#CVE2024 – Page 2

Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability

December 11, 2024 by Xynik

December 11, 2024 at 02:30AM Microsoft’s October 2024 Patch Tuesday addressed 72 security flaws, including a critical privilege escalation vulnerability (CVE-2024-49138) actively exploited in the wild. The update opened paths for further security measures against threats. Additionally, Microsoft plans to phase out NTLM in favor of Kerberos to bolster security against exploitation. ### Meeting Takeaways: … Read more

Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities

December 10, 2024 by Xynik

December 10, 2024 at 10:12PM Ivanti has issued security updates for critical vulnerabilities in its Cloud Services Application and Connect Secure products, including flaws allowing privilege escalation and remote code execution. Users are urged to update to the latest versions as active exploitation has been a concern, despite Ivanti not having awareness of current attacks. … Read more

Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday

December 10, 2024 by Xynik

December 10, 2024 at 06:09PM Microsoft’s December 2024 Patch Tuesday introduces a significant security update addressing a Windows zero-day vulnerability (CVE-2024-49138) and 71 patches, bringing the year’s total to 1,020. Critical issues involve exploits in LDAP, Hyper-V, and RDP services, necessitating immediate action from security administrators to mitigate risks. ### Meeting Takeaways – December 2024 … Read more

Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws

December 10, 2024 by Xynik

December 10, 2024 at 01:38PM Several Microsoft vulnerabilities were reported, affecting various components such as Microsoft Defender, Edge, Office, SharePoint, and Windows services. Severity levels range from moderate to critical, with numerous remote code execution and elevation of privilege vulnerabilities listed, posing significant security risks to users and systems. ### Meeting Takeaways: CVE Vulnerabilities Overview … Read more

SonicWall Patches 6 Vulnerabilities in Secure Access Gateway

December 6, 2024 by Xynik

December 6, 2024 at 07:30AM SonicWall released urgent patches for multiple high-severity vulnerabilities in the SMA100 SSL-VPN gateway, including buffer overflow flaws (CVE-2024-45318, CVE-2024-53703) allowing remote code execution, a path traversal issue (CVE-2024-38475), and an authentication bypass (CVE-2024-45319). Users must update to firmware version 10.2.1.14-75sv. ### Meeting Takeaways: SonicWall Security Vulnerabilities Update 1. **Vulnerability Announcement**: … Read more

Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console

December 4, 2024 by Xynik

December 4, 2024 at 12:45AM Veeam released security updates for a critical vulnerability (CVE-2024-42448) in its Service Provider Console, which allows remote code execution. Another vulnerability (CVE-2024-42449) poses risks of NTLM hash leakage and file deletion. Users must upgrade to version 8.1.0.21999 to mitigate risks as there are no alternative fixes. **Meeting Takeaways – December … Read more

Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers

November 27, 2024 by Xynik

November 27, 2024 at 11:30AM A critical security flaw (CVE-2024-11680) in the ProjectSend application, linked to improper authorization, has been actively exploited since September 2024. Despite a patch released in August 2024, only 1% of servers are updated. Users are urged to apply the latest patches to mitigate risks. CVSS score: 9.8. ### Meeting Takeaways … Read more

ProjectSend Vulnerability Exploited in the Wild

November 27, 2024 by Xynik

November 27, 2024 at 06:23AM VulnCheck warns that threat actors are exploiting a severe vulnerability (CVE-2024-11680) in unpatched ProjectSend servers, allowing remote unauthorized access. Despite a patch released in May 2023, most servers remain unupdated, with 55% still vulnerable, leading to widespread exploitation and potential webshell installations. ### Meeting Takeaways: 1. **Vulnerability Overview**: – The … Read more

Critical Vulnerabilities Found in Anti-Spam Plugin Used by 200,000 WordPress Sites

November 26, 2024 by Xynik

November 26, 2024 at 05:37AM Two severe vulnerabilities in CleanTalk’s WordPress anti-spam plugin could allow remote code execution by unauthorized attackers, affecting over 200,000 installations. Patches for these flaws were released, but as of late November, many users had not updated, leaving them at risk. Users are urged to upgrade to version 6.45 immediately. **Meeting … Read more

Google’s AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects

November 21, 2024 by Xynik

November 21, 2024 at 03:13AM Google’s AI-powered fuzzing tool, OSS-Fuzz, has uncovered 26 vulnerabilities, including a medium-severity flaw in OpenSSL (CVE-2024-9143), indicating significant advancements in automated vulnerability detection. The tool enhances code coverage and is part of Google’s transition to memory-safe languages like Rust, alongside new security checks in C++. **Meeting Takeaways – Nov 21, … Read more