November 15, 2024 at 05:09PM Israeli firm NSO Group allegedly exploited WhatsApp vulnerabilities to deploy its Pegasus spyware, even after legal actions were initiated. Using various zero-day exploits like “Erised” and “Eden,” NSO’s clients could remotely infiltrate devices. Despite being sanctioned by the U.S., NSO claims limited responsibility for clients’ surveillance actions. Here are the … Read more
November 14, 2024 at 03:40AM The UK, US, Canada, Australia, and New Zealand’s cybersecurity agencies released their annual list of the 15 most exploited vulnerabilities, highlighting increased attacks on zero-day exploits. Top entries include vulnerabilities in Citrix, Cisco, and Fortinet, emphasizing the need for prompt patching and secure product design to enhance network defenses. ### … Read more
November 13, 2024 at 10:54AM In 2023, many of the most frequently exploited vulnerabilities were initially zero-day vulnerabilities, as reported by government agencies. Notable companies affected included Citrix, Cisco, and Fortinet, highlighting ongoing security challenges organizations face in protecting their systems. ### Meeting Notes Takeaways: 1. **Top Exploits of 2023**: Most frequently exploited vulnerabilities this … Read more
November 13, 2024 at 07:15AM Microsoft’s November 2024 Patch Tuesday addressed 90 security flaws, including two actively exploited vulnerabilities in Windows NTLM and Task Scheduler. Notably, CVE-2024-43451 affects NTLMv2 hash disclosure, while CVE-2024-49039 allows privilege escalation. The update also highlights critical vulnerabilities in Azure CycleCloud and .NET, alongside adopting CSAF for improved vulnerability reporting. **Meeting … Read more
November 12, 2024 at 08:32PM Microsoft’s recent Patch Tuesday update addressed 89 security flaws, including two under active attack. Vulnerabilities CVE-2024-49039 and CVE-2024-43451 enable privilege escalation and account impersonation, respectively. Additionally, severe flaws in Azure and .NET products could lead to remote code execution. CISA highlighted an increase in zero-day exploitations throughout 2023. ### Meeting … Read more
November 12, 2024 at 05:45PM Microsoft’s November security update addresses 89 vulnerabilities, including four zero-day bugs actively exploited by attackers. Among these, CVE-2024-43451 allows unauthorized access to NTLMv2 hashes, while CVE-2024-49039 enables privilege escalation. Microsoft also adopted the Common Security Advisory Framework (CSAF) to improve vulnerability disclosure. ### Meeting Takeaways: 1. **Vulnerability Update**: – Microsoft … Read more
November 12, 2024 at 02:04PM Microsoft’s November 2024 Patch Tuesday addresses 91 vulnerabilities, including four critical flaws and two actively exploited zero-days. Notable vulnerabilities include NTLM Hash Disclosure and Windows Task Scheduler issues. The update also highlights fixes for other major products and features from various vendors, ensuring enhanced security across systems. ### Meeting Takeaways … Read more
November 12, 2024 at 11:54AM The FBI, NSA, and Five Eyes partners identified 15 top vulnerabilities exploited in 2023, urging immediate patching and management. Zero-day exploits increased, with 12 of the 15 vulnerabilities addressed last year. Notably, CVE-2023-3519 was widely targeted, emphasizing the need for proactive security measures to mitigate risks. ### Meeting Takeaways: 1. … Read more
November 12, 2024 at 10:29AM The joint Cybersecurity Advisory highlights increased exploitation of zero-day vulnerabilities in 2023 by malicious cyber actors compared to 2022, urging vendors and end-users to adopt security measures. Recommendations include implementing secure software development practices and timely patch management to mitigate risks associated with routinely exploited vulnerabilities. ### Meeting Takeaways #### … Read more
October 24, 2024 at 10:04AM On day two of Pwn2Own Ireland 2024, white hat hackers exposed 51 zero-day vulnerabilities, winning $358,625. The Viettel Cyber Security team led the competition, with participants like Pham Tuan Son and Ken Gannon achieving significant points and payouts. Overall, 103 vulnerabilities have been exploited, totaling $847,875 in prizes. **Meeting Takeaways … Read more