security update

Fortinet releases patches for undisclosed critical FortiManager vulnerability

Don't miss, enterprise, Fortinet, Hot stuff, News, patch, security update /

Fortinet releases patches for undisclosed critical FortiManager vulnerability 2024-10-21 at 16:48 By Zeljka Zorz In the last couple of days, Fortinet has released critical security updates for FortiManager, to fix a critical vulnerability that is reportedly being exploited by Chinese threat actors. Security updates are trickling out The company, which is known for pushing out […]

React to this headline:

Loading spinner

Fortinet releases patches for undisclosed critical FortiManager vulnerability Read More »

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680)

CVE, Don't miss, ESET, Firefox, Hot stuff, News, security update, Tor, vulnerability /

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) 2024-10-10 at 15:31 By Zeljka Zorz Mozilla has pushed out an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) that is being exploited in the wild. About CVE-2024-9680 Reported by ESET malware researcher Damien Schaeffer, CVE-2024-9680 is a use-after-free vulnerability in

React to this headline:

Loading spinner

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) Read More »

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)

authentication, Don't miss, exploit, GitLab, Hot stuff, News, PoC, ProjectDiscovery, security update, Synactiv, vulnerability /

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) 2024-10-09 at 15:49 By Zeljka Zorz If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security researchers have published an analysis of CVE-2024-45409 and an exploit script that may help attackers gain

React to this headline:

Loading spinner

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) Read More »

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)

0-day, CVE, Don't miss, Hot stuff, Microsoft, NetSPI, News, Patch Tuesday, security update, Tenable, Trend Micro, vulnerability, Windows /

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) 2024-10-08 at 22:49 By Zeljka Zorz For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug affecting the Windows MSHTML Platform, and CVE-2024-43572, a remote code execution flaw in the Microsoft Management Console

React to this headline:

Loading spinner

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) Read More »

Windows Server 2025 gets hotpatching option, without reboots

data center, Don't miss, Hot stuff, Microsoft, News, patching, security update, Windows Server /

Windows Server 2025 gets hotpatching option, without reboots 2024-09-23 at 17:02 By Zeljka Zorz Organizations that plan to upgrade to Windows Server 2025 once it becomes generally available will be able to implement some security updates by hotpatching running processes. What is hotpatching? “Hotpatching has been around for years in Windows Server 2022 Azure Edition,

React to this headline:

Loading spinner

Windows Server 2025 gets hotpatching option, without reboots Read More »

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)

0-day, APT, Check Point, CVE, Don't miss, Hot stuff, Microsoft, News, security update, Trend Micro, vulnerability, Windows /

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) 2024-09-16 at 15:46 By Zeljka Zorz CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain relating to CVE-2024-38112, prior to July 2024,”

React to this headline:

Loading spinner

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461) Read More »

Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869)

Adobe, Adobe Reader, Check Point, Don't miss, Expmon, Hot stuff, News, PoC, security update, vulnerability /

Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869) 2024-09-12 at 15:16 By Zeljka Zorz Among the security updates released by Adobe on Tuesday are those for various versions of Adobe Acrobat and Reader, which fix two critical flaws that could lead to arbitrary code execution: CVE-2024-45112 and CVE-2024-41869. Nothing in the advisory

React to this headline:

Loading spinner

Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869) Read More »

Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261)

access point, consumer, Don't miss, firewall, Hot stuff, ISP, News, router, security update, SMBs, vulnerability, Zyxel /

Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261) 2024-09-03 at 16:01 By Zeljka Zorz Zyxel has patched a myriad of vulnerabilities in its various networking devices, including a critical one (CVE-2024-7261) that may allow unauthenticated attackers to execute OS commands on many Zyxel access points (APs) and security routers by

React to this headline:

Loading spinner

Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261) Read More »

SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766)

access control, CVE, Don't miss, firewall, Hot stuff, News, security update, SonicWall, vulnerability /

SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766) 2024-08-26 at 21:32 By Zeljka Zorz SonicWall has patched a critical vulnerability (CVE-2024-40766) in its next-gen firewalls that could allow remote attackers unauthorized access to resources and, in specific conditions, to crash the appliances. About CVE-2024-40766 CVE-2024-40766 is an improper access control vulnerability in the “SonicWall SonicOS

React to this headline:

Loading spinner

SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766) Read More »

Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)

CVE, Don't miss, enterprise, GitHub, Hot stuff, News, security update, software development, vulnerability /

Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) 2024-08-22 at 15:31 By Zeljka Zorz A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents. The issue, reported via the GitHub Bug Bounty program, has been addressed and administrators are

React to this headline:

Loading spinner

Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) Read More »

Microsoft fixes 6 zero-days under active attack

0-day, CVE, Don't miss, Hot stuff, Immersive Labs, Microsoft, Microsoft Edge, MS Office, News, Patch Tuesday, security update, Tenable, Trend Micro, Windows /

Microsoft fixes 6 zero-days under active attack 2024-08-13 at 23:16 By Zeljka Zorz August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly known. The zero-days under attack CVE-2024-38178 is a Scripting Engine Memory Corruption Vulnerability

React to this headline:

Loading spinner

Microsoft fixes 6 zero-days under active attack Read More »

August 2024 Patch Tuesday forecast: Looking for a calm August release

Adobe, apple, Expert analysis, Google, Microsoft, Mozilla, News, opinion, Patch Tuesday, predictions, security update /

August 2024 Patch Tuesday forecast: Looking for a calm August release 2024-08-09 at 13:01 By Help Net Security July ended up being more ‘exciting’ than many of us wanted; we’re supposed to be in the height of summer vacation season. First, we had a large set of updates on Patch Tuesday, then we had to

React to this headline:

Loading spinner

August 2024 Patch Tuesday forecast: Looking for a calm August release Read More »

Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008)

CVE, Don't miss, email security, Hot stuff, News, Roundcube, security update, SonarSource, vulnerability /

Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008) 2024-08-07 at 12:01 By Zeljka Zorz Two cross-site scripting vulnerabilities (CVE-2024-42009, CVE-2024-42008) affecting Roundcube could be exploited by attackers to steal users’ emails and contacts, email password, and send emails from their account. About the vulnerabilities Roundcube is an open-source webmail software solution popular with European

React to this headline:

Loading spinner

Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008) Read More »

Docker fixes critical auth bypass flaw, again (CVE-2024-41110)

containers, CVE, Docker, Don't miss, Hot stuff, News, security update, virtualization, vulnerability /

Docker fixes critical auth bypass flaw, again (CVE-2024-41110) 2024-07-25 at 15:01 By Zeljka Zorz A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, allowing them to perform unauthorized actions, including privilege escalation. About CVE-2024-41110 CVE-2024-41110 is a vulnerability that can be exploited remotely,

React to this headline:

Loading spinner

Docker fixes critical auth bypass flaw, again (CVE-2024-41110) Read More »

Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991)

CVE, data analytics, Don't miss, enterprise, Hot stuff, News, security update, SonicWall, Splunk, vulnerability /

Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991) 2024-07-18 at 18:01 By Zeljka Zorz A recently fixed vulnerability (CVE-2024-36991) affecting Splunk Enterprise on Windows “is more severe than it initially appeared,” according to SonicWall’s threat researchers. Several PoC exploits have been published, including one by IT consultant Mohamed Nabil Ali that performs bulk

React to this headline:

Loading spinner

Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991) Read More »

Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419)

Cisco, Don't miss, email security, Hot stuff, News, security update, vulnerability /

Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) 2024-07-18 at 12:16 By Zeljka Zorz Cisco has fixed two critical vulnerabilities that may allow attackers to overwrite files on its Secure Email Gateways (CVE-2024-20401) and change the password of any user on its Smart Software Manager On-Prem license servers (CVE-2024-20419). Neither

React to this headline:

Loading spinner

Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) Read More »

Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112)

0-day, Action1, Automox, CVE, Don't miss, Hot stuff, Microsoft, MS SQL Server, News, Patch Tuesday, security update, Trend Micro, virtualization, vulnerability, Windows /

Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112) 2024-07-09 at 22:31 By Zeljka Zorz For July 2024 Patch Tuesday, Microsoft has released security updates and patches that fix 142 CVEs, including two exploited zero-days (CVE-2024-38080, CVE-2024-38112) in Windows Hyper-V and Windows MSHTML Platform (respectively). Zero-days exploited in the wild (CVE-2024-38080, CVE-2024-38112) CVE-2024-38080 is a

React to this headline:

Loading spinner

Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112) Read More »

Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806)

Don't miss, enterprise, file-sharing, Hot stuff, MFT, News, PoC, Progress, security update, WatchTowr /

Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806) 2024-06-25 at 21:16 By Zeljka Zorz Progress Software has patched one critical (CVE-2024-5805) and one high-risk (CVE-2024-5806) vulnerability in MOVEit, its widely used managed file transfer (MFT) software product. According to WatchTowr Labs researchers, the company has been privately instructing users to implement the hotfixes before

React to this headline:

Loading spinner

Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806) Read More »

Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103)

Automox, CVE, Don't miss, Hot stuff, Microsoft, Morphisec, News, Outlook, Patch Tuesday, security update, Tenable, Trend Micro /

Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103) 2024-06-11 at 23:01 By Zeljka Zorz June 2024 Patch Tuesday is here and Microsoft has delivered fixes for a critical MSMQ flaw (CVE-2024-30080) and a RCE vulnerability in Microsoft Outlook (CVE-2024-30103). 49 CVE-numbered vulnerabilities have been fixed in total, none of which have been exploited in

React to this headline:

Loading spinner

Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103) Read More »

June 2024 Patch Tuesday forecast: Multiple announcements from Microsoft

Adobe, apple, cybersecurity, Don't miss, Hot stuff, Microsoft, Mozilla, News, opinion, Patch Tuesday, predictions, security update, Windows /

June 2024 Patch Tuesday forecast: Multiple announcements from Microsoft 2024-06-07 at 08:16 By Help Net Security May 2024 Patch Tuesday was unusual because we had security updates from Adobe, Apple, Google, Mozilla, and Microsoft on the same day. While individually from each vendor, the updates weren’t that large, managing them together was more challenging. On

React to this headline:

Loading spinner

June 2024 Patch Tuesday forecast: Multiple announcements from Microsoft Read More »

Scroll to Top