December 2, 2024 at 08:50AM Mozilla is experimenting with a new strategy aimed at encouraging more users to change their default browser on Windows. The initiative seeks to enhance user engagement and promote Firefox as a preferred choice. **Meeting Notes Takeaways:** 1. **Initiative**: Mozilla is exploring a new strategy aimed at encouraging Windows users to … Read more
October 8, 2024 at 02:18PM The text lists numerous CVE IDs and their associated vulnerabilities, including remote code execution, denial of service, elevation of privilege, and information disclosure. These vulnerabilities impact various Microsoft products such as .NET, Visual Studio, Azure, Windows, and Office, among others. The severity ranges from critical to moderate. Based on the … Read more
September 23, 2024 at 10:00AM ESET released patches for high-severity CVE-2024-7400 impacting Windows products, enabling privilege escalation through file deletion. The fix was automatically distributed to customers. The security flaw affected multiple end-user and enterprise products. ESET also addressed medium-severity CVE-2024-6654, which could cause denial-of-service attacks on macOS security tools, with patches for Cyber Security … Read more
September 16, 2024 at 02:06PM Microsoft has released Office LTSC 2024 for commercial and government customers, designed for devices without internet connectivity and requiring long-term support. It offers improved performance, security, and accessibility, with new features in Excel, Outlook, and Microsoft Teams. Unlike previous versions, it doesn’t include Microsoft Publisher and is available via device-based … Read more
September 15, 2024 at 02:18PM The “Windows MSHTML spoofing vulnerability” (CVE-2024-43461) was exploited by the Void Banshee APT hacking group, leading to it being reclassified as previously exploited. Based on the meeting notes, it appears that the “Windows MSHTML spoofing vulnerability” tracked under CVE-2024-43461 was recently fixed but has now been marked as previously exploited … Read more
September 6, 2024 at 01:39AM A high-severity vulnerability (CVE-2024-45195) in Apache OFBiz ERP system allows unauthenticated remote code execution. The flaw, impacting all versions before 18.12.16, lets attackers execute arbitrary code and has been used to deploy the Mirai botnet malware. The latest patch also tackles a critical SSRF vulnerability (CVE-2024-45507). Key takeaways from the … Read more
August 20, 2024 at 02:47PM Microsoft has rolled out a new unified Teams app for Windows and Mac users, allowing seamless switching between personal, work, and education accounts without multiple apps. Users can sign in once, switch accounts without re-logging, and join meetings without logging in. The update is now available for download on Microsoft’s … Read more
August 10, 2024 at 03:21PM Numerous security flaws in Google’s Quick Share for Android and Windows have been discovered, allowing for an RCE attack chain and posing serious risks such as unauthorized file writing and Wi-Fi connection manipulation. These vulnerabilities have been fixed in Quick Share version 1.0.1724.0, and Google is tracking them under two … Read more
July 19, 2024 at 02:03PM Millions of Windows systems experienced a blue-screen boot loop due to a broken file pushed out by CrowdStrike, impacting various sectors globally. The Kettle’s latest episode discusses this incident with experts from the UK and US. The show is available on YouTube and audio platforms like RSS, MP3, Apple, Amazon, … Read more
July 18, 2024 at 05:34PM Cybercriminal group Revolver Rabbit has registered over 500,000 domain names using a secret method called RDGAs to execute infostealer campaigns targeting Windows and macOS systems. Security researchers at Infoblox discovered this large-scale operation, estimating over $1 million in registration fees. The domains use a consistent pattern for easy readability and … Read more