November 18, 2024 at 12:24PM Palo Alto Networks (PAN) issued a warning about a critical remote code execution vulnerability (CVE-2024-0012) in its Expedition firewall, marking the fourth exploit in a week. The company recommends patching systems and limiting management interface access. Over 8,700 vulnerable instances were reported. Expedition will be unsupported after January 2025. ### … Read more
November 15, 2024 at 06:05AM CISA has included two additional vulnerabilities, CVE-2024-9463 and CVE-2024-9465, related to Palo Alto Networks Expedition, in its KEV catalog due to their exploitation in attacks. **Meeting Takeaways:** 1. **New Vulnerabilities Added**: CISA has added two vulnerabilities related to Palo Alto Networks Expedition to its KEV catalog. – CVE-2024-9463 – CVE-2024-9465 … Read more
November 15, 2024 at 12:33AM CISA has warned of two actively exploited vulnerabilities in Palo Alto Networks Expedition, added to its KEV catalog. Agencies must update by December 5, 2024. CVE-2024-9463 and CVE-2024-9465 could allow attackers to execute commands and access sensitive data. Palo Alto confirmed limited exploitation of these flaws. ### Meeting Takeaways – … Read more
November 14, 2024 at 03:57AM Exploitation attempts have emerged for CVE-2024-10914, a recently revealed vulnerability in outdated D-Link NAS devices that will not be patched. This issue was highlighted in a SecurityWeek article detailing the risks associated with unaddressed flaws in legacy systems. ### Meeting Takeaways 1. **Vulnerability Identified**: CVE-2024-10914 is a critical vulnerability that … Read more
November 7, 2024 at 10:51AM Hewlett Packard Enterprise (HPE) addressed critical vulnerabilities in Aruba Networking Access Points with updates for AOS-8 and AOS-10 software. Two severe flaws (CVE-2024-42509, CVE-2024-47460) allow remote command injection. Users are advised to update to specific versions and implement workarounds to enhance security. No active exploitation reported. ### Meeting Takeaways: 1. … Read more
October 31, 2024 at 06:32AM A critical unauthenticated privilege escalation vulnerability (CVE-2024-50550) has been discovered in the LiteSpeed Cache plugin for WordPress, allowing unauthorized users to gain admin access. The flaw has been patched in version 6.5.2. Users are urged to stay informed on plugin updates due to ongoing WordPress repository changes. ### Meeting Takeaways … Read more
October 29, 2024 at 06:36PM OpenAI’s GPT-4o can be manipulated into generating exploit code by encoding malicious instructions in hexadecimal, bypassing its safety features. Researcher Marco Figueroa highlights this vulnerability on Mozilla’s 0Din platform, emphasizing the need for improved AI security measures and detection mechanisms for encoded content to prevent such exploitations. ### Meeting Takeaways … Read more
October 29, 2024 at 06:05PM A recently reported 0-day vulnerability affects all Windows versions from 7 to 11, allowing attackers to capture NTLM authentication hashes via authentication coercion attacks. Discovered by ACROS Security while addressing another vulnerability, the flaw requires user interaction and could be exploited through manipulated Windows themes. Microsoft is aware and may … Read more
October 29, 2024 at 02:42PM Apple released updates for Safari 18.1 on macOS Ventura and Sonoma on October 28, 2024, addressing multiple vulnerabilities (CVE-2024-44259, CVE-2024-44244, CVE-2024-44229, CVE-2024-44296). Issues included memory corruption and failures to enforce Content Security Policy, potentially causing process crashes when processing malicious web content. **Meeting Notes Takeaways:** **Release Information:** – **Apple ID:** … Read more
October 28, 2024 at 12:06PM Apple will release iOS 18.1 on October 28, 2024, addressing multiple vulnerabilities affecting devices such as iPhone XS and later. Key issues include improved authentication for physical access vulnerabilities, better handling of symlinks, and enhanced input validation to prevent memory corruption and unauthorized access to sensitive data. ### Meeting Takeaways … Read more