Collaborate Disseminate
Zyxel has released patches for three critical vulnerabilities (CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974) affecting two network-attached storage (NAS) devices that have recently reached end-of-vulnerability-support. About the vulnerabilities T… Continue reading Zyxel patches critical flaws in EOL NAS devices
The thunderstorms of April patches have passed, and it has been pretty calm leading up to May 2024 Patch Tuesday. April 2024 Patch Tuesday turned out to be a busy one with 150 new CVEs addressed by Microsoft. There were 91 CVEs fixed in Windows 10, 69 … Continue reading May 2024 Patch Tuesday forecast: A reminder of recent threats and impact
On February 19, ConnectWise reported two vulnerabilities in its ScreenConnect product, CVE-2024-1708 and 1709. The first is an authentication bypass vulnerability, and the second is a path traversal vulnerability. Both made it possible for attackers to bypass authentication processes and execute remote code. While ConnectWise initially reported that the vulnerabilities had proof-of-concept but hadn’t been […]
The post Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709 appeared first on Security Intelligence.
Continue reading Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709
SaaS-based, AI-assisted penetration service allows proactive defensive action against exploitation of new vulnerabilities.
The post Horizon3.ai Introduces AI-Assisted Service to Prioritize and Patch Vulnerabilities Faster appeared first on SecurityWeek.
Continue reading Horizon3.ai Introduces AI-Assisted Service to Prioritize and Patch Vulnerabilities Faster
We’re almost at our third Patch Tuesday and wrapping up the first quarter 2024. Time flies by! Microsoft is starting to push users to update their operating systems as their active version is approaching end-of-support. The February 2024 Patch Tuesday … Continue reading March 2024 Patch Tuesday forecast: A popular framework updated
January 2024 Patch Tuesday is behind us. A relatively light release from Microsoft with 39 CVEs addressed in Windows 10, 35 in Windows 11, and surprisingly no zero-day vulnerabilities from Microsoft to start the new year. January’s release was a bit un… Continue reading February 2024 Patch Tuesday forecast: Zero days are back and a new server too
Over a year has passed since Sophos delivered patches for a vulnerability affecting Sophos Firewalls (CVE-2022-3236) that was being actively exploited by attackers, and now they have pushed additional ones to protect vulnerable EOL devices. “In D… Continue reading EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236)
The October forecast for large numbers of CVEs addressed in Windows 10 and 11 and the recent record on the number fixed in Windows Server 2012 was spot on! Microsoft addressed 75 CVEs in Windows 11, 80 in Windows 10, and 61 in Server 2012 R2. While Ser… Continue reading November 2023 Patch Tuesday forecast: Year 21 begins
F5 Networks has released hotfixes for three vulnerabilities affecting its BIG-IP multi-purpose networking devices/modules, including a critical authentication bypass vulnerability (CVE-2023-46747) that could lead to unauthenticated remote code executio… Continue reading F5 fixes critical BIG-IP vulnerability (CVE-2023-46747)
The Chrome zero-day exploited in the wild and patched by Google a few weeks ago has a new ID (CVE-2023-5129) and a description that tells the whole story: the vulnerability is not in Chrome, but the libwebp library, which is used by many popular applic… Continue reading Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)