June 30, 2024 at 11:21AM Juniper Networks released an emergency update to address a critical vulnerability, tracked as CVE-2024-2973, which could lead to an authentication bypass in Session Smart Router, Conductor, and WAN Assurance Router products. The affected versions and recommended patches were listed, highlighting the need for immediate action due to active exploitation of … Read more
June 27, 2024 at 07:06PM The BlackSuit ransomware gang cyberattacked KADOKAWA corporation, demanding ransom in exchange for not publishing stolen data, which includes employee details, financial information, and business plans. The Japanese media conglomerate’s operations, including Niconico services, continue to be impacted. BlackSuit, a rebrand of the Royal ransomware operation, has been linked to numerous … Read more
June 25, 2024 at 11:13PM Summary: Apple ID HT214111 released update on 2024-06-25 addressing CVE-2024-27867, improving state management for Bluetooth. The update is available for AirPods (2nd gen and later), AirPods Pro, AirPods Max, Powerbeats Pro, and Beats Fit Pro to prevent an attacker in Bluetooth range from gaining access to headphones during connection requests. … Read more
June 13, 2024 at 01:25PM A proof-of-concept exploit for Veeam Recovery Orchestrator vulnerability tracked as CVE-2024-29855 has been released by security researcher Sina Kheirkha. The exploit allows unauthenticated access to the web UI with administrative privileges due to a hardcoded JWT secret. Veeam’s security bulletin suggests upgrading to patched versions and provides conditions required to … Read more
June 13, 2024 at 04:00AM Google has warned of a zero-day security flaw, CVE-2024-32896, in Pixel Firmware, being exploited in targeted attacks. The June 2024 security update addresses a total of 50 vulnerabilities, including denial-of-service issues and information disclosure flaws in Qualcomm chipsets. Updates are available for supported Pixel devices. Previous security flaws have also … Read more
June 11, 2024 at 07:13PM The critical CVE-2024-30080 is the highlight of Microsoft’s June 2024 Patch Tuesday update, but several other issues also need immediate attention. Based on the meeting notes, the key takeaway would be that CVE-2024-30080 is the critical issue in Microsoft’s June 2024 Patch Tuesday update, but there are also many other … Read more
June 10, 2024 at 06:56PM Arm has issued a security bulletin regarding a memory-related vulnerability in Bifrost and Valhall GPU kernel drivers, known as CVE-2024-4610, impacting versions r34p0 through r40p0. This use-after-free vulnerability (UAF) poses a risk of information disclosure and arbitrary code execution. The issue has been fixed in version r41p0, with users urged … Read more
June 7, 2024 at 02:23PM SolarWinds released version 2024.2 with new features, upgrades, and security patches. This includes fixing high-severity SWQL injection bug (CVE-2024-28996), reported by a NATO-affiliated penetration tester. Other flaws fixed are a high-severity cross-site scripting flaw (CVE-2024-29004) and a medium-severity race condition vulnerability. The update also enhances map functionality and overall stability. … Read more
June 6, 2024 at 08:07AM Microsoft has officially deprecated the NTLM authentication protocol, signaling the need for admins to transition to more secure alternatives. While NTLM will continue to work in future Windows releases, calls to NTLM should be replaced by Negotiate, prioritizing Kerberos authentication. The move is part of Microsoft’s goal to eliminate the … Read more
June 5, 2024 at 05:06AM Northern Minerals, an Australian rare-earth metals producer, fell victim to a data breach by the BianLian ransomware gang. Exfiltrated data, including operational, financial, and personal information, was released on the dark web. Despite the breach, the company’s operations and systems were not materially impacted. The incident coincided with political developments, … Read more