks, and deeper security, all to elevate your code quality. These updates bring significant advancements for developers and teams. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/sonarqube-10-7-release-announcement/
-
Latest product updates
Tags: updateAll announcements about Acunetix product updates and new releases are now exclusively available on our changelogs page. For each release, we publish notes to announce new features, new security checks, improvements, and bug fixes. Information about our latest product updates and previous release notes are… Read more First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/latest-product-updates/
-
ISMG Editors: Russian Cybercrime Syndicates Under Siege
Also: U.S. Healthcare Cyber Bill, Insights from ISMG’s Canada Summit. In the latest weekly update, ISMG editors discussed recent international law enforcement efforts against Russian cybercrime organizations, the latest U.S. cybersecurity bill aimed at protecting the healthcare sector and key takeaways from ISMG’s Canada Summit. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/ismg-editors-russian-cybercrime-syndicates-under-siege-a-26448
-
Bootschleife: Update macht ältere Samsung-Smartphones unbrauchbar
Tags: updateViele Smartphones der Galaxy-S10- und der Note-10-Serie sind in einer Bootschleife gefangen. Ursache ist ein fehlerhaftes Smartthings-Update. First seen on golem.de Jump to article: www.golem.de/news/bootschleife-update-macht-aeltere-samsung-smartphones-unbrauchbar-2410-189499.html
-
October 2024 Patch Tuesday forecast: Recall can be recalled
October arrived, and Microsoft started the month by announcing the release of Windows 11 24H2. The preview versions of this release have been in the news due to many … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/04/october-2024-patch-tuesday-forecast/
-
DrayTek Issues Updates to Plug Router Vulns
First seen on scworld.com Jump to article: www.scworld.com/brief/draytek-issues-updates-to-plug-router-vulns
-
Litespeed Cache Plugin Flaw Allows XSS Attack, Update Now
The new LiteSpeed Cache flaw (CVE-2024-47374) allows unauthenticated code injection across more than six million active installations First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/litespeed-cache-plugin-flaw-allows/
-
Virtual Patching: A Proactive Approach to API Security
In the API-driven world of modern enterprises, security vulnerabilities such as Broken Object Level Authorization (BOLA) represent one of the more insidious threats. These weaknesses are often exploited by attackers through bot-driven automation and can lead to data breaches and privacy violations. It’s not always convenient or even possible to immediately remediate the problem through……
-
Tor Browser 13.5.6 Released What’s New!
The Tor Project has announced the release of Tor Browser 13.5.6, which is now available for download from its official website and distribution directory. This latest version includes significant updates that focus on enhancing security and user experience across all platforms. Key Security Updates One of the most notable updates in Tor Browser 13.5.6 is…
-
Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch
Tags: cisa, cve, cvss, cybersecurity, endpoint, exploit, flaw, infrastructure, ivanti, kev, update, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting Endpoint Manager (EPM) that the company patched in May to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerability, tracked as CVE-2024-29824, carries a CVSS score of 9.6 out of a maximum of 10.0, indicating critical…
-
How to use the Apple Passwords app
The latest Apple OS updates (iOS 18, iPadOS 18, macOS Sequoia) have introduced a standalone Passwords app, to make users’ passwords, passkeys, Wi-Fi passwords, and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/03/how-to-use-the-apple-passwords-app/
-
Windows 11 user hurt by the KB5043145 update? Microsoft offers a way out
Might be best to give it a miss for now First seen on theregister.com Jump to article: www.theregister.com/2024/10/01/microsoft_kb5043145_rollback/
-
Exclusive: Google Cloud Updates Confidential Computing Portfolio
Users of Google Cloud’s virtual machines can now get in-house attestation for VMs that offer AMD encrypted virtualization. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/google-cloud-confidential-computing-updates/
-
Fake browser updates spread updated WarmCookie malware
A new ‘FakeUpdate’ campaign targeting users in France leverages compromised websites to show fake browser and application updates that spread a new version of the WarmCookie malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-browser-updates-spread-updated-warmcookie-malware/
-
DrayTek fixed critical flaws in over 700,000 exposed routers
DrayTek has released security updates for multiple router models to address 14 vulnerabilities of varying severity, including a remote code execution flaw that received the maximum CVSS score of 10. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/draytek-fixed-critical-flaws-in-over-700-000-exposed-routers/
-
Manufacturers Rank as Ransomware’s Biggest Target
Improvements in cybersecurity and basics like patching aren’t keeping pace with the manufacturing sector’s rapid growth. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/manufacturers-ransomwares-biggest-target
-
‘Patch yesterday’: Zimbra mail servers under siege through RCE vuln
Attacks began the day after public disclosure First seen on theregister.com Jump to article: www.theregister.com/2024/10/02/mass_exploitation_of_zimbra_rce/
-
Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Patch it now!
Threat actors attempt to exploit recently disclosed vulnerability CVE-2024-45519 in Synacor’s Zimbra Collaboration. Proofpoint cybersecurity researchers reported that threat actors are attempting to exploit a recently disclosed vulnerability, tracked as CVE-2024-45519, in Synacor’s Zimbra Collaboration. Starting on September 28, 2024, threat actors have been attempting to exploit the issue to achieve remote code execution on…
-
Addressing Git Vulnerabilities in Ubuntu 18.04 and 16.04
Canonical has released security updates for Ubuntu 16.04 ESM and Ubuntu 18.04 ESM to address multiple vulnerabilities in Git, a powerful and widely-used distributed version control system. These vulnerabilities may allow malicious attackers to overwrite files outside the repository, inject arbitrary configuration, or even execute arbitrary code. In this article, we’ll explore the details of……
-
Future of CentOS Stream 9: The Road Ahead
Tags: updateAs of June 30, 2024, the CentOS Project ceased all updates and releases for CentOS Linux. CentOS Stream serves as the upstream development platform for future RHEL releases. CentOS Stream 9 will continue to receive regular updates, providing users with the latest features and security patches. In December 2020, Red Hat announced a significant shift……
-
Kritische Fehler: Windows-11-Update KB5043145 nicht aufspielen
Microsofts Update für Windows 11, KB5043145, hat bei Benutzern erhebliche Probleme verursacht, die von Systemabstürzen bis hin zu Hardwareproblemen reichen. First seen on golem.de Jump to article: www.golem.de/news/kritische-fehler-windows-11-update-kb5043145-nicht-aufspielen-2410-189441.html
-
Zimbra RCE Vuln Under Attack Needs Immediate Patching
The bug gives attackers a way to run arbitrary code on affected servers and take control of them. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/recent-zimbra-rce-under-attack-patch-now
-
Third Party Zero-Day Bug Exploited in Rackspace Systems
Rackspace Scrambles to Patch Zero Day Dashboard Bug. Rackspace confirmed that criminals exploited a zero day vulnerability in a ScienceLogic third-party application, forcing the cloud-hosting provider to take monitoring dashboards offline. ScienceLogic confirmed it issued a patch for the zero-day remote code execution vulnerability. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/third-party-zero-day-bug-exploited-in-rackspace-systems-a-26425