August 15, 2024 at 12:51PM Security experts are urging Windows sysadmins to quickly patch a serious pre-auth remote code execution vulnerability in the Windows TCP/IP stack, with potential for zero-click exploitation. Tracked as CVE-2024-38063, the bug poses a critical risk, prompting Microsoft to issue a severity score of 9.8/10. Additionally, several other zero-days are being … Read more
August 15, 2024 at 11:34AM Microsoft disabled a BitLocker vulnerability fix due to firmware incompatibility, causing devices to enter recovery mode. The CVE-2024-38058 flaw allows attackers to bypass BitLocker encryption and access data. To mitigate the issue, users must follow a complex 4-stage process and may face limitations. Microsoft didn’t address the root cause, urging … Read more
August 14, 2024 at 08:39AM Fortinet and Zoom announced patches for multiple vulnerabilities on Tuesday. Fortinet’s patches address three security defects, including high, medium, and low-severity flaws. Zoom published patches for 15 vulnerabilities, including high and medium-severity issues across its products. Both companies advise users to update their applications, with no reports of active exploitation. … Read more
August 14, 2024 at 06:57AM Intel and AMD disclose multiple vulnerabilities in their products. Intel’s 43 advisories cover around 70 security holes, including high-severity flaws impacting various products. Medium-severity vulnerabilities were also patched in several hardware, software, and technologies. Similarly, AMD issued eight advisories addressing 46 vulnerabilities, including high-severity issues and plans to mitigate new … Read more
August 14, 2024 at 02:03AM Microsoft shipped fixes for 90 security flaws, including 10 zero-days with active exploitation. Notable updates include addressing CVE-2024-38189, 38178, 38193, 38106, 38107, and 38213. Furthermore, CISA added the flaws to its Known Exploited Vulnerabilities catalog. The update from Microsoft also includes addressing CVE-2024-38200, 38199, 21302, and 38198. Other vendors have … Read more
August 13, 2024 at 01:45PM Adobe released 72 security vulnerability fixes for various products, warning Windows and macOS users of code execution and denial-of-service risks. Critical flaws were addressed in Adobe Acrobat, Reader, Illustrator, Photoshop, InDesign, Commerce, Bridge, Substance 3D Stager, Substance 3D Sampler, Substance 3D Designer, and InCopy, urging users to update to the … Read more
August 10, 2024 at 01:45AM Microsoft has disclosed an unpatched zero-day in Office (CVE-2024-38200) that could lead to unauthorized disclosure of sensitive information to malicious actors. A patch is expected on August 13, with an alternative fix already enabled. Three mitigation strategies have been outlined. Microsoft is also working on addressing other zero-day flaws in … Read more
August 6, 2024 at 02:32PM Google released 46 fixes for Android in its August security patch batch, addressing a high-severity Linux kernel flaw (CVE-2024-36971) with potential for remote code execution. The bug may already be exploited by spyware, highlighting the urgency of updating Android devices. Other high-severity vulnerabilities include a Qualcomm component flaw and 11 … Read more
July 24, 2024 at 11:12AM Some Windows devices encounter a BitLocker recovery screen after installing July’s update, affecting versions from Windows 10 to Windows 11 on the client side, and Windows Server 2008 to Windows Server 2022 on the server side. Microsoft confirmed the issue and advised affected users to have their recovery key or … Read more
July 24, 2024 at 10:42AM Siemens issued an out-of-band security advisory announcing patches for critical vulnerabilities in Sicam A8000, Enhanced Grid Sensor, and Sicam 8 software, impacting energy supply sector. One vulnerability allows unauthorized admin access, the other can enable firmware downgrading and code execution. Siemens has released firmware updates and mitigation measures, while SEC … Read more