October 13, 2024 at 02:30PM Various security vulnerabilities affecting iOS 17.7 and iPadOS 17.7 have been addressed, including issues with state management, memory access, and user data privacy. Updates are available for multiple models, including iPhone XS and various iPad Pro, Air, and mini models to mitigate potential risks. ### Meeting Takeaways: Security Updates for … Read more
October 13, 2024 at 02:30PM The security update for macOS Sonoma 14.7 addresses several vulnerabilities, including improved permissions and memory handling, reducing risks of unauthorized data access and unexpected app terminations. Key issues include library injection, privacy breaches, and path handling weaknesses. Updates are available to mitigate these risks effectively. ### Meeting Takeaways **Release Information:** … Read more
October 13, 2024 at 02:30PM Apple released updates for iTunes 12.13.3 for Windows on September 12, 2024, addressing two vulnerabilities: CVE-2024-44193, which involves logic issues allowing privilege escalation, and CVE-2024-44157, a stack buffer overflow affecting system stability when handling malicious video files. Updates are available for Windows 10 and later. ### Meeting Notes Summary **Apple … Read more
October 12, 2024 at 02:10PM Microsoft has deprecated the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) in future Windows Server versions, urging administrators to transition to more secure protocols. **Meeting Takeaways:** 1. **Deprecation Announcement:** Microsoft has officially deprecated the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) for future versions … Read more
October 8, 2024 at 05:35PM Qualcomm has released 20 patches for chipsets’ firmware, addressing critical vulnerabilities, including exploited flaws in DSP software. Notably, CVE-2024-43047 carries a CVSS severity rating of 7.8, exploited by nation-state attackers or surveillanceware vendors. The update is urged for affected devices, with specific impacts on Snapdragon models and FastConnect Wi-Fi/Bluetooth kit. … Read more
September 6, 2024 at 09:18AM The SecurityWeek cybersecurity news roundup offers a valuable compilation of noteworthy cybersecurity stories that may not warrant full articles. This week’s stories include MITRE’s comparison of international PQC standards, US Army Special Forces hack, Transport for London cyberattack, CBIZ data breach, UK’s takedown of a banking anti-fraud website, OpenSSL and … Read more
August 14, 2024 at 02:03AM Microsoft shipped fixes for 90 security flaws, including 10 zero-days with active exploitation. Notable updates include addressing CVE-2024-38189, 38178, 38193, 38106, 38107, and 38213. Furthermore, CISA added the flaws to its Known Exploited Vulnerabilities catalog. The update from Microsoft also includes addressing CVE-2024-38200, 38199, 21302, and 38198. Other vendors have … Read more
August 9, 2024 at 12:17PM Microsoft has identified a high-severity zero-day vulnerability in Office 2016 and later, for which a patch is yet to be released. Based on the meeting notes, the key takeaway is that Microsoft has announced a high-severity zero-day vulnerability impacting Office 2016 and later versions that is still awaiting a patch. … Read more
July 8, 2024 at 01:32PM Microsoft has introduced spell check and autocorrect features in Notepad for Windows 11 users. The features have been tested by Windows Insiders and are now rolling out to all users. However, the autocorrect feature has limited effectiveness. Users can customize the features in Notepad settings and this marks a series … Read more
June 26, 2024 at 12:27PM Google has introduced new Chrome Enterprise Core features tailored for IT and security teams, aiming to enhance productivity and security. This development was highlighted in a post on SecurityWeek. Based on the meeting notes, it’s clear that Google has introduced new Chrome Enterprise Core features designed to benefit IT and … Read more