15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130)

Researchers have found 15 vulnerabilities in QNAP’s network attached storage (NAS) devices, and have released a proof-of-concept for one: an unauthenticated stack overflow vulnerability (CVE-2024-27130) that may be leveraged for remote code execu… Continue reading 15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130)

Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002)

New versions of Git are out, with fixes for five vulnerabilities, the most critical (CVE-2024-32002) of which can be used by attackers to remotely execute code during a “clone” operation. About Git Git is a widely-popular distributed versio… Continue reading Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002)

Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947)

For the third time in the last seven days, Google has fixed a Chrome zero-day vulnerability (CVE-2024-4947) for which an exploit exists in the wild. About CVE-2024-4947 CVE-2024-4947 is a type confusion vulnerability in V8, Chrome‚Äôs JavaScript and WebA… Continue reading Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947)

May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040)

For May 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-30051, CVE-2024-30040) actively exploited by attackers. CVE-2024-30051 and CVE-2024-30040 CVE-2024-30051 is a heap-based buf… Continue reading May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040)

Apple backports iOS zero-day patch, adds Bluetooth tracker alert

Apple has backported the patch for CVE-2024-23296 to the iOS 16 branch and has fixed a bug (CVE-2024-27852) in MarketplaceKit that may allow maliciously crafted webpages to distribute a script that tracks iOS users on other webpages. The company has al… Continue reading Apple backports iOS zero-day patch, adds Bluetooth tracker alert

May 2024 Patch Tuesday forecast: A reminder of recent threats and impact

The thunderstorms of April patches have passed, and it has been pretty calm leading up to May 2024 Patch Tuesday. April 2024 Patch Tuesday turned out to be a busy one with 150 new CVEs addressed by Microsoft. There were 91 CVEs fixed in Windows 10, 69 … Continue reading May 2024 Patch Tuesday forecast: A reminder of recent threats and impact

Veeam fixes RCE flaw in backup management platform (CVE-2024-29212)

Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Service Provider Console (VSPC) and is urging customers to implement the patch. About CVE-2024-29212 Veeam Service Provider Console is a cloud platform used by managed services p… Continue reading Veeam fixes RCE flaw in backup management platform (CVE-2024-29212)

Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)

A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances (ASA) used on government networks across the globe and use two zero-day vulnerabilities (CVE-2024-20353, CVE-2024-20359) to install backdoors on them, Cisco Tal… Continue reading Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be possible by disabling the devices’ telemetry, it has now been confirmed that this mitigation is ineffectual. “Device teleme… Continue reading Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988)

On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro&#821… Continue reading Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988)