Tag: patches
-
The Register: Google’s AI bug hunters sniff out two dozen-plus code gremlins that humans missed
Source URL: https://www.theregister.com/2024/11/20/google_ossfuzz/ Source: The Register Title: Google’s AI bug hunters sniff out two dozen-plus code gremlins that humans missed Feedly Summary: OSS-Fuzz is making a strong argument for LLMs in security research Google’s OSS-Fuzz project, which uses large language models (LLMs) to help find bugs in code repositories, has now helped identify 26 vulnerabilities,…
-
The Register: Palo Alto Networks tackles firewall-busting zero-days with critical patches
Source URL: https://www.theregister.com/2024/11/19/palo_alto_networks_patches/ Source: The Register Title: Palo Alto Networks tackles firewall-busting zero-days with critical patches Feedly Summary: Amazing that these two bugs got into a production appliance, say researchers Palo Alto Networks (PAN) finally released a CVE identifier and patch for the zero-day exploit that caused such a fuss last week.… AI Summary and…
-
The Register: Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble
Source URL: https://www.theregister.com/2024/11/18/vmware_vcenter_rce_exploited/ Source: The Register Title: Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble Feedly Summary: If you didn’t fix this a month ago, your to-do list probably needs a reshuffle Two VMware vCenter server bugs, including a critical heap-overflow vulnerability that leads to remote code execution (RCE), have been exploited in…
-
Schneier on Security: Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days
Source URL: https://www.schneier.com/blog/archives/2024/11/most-of-2023s-top-exploited-vulnerabilities-were-zero-days.html Source: Schneier on Security Title: Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days Feedly Summary: Zero-day vulnerabilities are more commonly used, according to the Five Eyes: Key Findings In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority…
-
Hacker News: A new vulnerability on IPv6 parsing in linux
Source URL: https://nvd.nist.gov/vuln/detail/CVE-2024-50252 Source: Hacker News Title: A new vulnerability on IPv6 parsing in linux Feedly Summary: Comments AI Summary and Description: Yes Summary: The text details a recently resolved memory leak vulnerability (CVE-2024-50252) in the Linux kernel associated with the `mlxsw` driver when handling remote IPv6 addresses. This vulnerability presents significant implications for IT…
-
The Register: Microsoft Exchange update fixes security flaws, breaks other stuff
Source URL: https://www.theregister.com/2024/11/15/microsoft_exchange_buggy_patch/ Source: The Register Title: Microsoft Exchange update fixes security flaws, breaks other stuff Feedly Summary: Flawed patch stops on-premises, hybrid server transport rules in their tracks for some Microsoft is pausing the rollout of an Exchange security update after it became clear that the patch could break transport rules for some customers.……
-
The Register: Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost
Source URL: https://www.theregister.com/2024/11/14/fortinet_vpn_authentication_bypass_bug/ Source: The Register Title: Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost Feedly Summary: Plus a bonus hard-coded local API key A now-patched, high-severity bug in Fortinet’s FortiClient VPN application potentially allows a low-privilege rogue user or malware on a vulnerable Windows system to gain higher…