Cleo Patches Exploited Flaw as Security Firms Detail Malware Pushed in Attacks

December 12, 2024 at 06:08AM Cleo has updated its Harmony, VLTrader, and LexiCom file transfer tools to address a critical vulnerability (CVE-2024-50623) affecting several industries. The flaw allows unpatched systems to be exploited for file access and remote code execution. Security firms are analyzing related malware linked to ongoing attacks, suggesting widespread exploitation. ### Meeting … Read more

Google Pays $55,000 for High-Severity Chrome Browser Bug

December 11, 2024 at 10:19AM Google has released a Chrome update addressing three vulnerabilities, including two high-severity memory safety bugs in the V8 JavaScript engine, one of which led to a $55,000 bug bounty. The update also fixes a use-after-free defect. No exploitation of these vulnerabilities has been confirmed yet. ### Meeting Takeaways: 1. **Chrome … Read more

Critical OpenWrt Flaw Exposes Firmware Update Server to Exploitation

December 9, 2024 at 01:29PM The OpenWrt Project has released a critical patch addressing a vulnerability (CVE-2024-54143) that could allow attackers to inject malicious firmware through its sysupgrade server. Issues include command injection in the image builder and truncated SHA-256 hash collisions, compromising firmware integrity. Users are urged to upgrade to mitigate risks. ### Meeting … Read more

SonicWall Patches 6 Vulnerabilities in Secure Access Gateway

December 6, 2024 at 07:30AM SonicWall released urgent patches for multiple high-severity vulnerabilities in the SMA100 SSL-VPN gateway, including buffer overflow flaws (CVE-2024-45318, CVE-2024-53703) allowing remote code execution, a path traversal issue (CVE-2024-38475), and an authentication bypass (CVE-2024-45319). Users must update to firmware version 10.2.1.14-75sv. ### Meeting Takeaways: SonicWall Security Vulnerabilities Update 1. **Vulnerability Announcement**: … Read more

Bootloader Vulnerability Impacts Over 100 Cisco Switches

December 5, 2024 at 07:31AM Cisco has released patches for a significant vulnerability in NX-OS bootloader software (CVE-2024-20397) that could let attackers bypass image signature verification. Affecting over 100 models, the flaw requires physical access for exploitation. Cisco advises immediate updates, although no known exploits are reported. Discontinued devices will not receive patches. **Meeting Takeaways: … Read more

Android’s December 2024 Security Update Patches 14 Vulnerabilities

December 4, 2024 at 07:02AM Google released December 2024 security updates for Android, addressing 14 high-severity vulnerabilities, including a critical remote code execution flaw. The updates cover Android versions 12 through 15. Users are encouraged to update devices promptly, as no exploitation is reported. No security updates were included for Android Automotive OS and Wear … Read more

‘RomCom’ APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor

November 26, 2024 at 04:44PM In October, Russian hackers exploited two zero-day vulnerabilities affecting Firefox and Windows, allowing them to deploy malicious code via infected websites. The vulnerabilities were swiftly patched, limiting potential damage, primarily impacting targets in North America and Europe. The attackers utilized fake domains related to IT services to spread the malware. … Read more

Over 2,000 Palo Alto firewalls hacked using recently patched bugs

November 21, 2024 at 02:47PM Hackers have compromised thousands of Palo Alto Networks firewalls by exploiting two recently patched zero-day vulnerabilities. **Meeting Takeaways:** 1. **Security Breach**: A significant number of Palo Alto Networks firewalls have been compromised by hackers. 2. **Exploited Vulnerabilities**: The attacks are utilizing two recently patched zero-day vulnerabilities. 3. **Urgency for Action**: … Read more

Apple fixes two zero-days used in attacks on Intel-based Macs

November 19, 2024 at 04:57PM Apple issued emergency security updates to address two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. The updates aim to enhance security and protect users from potential threats. **Meeting Takeaways:** 1. Apple has released emergency security updates. 2. The updates address two zero-day vulnerabilities. 3. The vulnerabilities … Read more

Citrix, Fortinet Patch High-Severity Vulnerabilities

November 13, 2024 at 07:21AM Citrix and Fortinet have issued patches addressing multiple vulnerabilities, including high-severity issues in their NetScaler and FortiOS products. **Meeting Takeaways:** 1. **Patch Releases**: Citrix and Fortinet have issued patches addressing multiple vulnerabilities. 2. **Severity of Vulnerabilities**: The patches include fixes for high-severity vulnerabilities specifically in NetScaler and FortiOS. 3. **Source … Read more