December 5, 2024 at 11:53AM I-O Data confirmed critical vulnerabilities in its routers, allowing remote attackers to disable firewalls and execute commands. Full patches will take weeks. Three flaws—CVE-2024-45841, CVE-2024-47133, and CVE-2024-52564—pose risks of information disclosure and command execution. A partial fix is available, with complete solutions expected by December 2024. ### Meeting Takeaways 1. … Read more
November 19, 2024 at 01:03PM D-Link is advising customers to replace outdated VPN router models due to a serious, unpatched vulnerability that allows for unauthenticated remote code execution. This security flaw poses significant risks, and affected devices will not receive fixes. ### Meeting Takeaways: 1. **Security Alert from D-Link**: Customers are being advised about a … Read more
November 4, 2024 at 04:07PM Okta has resolved an authentication bypass vulnerability affecting long usernames and complex domain names, which could have enabled unauthorized access under specific conditions. Discovered on October 30, it remained undetected for three months. Customers are urged to check logs for unusual activity and implement multifactor authentication for added security. **Meeting … Read more
October 23, 2024 at 06:56PM Fortinet disclosed a critical flaw (CVE-2024-47575) in its FortiManager software, allowing remote attackers to execute arbitrary code. With a CVSS score of 9.8, it’s actively exploited. Users are urged to update their software immediately. CISA added it to its Known Exploited Vulnerabilities Catalog, warning of significant user exposure. **Meeting Notes … Read more
September 18, 2024 at 07:42AM The evolution of software has surprised us, from Deep Blue beating Kasparov to chatbots handling complex tasks. Cybersecurity testing is also evolving, with automated penetration testing (PT) disrupting traditional methods. Automated PT offers more thorough and frequent testing at a fraction of the cost, making it crucial for robust security … Read more
May 4, 2024 at 12:19PM Mullvad VPN user found that Android devices leak DNS queries when switching VPN servers, even with “Always-on VPN” and “Block connections without VPN” enabled. The bug occurs during VPN reconfiguration, causing potential privacy risks. Mullvad suggested temporary workarounds and emphasizes fixing the issue at the OS level. Google is investigating … Read more