Collaborate Disseminate
A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw (CVE-2024-28987) in the company’s IT help desk solution has been pushed out… Continue reading Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)
A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents. The issue, reported via the GitHub Bug Bounty progr… Continue reading Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)
A new Chrome zero-day vulnerability (CVE-2024-7971) exploited by attackers in the wild has been fixed by Google. About CVE-2024-7971 CVE-2024-7971 is a high-severity vulnerability caused by a type confusion weakness in V8, the open-source JavaScript an… Continue reading New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971)
Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers. The attack – observed by Aqua Security researchers on a honeypot system – starts with the threat actors brute-forcing access c… Continue reading PostgreSQL databases under attack
American semiconductor manufacturer Microchip Technology Incorporated has had some of its business operations disrupted by a cyberattack. “As a result of the incident, certain of the Company’s manufacturing facilities are operating at less than n… Continue reading Microchip Technology manufacturing facilities impacted by cyberattack
CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ computers, Gen Digital researchers have revealed. About CVE-2024-38193 CVE-2024-… Continue reading 0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)
Vulnerabilities in popular Microsoft apps for macOS can be abused by attackers to record video and audio clips, take pictures, access and exfiltrate data and send emails, Cisco Talos researchers have discovered. Library injection vulnerabilities in Mic… Continue reading Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera
Fraudsters can add stolen payment cards to digital wallet apps and continue making online purchases even after victims’ report the card stolen and the bank blocks it, computer engineers with University of Massachusetts Amherst and Pennsylvania St… Continue reading Stolen, locked payment cards can be used with digital wallet apps
Microsoft is making multi-factor authentication (MFA) – “one of the most effective security measures available” – mandatory for all Azure sign-ins. Preparing for mandatory MFA for Azure The plan is for the shift to happen in two… Continue reading Mandatory MFA for Azure sign-ins is coming
Google Search ads that target users looking for Google’s own services lead them to spoofed sites and Microsoft and Apple tech support scams. The fake Google Search ads (Source: Malwarebytes) “In this particular scheme, all web resources use… Continue reading Tech support scammers impersonate Google via malicious search ads