Tag: Exploitation

Source URL: https://www.theregister.com/2024/10/09/the_criminals_are_gaining_efficiencies/ Source: The Register Title: Asian crime gangs are growing – fast – thanks to AI and other tech Feedly Summary: UN report finds Telegram, cryptocurrency are tools of a growing ‘criminal service economy’ Organized crime syndicates across Asia are using AI, messaging platforms like Telegram, and cryptocurrency to help them expand, with…

The Register: Microsoft issues 117 patches – some for flaws already under attack

—

by

Source URL: https://www.theregister.com/2024/10/08/patch_tuesday_october_2024/ Source: The Register Title: Microsoft issues 117 patches – some for flaws already under attack Feedly Summary: Plus: SAP re-patches a failed patch for critical-rated flaw Patch Tuesday It’s the second Tuesday of the month, which means Patch Tuesday, bringing with it fixes for numerous flaws, bugs and vulnerabilities in major software.…

Krebs on Security: Patch Tuesday, October 2024 Edition

—

by

Source URL: https://krebsonsecurity.com/2024/10/patch-tuesday-october-2024-edition/ Source: Krebs on Security Title: Patch Tuesday, October 2024 Edition Feedly Summary: Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of products, and Apple…

The Register: Qualcomm urges device makers to push patches after ‘targeted’ exploitation

—

by

Source URL: https://www.theregister.com/2024/10/08/qualcomm_patch_spyware/ Source: The Register Title: Qualcomm urges device makers to push patches after ‘targeted’ exploitation Feedly Summary: Given Amnesty’s involvement, it’s a safe bet spyware is in play Qualcomm has issued 20 patches for its chipsets’ firmware, including one Digital Signal Processor (DSP) software flaw that has been exploited in the wild.… AI…

Cisco Talos Blog: Largest Patch Tuesday since July includes two exploited in the wild, three critical vulnerabilities

—

by

Source URL: https://blog.talosintelligence.com/microsoft-patch-tuesday-october-2024/ Source: Cisco Talos Blog Title: Largest Patch Tuesday since July includes two exploited in the wild, three critical vulnerabilities Feedly Summary: The two vulnerabilities that Microsoft reports have been actively exploited in the wild and are publicly known are both rated as only being of “moderate” severity. AI Summary and Description: Yes…

Alerts: CISA Adds Three Known Exploited Vulnerabilities to Catalog

—

by

Source URL: https://www.cisa.gov/news-events/alerts/2024/10/08/cisa-adds-three-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Three Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-43047 Qualcomm Multiple Chipsets Use-After-Free Vulnerability CVE-2024-43572 Microsoft Windows Management Console Remote Code Execution Vulnerability CVE-2024-43573 Microsoft Windows MSHTML Platform Spoofing Vulnerability…

Schneier on Security: Weird Zimbra Vulnerability

Oct 3, 2024

—

by

Source URL: https://www.schneier.com/blog/archives/2024/10/weird-zimbra-vulnerability.html Source: Schneier on Security Title: Weird Zimbra Vulnerability Feedly Summary: Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit. In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren’t likely…

The Register: Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing

Oct 2, 2024

—

by

Source URL: https://www.theregister.com/2024/10/02/cisa_optigo_switch_flaws/ Source: The Register Title: Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing Feedly Summary: Poor use of PHP include() strikes again Two trivial but critical security holes have been found in Optigo’s Spectra Aggregation Switch, and so far no patch is available.… AI Summary and Description:…

The Register: ‘Patch yesterday’: Zimbra mail servers under siege through RCE vuln

Oct 2, 2024

—

by