Cloud Security Alliance News Clipping Site

Tag: Patch

  • The Register: Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/18/vmware_vcenter_rce_exploited/ Source: The Register Title: Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble Feedly Summary: If you didn’t fix this a month ago, your to-do list probably needs a reshuffle Two VMware vCenter server bugs, including a critical heap-overflow vulnerability that leads to remote code execution (RCE), have been exploited in…

  • Alerts: CISA Adds Three Known Exploited Vulnerabilities to Catalog

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/11/18/cisa-adds-three-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Three Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability CVE-2024-9474 Palo Alto Networks PAN-OS…

  • Schneier on Security: Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days

    by

    system automation
    in

    Source URL: https://www.schneier.com/blog/archives/2024/11/most-of-2023s-top-exploited-vulnerabilities-were-zero-days.html Source: Schneier on Security Title: Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days Feedly Summary: Zero-day vulnerabilities are more commonly used, according to the Five Eyes: Key Findings In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority…

  • Hacker News: Teen serial swatter-for-hire busted, pleads guilty, could face 20 years

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/18/teenage_serial_swatterforhire_busted/ Source: Hacker News Title: Teen serial swatter-for-hire busted, pleads guilty, could face 20 years Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses various significant incidents in cybersecurity, including a teenager convicted of swatting, critical vulnerabilities in software, an ongoing debate regarding protections for cybersecurity researchers in international law,…

  • Hacker News: Reverse Engineering iOS 18 Inactivity Reboot

    by

    system automation
    in

    Source URL: https://naehrdine.blogspot.com/2024/11/reverse-engineering-ios-18-inactivity.html Source: Hacker News Title: Reverse Engineering iOS 18 Inactivity Reboot Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the new inactivity reboot feature in iOS 18, which adds a significant layer of security by forcing a device reboot after three days of inactivity. This feature aims to protect…

  • Hacker News: A new vulnerability on IPv6 parsing in linux

    by

    system automation
    in

    Source URL: https://nvd.nist.gov/vuln/detail/CVE-2024-50252 Source: Hacker News Title: A new vulnerability on IPv6 parsing in linux Feedly Summary: Comments AI Summary and Description: Yes Summary: The text details a recently resolved memory leak vulnerability (CVE-2024-50252) in the Linux kernel associated with the `mlxsw` driver when handling remote IPv6 addresses. This vulnerability presents significant implications for IT…

  • The Register: Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/15/palo_alto_networks_firewall_zeroday/ Source: The Register Title: Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit Feedly Summary: Yank access to management interface, stat A critical zero-day vulnerability in Palo Alto Networks’ firewall management interface that can allow an unauthenticated attacker to remotely execute code is now officially under active exploitation.… AI Summary and…

  • The Register: Microsoft Exchange update fixes security flaws, breaks other stuff

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/15/microsoft_exchange_buggy_patch/ Source: The Register Title: Microsoft Exchange update fixes security flaws, breaks other stuff Feedly Summary: Flawed patch stops on-premises, hybrid server transport rules in their tracks for some Microsoft is pausing the rollout of an Exchange security update after it became clear that the patch could break transport rules for some customers.……

  • The Register: Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/14/fortinet_vpn_authentication_bypass_bug/ Source: The Register Title: Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost Feedly Summary: Plus a bonus hard-coded local API key A now-patched, high-severity bug in Fortinet’s FortiClient VPN application potentially allows a low-privilege rogue user or malware on a vulnerable Windows system to gain higher…

  • Alerts: CISA Releases Nineteen Industrial Control Systems Advisories

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/11/14/cisa-releases-nineteen-industrial-control-systems-advisories Source: Alerts Title: CISA Releases Nineteen Industrial Control Systems Advisories Feedly Summary: CISA released nineteen Industrial Control Systems (ICS) advisories on November 14, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-319-01 Siemens RUGGEDCOM CROSSBOW ICSA-24-319-02 Siemens SIPORT ICSA-24-319-03 Siemens OZW672 and OZW772 Web Server…