Critical Deadline: Update Old .NET Domains Before January 7, 2025 to Avoid Service Disruption Microsoft has announced that it’s making an “unexpected change” to the way .NET installers and archives are distributed, requiring developers to update their production and DevOps infrastructure. “We expect that most users will not be directly Read more…
Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately Palo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible devices. The flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), impacts PAN-OS versions 10.X and 11.X, as well as Prisma Read more…
Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. Read more…
Windows Update takeover lets an attacker revive a patched flaw Microsoft typically operates under the assumption that if an attacker has administrative privileges, gaining kernel-level code execution doesn’t cross a defined security boundary and therefore they don’t consider it a critical vulnerability needing immediate remediation. In an Oct. 26 blog Read more…
VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability Oct 22, 2024Ravie LakshmananVulnerability / Enterprise Security VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), concerns Read more…
Firefox Zero-Day Under Attack: Update Your Browser Immediately Oct 10, 2024Ravie LakshmananVulnerability / Browser Security Mozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free Read more…
Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild Oct 09, 2024Ravie LakshmananVulnerability / Zero-Day Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, Read more…
Cybercriminals Exploit CrowdStrike Update Mishap to Distribute Remcos RAT Malware Jul 20, 2024NewsroomMalware / IT Outage Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Read more…
Update Chrome Browser Now: 4th Zero-Day Exploit Discovered in May 2024 Google on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild. Assigned the CVE identifier CVE-2024-5274, the vulnerability relates to a type confusion bug in the V8 Read more…
Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the wild. Tracked as CVE-2024-4671, the high-severity vulnerability has been described as a case of use-after-free in the Visuals component. It was Read more…