August 16, 2024 at 01:18PM The utility gains privilege escalation and the ability to disable endpoint protection software by using a public exploit after loading a vulnerable driver. Based on the meeting notes, it appears that the discussion revolved around the use of a vulnerable driver to gain the ability to disable endpoint protection software … Read more
August 16, 2024 at 12:40PM CISA warns of attackers exploiting a critical vulnerability in SolarWinds’ Web Help Desk (WHD) software, allowing remote code execution. SolarWinds issued a hotfix, advising administrators to apply it, while also recognizing an issue for SAML Single Sign-On users. CISA mandates federal agencies to patch WHD servers by September 5. SolarWinds … Read more
August 15, 2024 at 03:15PM SolarWinds advises customers to patch a critical CVE-2024-28986 vulnerability in its Web Help Desk platform, a Java deserialization RCE flaw. If exploited, attackers can run commands on the host machine. The software vendor recommends immediate patch application, urging all versions to be upgraded to 12.8.3 and the hotfix installed. Based … Read more
August 15, 2024 at 10:51AM SolarWinds has released a patch to fix a critical security flaw in its Web Help Desk software (CVE-2024-28986) that could allow remote code execution. Palo Alto Networks also addressed high and moderate-severity vulnerabilities in Cortex XSOAR and GlobalProtect, urging users to update to the latest versions to reduce risks and … Read more
August 15, 2024 at 09:21AM SolarWinds has released a hotfix for a critical-severity vulnerability in Web Help Desk, allowing remote attackers to execute arbitrary code. The CVE-2024-28986 affects versions 12.4 to 12.8, requiring the installation of version 12.8.3.1813. SolarWinds advises customers to upgrade, download the hotfix, and apply it, providing detailed installation instructions in their … Read more
August 14, 2024 at 02:03AM Microsoft shipped fixes for 90 security flaws, including 10 zero-days with active exploitation. Notable updates include addressing CVE-2024-38189, 38178, 38193, 38106, 38107, and 38213. Furthermore, CISA added the flaws to its Known Exploited Vulnerabilities catalog. The update from Microsoft also includes addressing CVE-2024-38200, 38199, 21302, and 38198. Other vendors have … Read more
August 14, 2024 at 02:03AM Ivanti has released security updates for a critical flaw in Virtual Traffic Manager (vTM) that could allow an authentication bypass and the creation of rogue administrative users. The vulnerability, tracked as CVE-2024-7593, has a CVSS score of 9.8. Additionally, Ivanti has addressed other vulnerabilities in Neurons for ITSM and Ivanti … Read more
August 13, 2024 at 10:12AM A team at the CISPA Helmholtz Center for Information Security uncovered the “GhostWrite” vulnerability in T-Head’s XuanTie C910 and C920 RISC-V CPUs, allowing attackers to gain unrestricted access to affected devices. The flaw lies in the vector extension, requiring disabling half the CPU’s functionality for full mitigation, impacting performance especially … Read more
August 13, 2024 at 10:12AM Researchers discovered critical security flaws in Microsoft’s Azure Health Bot Service, allowing unauthorized access to patient data and system resources. Tenable reported finding vulnerabilities related to data connections and an endpoint supporting the Fast Healthcare Interoperability Resources data exchange format. Microsoft has since patched these issues, emphasizing the importance of … Read more
August 13, 2024 at 06:42AM IOActive disclosed Sinkclose, a new AMD processor vulnerability that has been around for 20 years, targeting SMM. Exploiting the flaw needs deep understanding of the architecture, but not physical access. AMD has published mitigations and firmware updates, prioritizing security despite it affecting seriously breached systems. The malware planted is stealthy … Read more