#InformationDisclosure

Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws

December 10, 2024 by Xynik

December 10, 2024 at 01:38PM Several Microsoft vulnerabilities were reported, affecting various components such as Microsoft Defender, Edge, Office, SharePoint, and Windows services. Severity levels range from moderate to critical, with numerous remote code execution and elevation of privilege vulnerabilities listed, posing significant security risks to users and systems. ### Meeting Takeaways: CVE Vulnerabilities Overview … Read more

High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables

November 15, 2024 by Xynik

November 15, 2024 at 02:46AM A high-severity vulnerability (CVE-2024-10979) in PostgreSQL allows unprivileged users to modify environment variables, potentially enabling arbitrary code execution and information disclosure. With a CVSS score of 8.8, it has been patched in recent PostgreSQL versions. Users are advised to implement strict permissions on extensions and functions. ### Meeting Takeaways – … Read more

Intel Informs Customers About Over a Dozen Processor Vulnerabilities

September 11, 2024 by Xynik

September 11, 2024 at 10:06AM Intel recently published security advisories detailing over 20 vulnerabilities in their processors and products. These advisories cover issues such as UEFI firmware vulnerabilities affecting various processor series, ranging from Atom to Xeon. Majority of the flaws have a ‘high severity’ rating and can lead to privilege escalation, DoS attacks, and … Read more

Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data

August 21, 2024 by Xynik

August 21, 2024 at 12:36PM Researchers have uncovered a critical security flaw in Microsoft’s Copilot Studio (CVE-2024-38206) that allows unauthorized access to sensitive information. Microsoft has addressed the vulnerability and stated no customer action is required. The disclosure follows the announcement of security flaws in Microsoft’s Azure Health Bot Service and the upcoming enforcement of … Read more

Google Patches Android Zero-Day Exploited in Targeted Attacks

August 6, 2024 by Xynik

August 6, 2024 at 04:00AM Google announced its August 2024 Android security patches, including a high-severity zero-day vulnerability, CVE-2024-36971, in the kernel that could be exploited for remote code execution. Other updates address over 40 vulnerabilities, many with ‘high severity’ ratings, in components like framework, system, Arm, Imagination Technologies, MediaTek, and Qualcomm. Wear OS patches … Read more

Microsoft finally fixes Outlook alerts bug caused by December updates

July 16, 2024 by Xynik

July 16, 2024 at 08:25AM Microsoft has resolved an Outlook security bug causing incorrect alerts after December updates. These alerts resulted from an information disclosure vulnerability, potentially allowing attackers to steal NTLM hashes. Despite initial fixes, the issue resurfaced in April and was finally resolved in the July 9th public update, prompting users to reverse … Read more

Check Point VPN Attacks Involve Zero-Day Exploited Since April

May 30, 2024 by Xynik

May 30, 2024 at 05:48AM Check Point VPNs were targeted by threat actors exploiting a zero-day vulnerability, allowing access to enterprise networks through old VPN local accounts. The vulnerability, tracked as CVE-2024-24919, affects certain Check Point Security Gateways and allows hackers to extract password hashes. Mnemonic reported attacks using CVE-2024-24919 in customer environments since April … Read more

“Linguistic Lumberjack” Vulnerability Discovered in Popular Logging Utility Fluent Bit

May 21, 2024 by Xynik

May 21, 2024 at 03:01AM Cybersecurity researchers discovered a critical security flaw, CVE-2024-4323, in the popular logging and metrics utility Fluent Bit, impacting versions 2.0.7 through 3.0.3. The flaw allows for denial-of-service (DoS), information disclosure, or remote code execution by exploiting the API’s endpoints. Users are urged to update to version 3.0.4 to mitigate potential … Read more

Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities

May 15, 2024 by Xynik

May 15, 2024 at 11:21AM Intel released 41 security advisories addressing over 90 vulnerabilities in its products. Critical vulnerability CVE-2024-22476 was found in Neural Compressor, allowing unauthenticated remote attackers to escalate privileges. High-severity flaws were also found in UEFI firmware, graphics, and network products. Additionally, there were medium-severity vulnerabilities in various hardware and software products. … Read more

Critical Remote Code Execution Vulnerability Patched in Android

February 6, 2024 by Xynik

February 6, 2024 at 07:36AM Google announced patches for 46 Android vulnerabilities, including a critical bug (CVE-2024-0031) in the System component, enabling remote code execution. The 2024-02-01 security patch level fixed this flaw and 14 other high-severity defects. A subsequent update on 2024-02-05 addressed 31 high-severity issues in various components. Google also patched seven Pixel … Read more