Android patches several vulnerabilities in first security update of 2025

The bulletin identifies five critical remote code execution (RCE) vulnerabilities affecting the core components of Android’s system.

The post Android patches several vulnerabilities in first security update of 2025 appeared first on CyberScoop.

Continue reading Android patches several vulnerabilities in first security update of 2025

Industrial networking manufacturer Moxa reports ‘critical’ router bugs

Moxa says the flaws can be used to bypass user authentication, escalate privileges and gain root access to devices. 

The post Industrial networking manufacturer Moxa reports ‘critical’ router bugs appeared first on CyberScoop.

Continue reading Industrial networking manufacturer Moxa reports ‘critical’ router bugs

BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356)

BeyondTrust has fixed an unauthenticated command injection vulnerability (CVE-2024-12356) in its Privileged Remote Access (PRA) and Remote Support (RS) products that may allow remote code execution, and is urging organizations with on-premise installat… Continue reading BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356)

BadRAM: $10 hack unlocks AMD encrypted memory

Cybersecurity researchers have identified a vulnerability (CVE-2024-21944, aka BadRAM) affecting ADM processors that can be triggered by rogue memory modules to unlock the chips’ encrypted memory. The SPD chip can be modified using an off-the-she… Continue reading BadRAM: $10 hack unlocks AMD encrypted memory

Microsoft fixes exploited zero-day (CVE-2024-49138)

On December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of its products, including a zero-day (CVE-2024-49138) that’s been exploited by attackers in the wild to execute code with higher privileges. CVE-2024-49138 exploi… Continue reading Microsoft fixes exploited zero-day (CVE-2024-49138)

Attackers actively exploiting flaw(s) in Cleo file transfer software (CVE-2024-50623)

Attackers are exploiting a vulnerability (CVE-2024-50623) in file transfer software by Cleo – LexiCo, VLTransfer, and Harmony – to gain access to organizations’ systems, Huntress researchers warned on Monday. “We’ve discovered a… Continue reading Attackers actively exploiting flaw(s) in Cleo file transfer software (CVE-2024-50623)

Mitel MiCollab zero-day and PoC exploit unveiled

A zero-day vulnerability in the Mitel MiCollab enterprise collaboration suite can be exploited to read files containing sensitive data, watchTowr researcher Sonny Macdonald has disclosed, and followed up by releasing a proof-of-concept (PoC) exploit th… Continue reading Mitel MiCollab zero-day and PoC exploit unveiled