Akira and Fog ransomware now exploit critical Veeam RCE flaw

October 10, 2024 at 06:10PM Ransomware gangs are exploiting a critical vulnerability (CVE-2024-40711) in Veeam Backup & Replication servers, allowing remote code execution. Disclosed on September 4 with updates, attackers used compromised VPNs to deploy Akira and Fog ransomware. Veeam has a history of vulnerabilities attracting such malicious activity, impacting many global organizations. **Meeting Takeaways:** … Read more

CISA says critical Fortinet RCE flaw now exploited in attacks

October 9, 2024 at 06:11PM CISA announced that attackers are exploiting a critical FortiOS remote code execution vulnerability (CVE-2024-23113), allowing unauthenticated access to unpatched devices. U.S. federal agencies must secure their FortiOS devices within three weeks. Fortinet recommends removing access to the vulnerable fgfmd daemon as a mitigation measure. ### Meeting Takeaways: 1. **Critical Vulnerability … Read more

3 More Ivanti Cloud Vulns Exploited in the Wild

October 9, 2024 at 03:06PM Ivanti has alerted customers to three new vulnerabilities in its Cloud Services Appliance (CVA) that are currently being exploited, alongside a previously disclosed zero-day vulnerability. The company advises users to review administrative access and EDR alerts, and recommends migrating to CSA version 5.0 if compromised. ### Meeting Takeaways: 1. **New … Read more

Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries

October 9, 2024 at 11:43AM Multiple security vulnerabilities in the Manufacturing Message Specification (MMS) protocol pose risks for industrial environments, potentially enabling device crashes and remote code execution. Key libraries affected were patched in 2022, but gaps in security for modern technology versus outdated protocols persist. Additional vulnerabilities in other systems were also reported. ### … Read more

Microsoft cleans up hot mess of Patch Tuesday preview

October 9, 2024 at 11:19AM Microsoft has resolved issues related to the Windows 11 Patch Tuesday preview (KB5043145), which previously caused multiple restarts and device connectivity failures. The latest update includes critical security fixes. However, Windows 11 22H2 users will no longer receive updates, with other editions approaching end-of-support dates as well. ### Meeting Takeaways: … Read more

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

October 9, 2024 at 03:27AM Microsoft has issued security updates for 118 vulnerabilities, including two under active exploitation. Key vulnerabilities include CVE-2024-43572 and CVE-2024-43573, both related to remote code execution and spoofing. The U.S. CISA has added these to its catalog, mandating fixes by October 29, 2024. ### Meeting Takeaways – Microsoft Security Updates (Oct … Read more

Microsoft issues 117 patches – some for flaws already under attack

October 8, 2024 at 07:40PM Patch Tuesday released 117 Microsoft patches, addressing serious vulnerabilities including CVE-2024-43572, a high-risk flaw allowing unauthorized code execution, and CVE-2024-43573, a moderate spoofing issue. Adobe and SAP also issued numerous updates, with notable concerns in BusinessObjects and Apache Log4j related to their respective vulnerabilities. ### Meeting Takeaways **Patch Tuesday Overview … Read more

New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks

October 8, 2024 at 05:54PM A new scanner, created by Marcus Hitchins, is designed to identify devices vulnerable to the CUPS RCE flaw (CVE-2024-47176). By setting up an HTTP server on the scanning machine, the Python script sends custom UDP packets to the network, eliciting responses from vulnerable devices. The generated results aid system administrators … Read more

5 CVEs in Microsoft’s October Update to Patch Immediately

October 8, 2024 at 05:52PM Microsoft’s October security update addressed 117 vulnerabilities, ranking as the third largest release this year. Of these, two actively exploited flaws require immediate attention. One, CVE-2024-43573, is a spoofing vulnerability in MSHTML, while the other, CVE-2024-43572, is a remote code execution (RCE) flaw in Microsoft Management Console. Three publicly known … Read more

New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries

October 7, 2024 at 06:45AM The Gorilla (aka GorillaBot) botnet, a new variant of Mirai, has been identified by cybersecurity researchers. It has carried out over 300,000 attack commands with a high attack density, targeting over 100 countries and using various DDoS attack methods. It also exploits a security flaw in Apache Hadoop YARN RPC … Read more