May 30, 2024 at 05:48AM Check Point VPNs were targeted by threat actors exploiting a zero-day vulnerability, allowing access to enterprise networks through old VPN local accounts. The vulnerability, tracked as CVE-2024-24919, affects certain Check Point Security Gateways and allows hackers to extract password hashes. Mnemonic reported attacks using CVE-2024-24919 in customer environments since April … Read more
May 21, 2024 at 03:01AM Cybersecurity researchers discovered a critical security flaw, CVE-2024-4323, in the popular logging and metrics utility Fluent Bit, impacting versions 2.0.7 through 3.0.3. The flaw allows for denial-of-service (DoS), information disclosure, or remote code execution by exploiting the API’s endpoints. Users are urged to update to version 3.0.4 to mitigate potential … Read more
May 15, 2024 at 11:21AM Intel released 41 security advisories addressing over 90 vulnerabilities in its products. Critical vulnerability CVE-2024-22476 was found in Neural Compressor, allowing unauthenticated remote attackers to escalate privileges. High-severity flaws were also found in UEFI firmware, graphics, and network products. Additionally, there were medium-severity vulnerabilities in various hardware and software products. … Read more
February 6, 2024 at 07:36AM Google announced patches for 46 Android vulnerabilities, including a critical bug (CVE-2024-0031) in the System component, enabling remote code execution. The 2024-02-01 security patch level fixed this flaw and 14 other high-severity defects. A subsequent update on 2024-02-05 addressed 31 high-severity issues in various components. Google also patched seven Pixel … Read more
February 5, 2024 at 05:07PM Microsoft is investigating an issue where Outlook triggers security alerts when opening .ICS calendar files post-December 2023 Patch Tuesday Office updates. Users are affected by warning dialog boxes, and the company is working on a fix for this bug and related security warning due to CVE-2023-35636. A temporary registry key … Read more
November 28, 2023 at 10:00AM Threat actors are actively exploiting a critical information disclosure vulnerability in ownCloud’s Graphapi app. The vulnerability allows attackers to retrieve sensitive credentials and system information. The flaw affects Graphapi versions 0.2.0 to 0.3.0 and cannot be mitigated by disabling the app alone. Administrators are urged to follow the mitigation steps … Read more
November 22, 2023 at 09:06AM Microsoft has launched a new bug bounty program called the Microsoft Defender Bounty Program. The program invites researchers to find vulnerabilities in Defender products and services and earn rewards ranging from $500 to $20,000. The highest rewards are given for critical-severity remote code execution bugs. Researchers must report flaws within … Read more
November 22, 2023 at 07:12AM Authorities in Australia, the US, and tech company Citrix have issued warnings about a critical vulnerability in the NetScaler product. Dubbed CitrixBleed, the bug allows information disclosure and affects Netscaler ADC and Gateway appliances configured as a gateway or AAA server. The flaw, which has been exploited since August and … Read more
November 15, 2023 at 02:57AM Intel has released fixes for a high-severity flaw called Reptar that affects its desktop, mobile, and server CPUs. The vulnerability, tracked as CVE-2023-23583, allows for privilege escalation, information disclosure, denial of service, and bypassing of security boundaries. Intel has published updated microcode for all affected processors and there is currently … Read more
November 7, 2023 at 08:06AM Google has released the November 2023 Android security updates, addressing 37 vulnerabilities. The first part of the update, the 2023-11-01 security patch level, addresses 15 vulnerabilities in Android’s Framework and System components, including a critical security vulnerability. The second part, the 2023-11-05 security patch level, fixes 22 security defects in … Read more