Cleo patches critical zero-day exploited in data theft attacks

December 12, 2024 at 12:09PM Cleo has released urgent security patches for a zero-day vulnerability in its LexiCom, VLTransfer, and Harmony software, actively exploited in data theft attacks linked to the Termite ransomware gang. Customers are advised to upgrade to version 5.8.0.24 to enhance security and mitigate risks from these breaches. ### Meeting Takeaways 1. … Read more

Actively Exploited Zero-Day, Critical RCEs Lead Microsoft Patch Tuesday

December 10, 2024 at 06:09PM Microsoft’s December 2024 Patch Tuesday introduces a significant security update addressing a Windows zero-day vulnerability (CVE-2024-49138) and 71 patches, bringing the year’s total to 1,020. Critical issues involve exploits in LDAP, Hyper-V, and RDP services, necessitating immediate action from security administrators to mitigate risks. ### Meeting Takeaways – December 2024 … Read more

Microsoft Ships Urgent Patch for Exploited Windows CLFS Zero-Day

December 10, 2024 at 03:33PM Microsoft has issued patches for over 70 security flaws, highlighting an actively exploited zero-day vulnerability in Windows’ Common Log File System (CLFS), CVE-2024-49138. Additionally, a critical LDAP remote code execution issue (CVE-2024-49112) has been flagged, with urgent recommendations for mitigation measures. ### Meeting Takeaways: 1. **Security Patches Released**: – Microsoft … Read more

Microsoft NTLM Zero-Day to Remain Unpatched Until April

December 9, 2024 at 05:44PM Microsoft issued guidance to mitigate NTLM relay attacks following the discovery of a zero-day bug affecting all Windows versions, enabling credential theft through malicious files. The bug’s fix is anticipated in April. Organizations are advised to enable Extended Protection for Authentication (EPA) to strengthen defenses against these vulnerabilities. ### Meeting … Read more

New Windows zero-day exposes NTLM credentials, gets unofficial patch

December 6, 2024 at 11:37AM A new zero-day vulnerability allows attackers to capture NTLM credentials via malicious files in Windows Explorer, affecting all Windows versions from 7 to 11. Discovered by 0patch, the flaw lacks an official fix from Microsoft. 0patch will provide a free micropatch while users can also disable NTLM authentication. ### Meeting … Read more

I-O Data Confirms Zero-Day Attacks on Routers, Full Patches Pending

December 5, 2024 at 11:53AM I-O Data confirmed critical vulnerabilities in its routers, allowing remote attackers to disable firewalls and execute commands. Full patches will take weeks. Three flaws—CVE-2024-45841, CVE-2024-47133, and CVE-2024-52564—pose risks of information disclosure and command execution. A partial fix is available, with complete solutions expected by December 2024. ### Meeting Takeaways 1. … Read more

Japan warns of IO-Data zero-day router flaws exploited in attacks

December 4, 2024 at 10:34AM Japan’s CERT warns that hackers are exploiting zero-day vulnerabilities in I-O Data’s UD-LT1 routers, enabling unauthorized access and command execution. The vendor confirmed flaws and plans to release fixes by December 18, 2024. Users are advised to implement mitigation measures to protect their devices until updates are available. ### Meeting … Read more

New Windows Server 2012 zero-day gets free, unofficial patches

November 29, 2024 at 12:00PM Unofficial security patches have been released on the 0patch platform to fix a two-year-old zero-day vulnerability in the Windows Mark of the Web (MotW) security mechanism. **Meeting Takeaways:** 1. **Security Update Release**: Free unofficial security patches are now available via the 0patch platform. 2. **Vulnerability Addressed**: These patches target a … Read more

Firefox and Windows zero-days exploited by Russian RomCom hackers

November 26, 2024 at 06:28AM The Russian-based RomCom cybercrime group exploited two zero-day vulnerabilities targeting Firefox and Tor Browser users, allowing remote code execution without user interaction. Their attacks, focusing on organizations in Ukraine, Europe, and North America, utilized a malicious website to deploy the RomCom backdoor, indicating sophisticated capabilities and targeted espionage motives. ### … Read more

2,000 Palo Alto Firewalls Compromised via New Vulnerabilities

November 21, 2024 at 11:20AM Palo Alto Networks reported a drop in internet-exposed firewalls, yet around 2,000 devices remain compromised due to critical vulnerabilities CVE-2024-0012 and CVE-2024-9474. Patches were released in mid-November following confirmed exploitation, with attacks primarily affecting devices in the U.S. and India. Key security recommendations include limiting access to trusted IPs. **Meeting … Read more