November 27, 2024 at 11:30AM A critical security flaw (CVE-2024-11680) in the ProjectSend application, linked to improper authorization, has been actively exploited since September 2024. Despite a patch released in August 2024, only 1% of servers are updated. Users are urged to apply the latest patches to mitigate risks. CVSS score: 9.8. ### Meeting Takeaways … Read more
November 21, 2024 at 11:57AM Approximately 2,000 Palo Alto Networks devices have reportedly been compromised due to recently disclosed security vulnerabilities. The flaws, CVE-2024-0012 and CVE-2024-9474, could enable malicious actions. Palo Alto warns that cyber attacks exploiting these weaknesses may rise and urges users to implement security measures and apply updates promptly. ### Meeting Takeaways … Read more
November 21, 2024 at 10:08AM Qualys researchers revealed five critical vulnerabilities in Ubuntu Server’s needrestart utility that allow unprivileged attackers to gain root access. Though they developed exploit code, they won’t release it due to its alarming nature. Admins are urged to update to version 3.8 or later to mitigate risks. **Meeting Takeaways:** 1. **Vulnerabilities … Read more
December 13, 2023 at 09:12AM Google is promoting the use of Clang sanitizers for enhancing the security of Android’s cellular baseband. The sanitizers, such as IntSan and BoundSan, help detect vulnerabilities and prevent remote code execution. Despite performance overhead, Google has enabled them in critical attack surfaces. The move complements the transition to memory-safe languages … Read more