July 19, 2024 at 04:33AM SolarWinds has addressed critical security flaws in its Access Rights Manager (ARM) software, including 11 vulnerabilities and their severity ratings. These flaws could allow attackers to access sensitive information and execute code with elevated privileges. The vulnerabilities have been fixed in version 2024.3 after responsible disclosure by the Trend Micro … Read more
July 18, 2024 at 11:03AM SAP’s AI Core service was recently vulnerable to attacks, potentially allowing access to customer data, as reported by Wiz. The flaws were discovered and reported to SAP by Wiz, which led to the release of patches for the bugs in May. The vulnerabilities could have allowed attackers to execute code … Read more
July 12, 2024 at 11:57AM Netgear issues urgent firmware update for multiple WiFi 6 router models to address stored XSS and authentication bypass vulnerabilities. Successful exploitation can lead to session hijacking, information theft, and unauthorized access, posing significant security risks. Users are strongly advised to immediately update their router firmware through Netgear Support to mitigate … Read more
July 5, 2024 at 07:52AM This week’s cybersecurity news roundup includes an Australian man charged for creating ‘evil twin’ Wi-Fi networks, dozens of vulnerabilities found in Sharp and Toshiba printers, a data breach at the Egyptian Health Department, and hacking of smart grills. Also covered are a Pakistan-linked Android spyware targeting gamers and weapons enthusiasts, … Read more
June 25, 2024 at 03:54AM Google announced a new Chrome security update addressing four high-severity memory safety vulnerabilities. 3 defects were reported by ‘wgslfuzz’ & the 4th by Cassidy Kim. wgslfuzz received a $10,000 reward for CVE-2024-6290 & Kim $4,000 for CVE-2024-6291. The update, version 126.0.6478.126 for Linux and 126.0.6478.126/127 for Windows and macOS, includes … Read more
June 12, 2024 at 12:57AM Microsoft released 51 security updates in its Patch Tuesday for June 2024, addressing 51 vulnerabilities, with one Critical and 50 Important. No active exploits were reported, with a third-party advisory CVE-2023-50868 posing a denial-of-service issue. Various other RCE vulnerabilities were also resolved, affecting different Microsoft products. Other vendors have also … Read more
June 11, 2024 at 08:33PM Microsoft’s June Patch Tuesday addressed 49 CVE-tagged security flaws, including a critical bug in wireless networking and a publicly disclosed DNS vulnerability (CVE-2023-50868). It also included an RCE issue in Microsoft Message Queuing (CVE-2024-30080) and a Wi-Fi driver remote code execution hole (CVE-2024-30078). Adobe, SAP, PHP, Arm, Apple, Google, SolarWinds, … Read more
June 5, 2024 at 07:01AM RansomHub, a new ransomware strain, has been identified as a rebranded version of Knight ransomware. It employs double extortion tactics and targets various platforms, using phishing campaigns for distribution. The group behind it has been linked to recent attacks and is recruiting affiliates. Ransomware activity has been on the rise, … Read more
May 30, 2024 at 11:16AM NIST is seeking outside assistance to address a backlog of unprocessed vulnerabilities in the National Vulnerability Database (NVD), with plans to improve processing rates and implement long-term solutions. CISA is collaborating with NIST to address the backlog, and a new project named Vulnrichment aims to enhance CVE records for improved … Read more
May 28, 2024 at 06:45AM CatDDoS botnet has exploited over 80 security flaws in the last three months to infect devices and launch DDoS attacks. It targets routers and networking equipment, mostly affecting devices from various vendors. The malware uses ChaCha20 encryption, employs an OpenNIC domain for C2, and shares encryption key/nonce pair with other … Read more