March 25, 2024 at 11:04AM Mozilla quickly patched two critical Firefox zero-day vulnerabilities after they were demonstrated by researcher Manfred Paul at the Pwn2Own event in Vancouver. The bugs, rated “critical,” allowed for out-of-bounds read/write and privileged code execution. Mozilla released Firefox 124.0.1 to address the vulnerabilities, with some users encountering upgrade issues. Paul earned … Read more
March 24, 2024 at 09:24PM Microsoft admitted to a memory leak issue in its March patches causing Windows domain controller crashes. A fix has been issued. Atlassian revealed a SQL injection bug and other critical vulnerabilities. A new, more dangerous variant of the AcidRain wiper malware has been identified. Negligent employees are the main cause … Read more
March 22, 2024 at 06:30AM Participants at Pwn2Own Vancouver 2024 earned over $1.1 million, finding 29 zero-day vulnerabilities in Tesla cars, Windows, Ubuntu, Oracle VirtualBox, VMware Workstation, Chrome, Edge, and Adobe Reader. Notably, a team won $200,000 and a Tesla Model 3 for hacking a Tesla car’s electronic control unit. In total, nearly $3.5 million … Read more
March 20, 2024 at 08:57AM Google and Mozilla released web browser security updates addressing dozens of vulnerabilities, including critical and high-severity flaws. Chrome 123 fixes 12 bugs, one high-severity. The update also resolves medium and low-severity vulnerabilities. Google paid $22,000 in bug bounty rewards and released Chrome version 123.0.6312.58 for Linux and versions 123.0.6312.58/.59 for … Read more
March 13, 2024 at 12:51PM Intel and AMD released 10 new security advisories on Patch Tuesday. Intel’s advisories include 8 new issues, with 2 high-severity vulnerabilities impacting BIOS firmware and 4th Generation Xeon processors. They also address medium and low-severity vulnerabilities affecting processors. The company has released microcode updates to mitigate these issues. AMD’s advisories … Read more
March 13, 2024 at 09:27AM Salt Security analyzed ChatGPT plugins and uncovered vulnerabilities that could be exploited to access sensitive data and take over accounts on third-party websites. These vulnerabilities affected the OAuth authentication process, potentially leading to unauthorized data access and account takeovers. Vendors were promptly notified and patches were implemented. Additionally, future GPTs … Read more
March 13, 2024 at 06:33AM Fortinet announced patches for critical vulnerabilities in its network security and management products. The flaws, including CVE-2023-42789 and CVE-2023-48788, could lead to code execution and were resolved in various product versions. Additionally, high-severity and medium-severity bugs were also patched. Users are urged to apply the patches promptly to avoid potential … Read more
March 11, 2024 at 05:40PM CISA officials reported a breach by threat actors who exploited Ivanti product vulnerabilities in February. Suspicious activity was discovered in two systems, the Infrastructure Protection Gateway and Chemical Security Assessment Tool, prompting CISA to recommend reviewing its advisory on three Ivanti vulnerabilities. The incident also exposed the failure of Ivanti … Read more
March 11, 2024 at 10:03AM Over the weekend, Taiwan-based QNAP Systems announced patches for critical vulnerabilities in several products, such as QTS, QuTS hero, and QuTScloud. The flaws could enable unauthenticated access to network-attached storage (NAS) devices. CVE-2024-21899 poses a high risk, while CVE-2024-21900 and CVE-2024-21901 present medium risks, requiring authentication for exploitation. QNAP also … Read more
March 8, 2024 at 06:01PM Cybercrime gang Magnet Goblin swiftly exploits vulnerabilities in Ivanti devices to breach networks of US organizations in the medical, manufacturing, and energy sectors. CISA confirms Ivanti attacks, urging organizations to review Ivanti advisory. Magnet Goblin deploys remote-control and data-stealing malware, leveraging one-day vulnerabilities, posing a significant threat to global digital … Read more