August 12, 2024 at 07:12AM Cybersecurity researchers discovered vulnerabilities in photovoltaic system management platforms by Chinese companies Solarman and Deye, posing a risk of power blackouts if exploited. The shortcomings, including account takeover and information leaks, have been addressed as of July 2024. The vulnerabilities could allow attackers to take over accounts, control inverters, and … Read more
August 10, 2024 at 03:21PM Numerous security flaws in Google’s Quick Share for Android and Windows have been discovered, allowing for an RCE attack chain and posing serious risks such as unauthorized file writing and Wi-Fi connection manipulation. These vulnerabilities have been fixed in Quick Share version 1.0.1724.0, and Google is tracking them under two … Read more
August 10, 2024 at 12:28PM Microsoft disclosed a high-severity vulnerability affecting multiple Office versions, including Office 2016 and Microsoft 365 Apps for Enterprise. Tracked as CVE-2024-38200, the flaw allows unauthorized access to protected information. Although Microsoft is developing security updates, an alternative fix has been released. Blocking outbound NTLM traffic is recommended as a mitigation. … Read more
August 9, 2024 at 01:34PM Progress (Nasdaq: PRGS) announced that the Securities and Exchange Commission’s fact-finding investigation into the MOVEit vulnerability has concluded without enforcement action recommended at this time. Progress received a subpoena on Oct. 2, 2023, from the SEC. The company empowers organizations with AI-powered infrastructure software to achieve transformational success in a … Read more
August 9, 2024 at 12:17PM Microsoft has identified a high-severity zero-day vulnerability in Office 2016 and later, for which a patch is yet to be released. Based on the meeting notes, the key takeaway is that Microsoft has announced a high-severity zero-day vulnerability impacting Office 2016 and later versions that is still awaiting a patch. … Read more
August 9, 2024 at 02:21AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has raised concerns about threat actors exploiting vulnerabilities in Cisco network devices, particularly targeting the legacy Smart Install feature. CISA emphasizes the need for strong password protection and reviews of NSA guidance. Cisco has also warned about critical flaws in certain products … Read more
August 8, 2024 at 12:34PM A vulnerability called “0.0.0.0 Day” was revealed 18 years ago, enabling harmful websites to circumvent security in Google Chrome, Mozilla Firefox, and Apple Safari, and access local network services. Based on the meeting notes, the key takeaway is that there is a serious vulnerability called “0.0.0.0 Day” that was disclosed … Read more
August 8, 2024 at 10:15AM Cybersecurity researchers have found a critical “0.0.0.0 Day” vulnerability impacting major web browsers, potentially allowing malicious actors to access local network services. The flaw arises from inconsistent security mechanisms and affects Google Chrome/Chromium, Mozilla Firefox, and Apple Safari on MacOS and Linux. Web browsers are expected to block access to … Read more
August 8, 2024 at 06:45AM Microsoft is developing security updates to tackle two vulnerabilities affecting Windows update architecture. The flaws can be exploited for downgrade attacks, allowing manipulation of system files and elevating privileges. Discovered by SafeBreach Labs researcher Alon Leviev, the vulnerabilities were presented at Black Hat USA 2024 and DEF CON 32, highlighting … Read more
August 8, 2024 at 02:27AM Progress Software’s WhatsUp Gold is facing active exploitation due to a critical security flaw (CVE-2024-4885, CVSS 9.8) allowing unauthenticated remote code execution. The flaw is being actively exploited, with a PoC exploit released by a security researcher. Exploitation attempts have been observed, emphasizing the urgency of applying the latest security … Read more