Vulnerabilities ESET Patches Privilege Escalation Vulnerabilities in Windows, macOS Products ESET has released patches for two local privilege escalation vulnerabilities in security products for Windows and macOS. Ionut ArghireSeptember 23, 2024
Vulnerabilities Versa Networks Patches Vulnerability Exposing Authentication Tokens Versa Networks has released patches for a Versa Director vulnerability for which proof-of-concept (PoC) code exists. Ionut ArghireSeptember 23, 2024
Vulnerabilities Ivanti Warns of Second CSA Vulnerability Exploited in Attacks In addition to the Ivanti CSA flaw CVE-2024-8190, another vulnerability affecting the same product, tracked as CVE-2024-8963, has been exploited. Eduard KovacsSeptember 20, 2024
Vulnerabilities Atlassian Patches Vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd Atlassian’s September 2024 monthly security bulletin details multiple high-severity vulnerabilities in four products. Ionut ArghireSeptember 19, 2024
Vulnerabilities GitLab Patches Critical Authentication Bypass Vulnerability GitLab has patched a critical-severity SAML authentication bypass affecting both Community Edition (CE) and Enterprise Edition (EE) instances. Ionut ArghireSeptember 19, 2024
Government CISA, FBI Urge Organizations to Eliminate XSS Vulnerabilities CISA and the FBI have released an alert on XSS vulnerabilities, urging organizations to adopt a secure by design approach and eliminate them. Ionut ArghireSeptember 18, 2024
Vulnerabilities Chrome 129 Patches High-Severity Vulnerability in V8 Engine Google has released Chrome 129 with patches for nine vulnerabilities, including a high-severity bug in the V8 engine. Ionut ArghireSeptember 18, 2024
Vulnerabilities VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest VMware warned that an attacker with network access could send a specially crafted packet to execute remote code. CVSS severity score 9.8/10. Ryan NaraineSeptember 17, 2024
Vulnerabilities D-Link Patches Critical Router Vulnerabilities D-Link has released patches for critical vulnerabilities that could allow attackers to execute arbitrary code and commands on routers. Ionut ArghireSeptember 17, 2024
Vulnerabilities Recent WhatsUp Gold Vulnerabilities Possibly Exploited in Ransomware Attacks Two recently patched Progress Software WhatsUp Gold vulnerabilities may have been exploited in the wild, possibly in ransomware attacks. Eduard KovacsSeptember 17, 2024
Vulnerabilities Apple Patches Major Security Flaws With iOS 18 Refresh Apple warns that attackers can use Siri to access sensitive user data, control nearby devices, or view recent photos without authentication. Ryan NaraineSeptember 16, 2024
Vulnerabilities Microsoft Says Recent Windows Vulnerability Exploited as Zero-Day Microsoft warns that a recently patched Windows vulnerability was exploited in the wild as a zero-day prior to July 2024. Ionut ArghireSeptember 16, 2024