August 14, 2024 at 08:39AM Fortinet and Zoom announced patches for multiple vulnerabilities on Tuesday. Fortinet’s patches address three security defects, including high, medium, and low-severity flaws. Zoom published patches for 15 vulnerabilities, including high and medium-severity issues across its products. Both companies advise users to update their applications, with no reports of active exploitation. … Read more
August 9, 2024 at 03:24PM Intel has disclosed new details on its Raptor Lake family of 13th and 14th Gen Core processors failures and the 0x129 microcode to prevent further damage. The instability issue is due to elevated operating voltage above 1.55 volts. Motherboard vendors are releasing BIOS updates containing the new microcode. AMD has … Read more
August 7, 2024 at 04:31PM SafeBreach security researcher Alon Leviev disclosed at Black Hat 2024 two unpatched zero-days that can be exploited in downgrade attacks on up-to-date Windows 10, 11, and Windows Server systems. Microsoft issued advisories for CVE-2024-38202 and CVE-2024-21302, providing mitigation guidance. The vulnerabilities allow for system compromise, making fully patched systems susceptible … Read more
July 19, 2024 at 07:01AM SolarWinds released security updates for Access Rights Manager, resolving 13 vulnerabilities, including eight critical-severity bugs. Six critical flaws could be exploited for remote code execution, while the remaining two could allow attackers to read and delete arbitrary files. Five high-severity issues were also addressed, impacting domain admin access and arbitrary … Read more
July 18, 2024 at 01:54PM Researchers discovered a fake ad blocker in China targeting Internet cafés that conceals sophisticated malware. “HotPage.exe,” approved by Microsoft, appears as adware but can intercept web traffic, introduce more ads, and drop a system-level driver. ESET reported it to Microsoft, who removed it on May 1. The malware is developed … Read more
July 18, 2024 at 07:45AM Cisco announced software updates for around a dozen vulnerabilities, which included critical-severity bugs in Secure Email Gateway and Smart Software Manager On-Prem. The flaws could allow an attacker to execute arbitrary code, initiate denial-of-service conditions, or access the web UI with compromised user privileges. Cisco also addressed high-severity vulnerabilities in … Read more
July 10, 2024 at 09:48AM Citrix has released patches for critical security vulnerabilities in its NetScaler product line, including improper authorization and buffer overflow bugs. It recommends updating to specific versions to address these issues. The company also addressed vulnerabilities in other products such as NetScaler ADC and Workspace app, urging customers to update appliances … Read more
July 10, 2024 at 07:48AM Major industrial control systems (ICS) providers issued security advisories, including Siemens with 17 new advisories for over 50 vulnerabilities, a critical bug in SINEMA remote connect server, and a BlastRADIUS vulnerability. Schneider Electric released four advisories for six vulnerabilities, including a critical-severity issue in Wiser Home Controller WHC-5918A. Ifm Electronic … Read more
July 2, 2024 at 09:22AM Splunk announced patches for 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including six high-severity bugs. The vulnerabilities include remote code execution flaws, command injection flaw, path traversal, and denial-of-service. Splunk also addressed medium-severity flaws. No mention of exploitation in the wild was made. Additional information is available on Splunk’s … Read more
June 14, 2024 at 06:39AM Rockwell Automation has addressed three high-severity vulnerabilities in its FactoryTalk View Site Edition (SE) HMI software, including an authentication issue and a local privilege escalation vulnerability. These flaws have been patched in version 14, with advisories published by both Rockwell and CISA. Additionally, a vulnerability affecting certain controllers has also … Read more