Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection

December 13, 2024 at 12:57PM A critical vulnerability (CVE-2024-54143) in OpenWrt’s Attended Sysupgrade could allow attackers to inject malicious firmware by exploiting command injection and hash collision issues. Patched in version 920c8a1, the flaw poses a severe supply chain risk as no authentication is required for exploitation. Users are urged to update immediately. ### Meeting … Read more

Firefox ditches Do Not Track because nobody was listening anyway

December 12, 2024 at 03:54AM Mozilla will remove the Do Not Track (DNT) toggle from Firefox 135, set for release on February 4, 2025. As DNT is often ignored by websites, users are encouraged to use the Global Privacy Control (GPC) instead, supported by newer privacy regulations. Browser extensions are also recommended for enhanced privacy. … Read more

Windows 11 KB5048667 & KB5048685 cumulative updates released

December 10, 2024 at 01:23PM Microsoft has released cumulative updates KB5048667 and KB5048685 for Windows 11 versions 24H2 and 23H2 to address security vulnerabilities and other issues. **Meeting Takeaways:** 1. **Updates Released**: Microsoft has released cumulative updates for Windows 11, specifically KB5048667 and KB5048685. 2. **Supported Versions**: The updates are applicable to Windows 11 versions … Read more

Bootloader Vulnerability Impacts Over 100 Cisco Switches

December 5, 2024 at 07:31AM Cisco has released patches for a significant vulnerability in NX-OS bootloader software (CVE-2024-20397) that could let attackers bypass image signature verification. Affecting over 100 models, the flaw requires physical access for exploitation. Cisco advises immediate updates, although no known exploits are reported. Discontinued devices will not receive patches. **Meeting Takeaways: … Read more

Microsoft says having a TPM is “non-negotiable” for Windows 11

December 4, 2024 at 07:48PM Microsoft confirmed that Windows 10 users require TPM 2.0 support to upgrade to Windows 11, describing it as a mandatory security feature. Though many bypass methods exist, TPM 2.0 is critical for enhancing cybersecurity. Additionally, Windows 10 support ends on October 14, 2025, but users can purchase Extended Security Updates … Read more

Microsoft says premature patch could make Windows Recall forget how to work

December 4, 2024 at 09:06AM Microsoft identified that some Windows Insiders could not save snapshots using the Recall preview due to a problematic non-security update (KB5046740). Users are advised against installing this update before joining the Dev Channel, as it could lead to potential issues requiring Windows reinstallation. Recall faces criticism for privacy concerns. ### … Read more

Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console

December 4, 2024 at 12:45AM Veeam released security updates for a critical vulnerability (CVE-2024-42448) in its Service Provider Console, which allows remote code execution. Another vulnerability (CVE-2024-42449) poses risks of NTLM hash leakage and file deletion. Users must upgrade to version 8.1.0.21999 to mitigate risks as there are no alternative fixes. **Meeting Takeaways – December … Read more

Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks

November 29, 2024 at 05:33AM Microsoft addressed four security vulnerabilities in its AI and cloud offerings, including a critical privilege escalation flaw (CVE-2024-49035) exploited in the wild. Other flaws include XSS and authentication issues in various products. While most have been mitigated, users are advised to update Dynamics 365 Sales apps for security. ### Meeting … Read more

About the security content of macOS Sequoia 15.1.1 – Apple Support

November 19, 2024 at 01:54PM Apple has addressed two security vulnerabilities in macOS Sequoia 15.1.1 (CVE-2024-44308 and CVE-2024-44309), which involve arbitrary code execution and cross-site scripting attacks, respectively. Both issues may have been actively exploited on Intel-based Mac systems, with updates now available. Release date is November 19, 2024. **Meeting Takeaways:** 1. **Release Information:** – … Read more

VMware makes Workstation and Fusion free for everyone

November 11, 2024 at 06:05PM VMware has made its Fusion and Workstation desktop hypervisors free for all users, retiring the paid subscription model. While users retain full features, support ticketing is discontinued. Broadcom plans ongoing development and updates. Current commercial contracts remain valid until expiration, ensuring continued service and support for those agreements. **Meeting Takeaways: … Read more