November 18, 2024 at 03:41PM A critical flaw in the Really Simple Security WordPress plug-in, affecting over 4 million sites, allows attackers to bypass authentication and gain administrative access. Rated 9.8 on the CVSS scale, the vulnerability has been patched in version 9.1.2. Users are urged to confirm updates to protect their sites. ### Meeting … Read more
October 29, 2024 at 04:30PM Free unofficial micropatches are now available for a Windows Themes zero-day vulnerability that allows NTLM credential theft. Discovered by ACROS Security, this issue affects all updated Windows versions. Users can apply these patches through 0patch while awaiting official fixes from Microsoft, which plans to address the problem promptly. ### Meeting … Read more
October 22, 2024 at 05:38PM A critical zero-day vulnerability (CVE-2024-44068) in Samsung’s mobile processors allows arbitrary code execution. Discovered in the m2m scaler driver, it received an 8.1 CVSS score and was patched in October 2024. Reported by Google researchers, it includes privilege escalation and anti-forensic measures. **Meeting Takeaways:** 1. **Discovery of Vulnerability**: A zero-day … Read more
October 16, 2024 at 04:03PM A critical credential vulnerability in SolarWinds’ Web Help Desk (CVE-2024-28987) allows unauthenticated remote access. Although patched in version 12.8.3 HF2, many instances remain vulnerable. The flaw is exploited by criminals, with significant risks of sensitive data exposure. This is SolarWinds’ second critical bug for the product in two months. ### … Read more
October 15, 2024 at 02:21PM Apple TV’s tvOS 17.5 addresses multiple security vulnerabilities, enhancing memory handling and input validation. Key issues include potential system shutdowns, app terminations, arbitrary code execution, and user data access. Updates are available for Apple TV HD and Apple TV 4K models. ### Meeting Takeaways on tvOS 17.5 Security Updates **Release … Read more
October 9, 2024 at 01:38PM Mozilla released an emergency security update for Firefox to fix a critical use-after-free vulnerability (CVE-2024-9680) in Animation timelines, currently exploited in attacks. Affected versions are Firefox 131.0.2, Firefox ESR 115.16.1, and Firefox ESR 128.3.1. Users are urged to upgrade immediately for protection. ### Meeting Takeaways on Mozilla Firefox Security Update … Read more
September 17, 2024 at 04:00PM Broadcom has addressed a critical VMware vCenter Server vulnerability (CVE-2024-38812) that allows unauthenticated remote attackers to achieve remote code execution through a heap overflow weakness in vCenter’s DCE/RPC protocol. Security patches are available, with the company advising administrators to apply the updates listed in the VMware Security Advisory to protect … Read more
September 17, 2024 at 03:21PM VMware, owned by Broadcom, released critical-severity patches for two vulnerabilities in its vCenter Server. One vulnerability, CVE-2024-38812, poses a major risk of remote code execution, while the other, CVE-2024-38813, is a privilege escalation vulnerability. The flaws impact vCenter Server and Cloud Foundation versions, and patches are the only known solution. … Read more
September 12, 2024 at 01:12PM GitLab released security updates addressing 17 vulnerabilities, including a critical flaw (CVE-2024-6678) enabling an attacker to run pipeline jobs as an arbitrary user. This is the fourth flaw patched in the past year. Users are urged to apply the patches immediately. There is no evidence of active exploitation, but caution … Read more
August 22, 2024 at 11:22AM Google released a new emergency security update for Chrome to patch a zero-day vulnerability exploited in attacks. The high-severity CVE-2024-7971 vulnerability in Chrome’s V8 JavaScript engine was reported by Microsoft researchers. The update (128.0.6613.84/.85) will be automatically rolled out to users, and manual updates can be initiated through the Chrome … Read more