October 15, 2024 at 06:29AM Automattic has released updates for 101 Jetpack versions from the past eight years to address a critical vulnerability, enhancing the security of the popular WordPress plugin. This development was reported by SecurityWeek. **Meeting Takeaways:** 1. **Company Update**: Automattic has released updates for Jetpack. 2. **Scope of Updates**: A total of … Read more
October 10, 2024 at 07:36AM Mozilla has issued a security advisory for a critical vulnerability (CVE-2024-9680) in Firefox, which is currently being exploited. The issue, a use-after-free in animation timelines, has a severe impact rating. Patches are available, and users are urged to upgrade to the latest Firefox versions to mitigate risks. **Meeting Takeaways: Firefox … Read more
September 26, 2024 at 01:40PM Bug hunter Simone Margaritelli has disclosed a critical, 9.9-rated unauthenticated RCE affecting GNU/Linux systems, with a possible release of technical details and exploit on September 30. Security teams have time to prepare, but details about the flaw are limited. The severity has been confirmed by Canonical and RedHat, raising concerns … Read more
July 2, 2024 at 05:18AM PTC, a product lifecycle management solutions provider, released a patch for a critical vulnerability found in the license server for their Creo Elements/Direct product, affecting version 20.7.0.0 and prior. The flaw, assigned CVE-2024-6071 with a CVSS score of 10, allows unauthenticated remote attackers to execute arbitrary OS commands, potentially enabling … Read more
June 11, 2024 at 03:02PM JetBrains has issued a security warning concerning a critical vulnerability in its IntelliJ integrated development environment (IDE) apps, CVE-2024-37051. The flaw, affecting versions 2023.1 onwards with the GitHub plugin, exposes access tokens. Security updates have been released for affected IDEs, and customers are advised to update and revoke GitHub tokens. … Read more
May 14, 2024 at 01:54PM Today’s Microsoft Patch Tuesday includes updates for 61 flaws, with one critical vulnerability fixed in Microsoft SharePoint Server. It addresses 17 elevation of privilege vulnerabilities, two security feature bypass vulnerabilities, 27 remote code execution vulnerabilities, seven information disclosure vulnerabilities, three denial of service vulnerabilities, and four spoofing vulnerabilities. Additionally, three … Read more
December 4, 2023 at 02:46PM Google’s December 2023 Android update fixes 85 vulnerabilities, including a critical zero-click RCE bug in the System component and other high-severity issues. The most severe flaw allows remote execution without privileges or user interaction. Two zero-days were previously patched in October. Updates are released in two sets, with rollout times … Read more
October 25, 2023 at 03:40PM VMware has advised customers to update their vCenter Servers due to a critical flaw that could result in remote code execution. The flaw, assigned a high severity score of 9.8, allows for an out-of-bounds write vulnerability in the DCERPC protocol. It is considered a serious threat to the confidentiality, integrity, … Read more
October 25, 2023 at 05:06AM VMware has released security updates to address a critical vulnerability in vCenter Server that can be exploited for remote code execution attacks. The vulnerability (CVE-2023-34048) allows unauthenticated attackers to remotely exploit it without user interaction. VMware has made patches available for affected products, including end-of-life versions. Administrators are advised to … Read more
October 17, 2023 at 09:06AM US authorities have urged network admins to patch a critical vulnerability in Atlassian Confluence Data Center and Server due to ongoing nation-state exploitation. The potential consequences of the exploit are severe, as attackers could create new admin accounts for themselves. The attackers have already demonstrated sophistication by attempting to modify … Read more