article thumbnail

Patch Tuesday, March 2024 Edition

Krebs on Security

Last week, Apple pushed out an urgent software update to its flagship iOS platform, warning that there were at least two zero-day exploits for vulnerabilities being used in the wild (CVE-2024-23225 and CVE-2024-23296). 4, 2024, Google published Secure by Design , which lays out the company’s perspective on memory safety risks.

article thumbnail

Fat Patch Tuesday, February 2024 Edition

Krebs on Security

Top of the heap on this Fat Patch Tuesday is CVE-2024-21412 , a “security feature bypass” in the way Windows handles Internet Shortcut Files that Microsoft says is being targeted in active exploits. Microsoft Corp. msi) that in turn unloads a remote access trojan (RAT) onto infected Windows systems.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Top 24 Security Predictions for 2024 (Part 1)

Lohrman on Security

Where next for cyber in 2024? Here’s your annual roundup of cybersecurity forecasts, top cyber trends and cybersecurity industry prediction reports as we head into calendar year 2024.

article thumbnail

The Top 24 Security Predictions for 2024 (Part 2)

Lohrman on Security

Where next for cyber in 2024? Here’s part two of your annual roundup of cybersecurity forecasts, top cyber trends and cybersecurity industry prediction reports as we head into calendar year 2024.

article thumbnail

CVE-2024-25065 & CVE-2024-23946: Critical Vulnerabilities Exposed in Apache OFBiz

Penetration Testing

Two critical vulnerabilities (CVE-2024-25065, CVE-2024-23946) have been discovered that put a wide range of businesses at risk. Decoding the Vulnerabilities... The post CVE-2024-25065 & CVE-2024-23946: Critical Vulnerabilities Exposed in Apache OFBiz appeared first on Penetration Testing.

article thumbnail

Firefox Patches Critical Zero-Day Vulnerabilities Exposed in Pwn2Own 2024

Penetration Testing

These flaws were skillfully exploited during the recent Pwn2Own Vancouver 2024 hacking contest. Zero-Day Dangers Zero-day vulnerabilities... The post Firefox Patches Critical Zero-Day Vulnerabilities Exposed in Pwn2Own 2024 appeared first on Penetration Testing.

article thumbnail

CVE-2024-22860 & CVE-2024-22862: Critical FFmpeg Remote Code Execution Flaws

Penetration Testing

Discovered through Google’s OSS-Fuzz service, three security vulnerabilities have been identified in its systems, two of which... The post CVE-2024-22860 & CVE-2024-22862: Critical FFmpeg Remote Code Execution Flaws appeared first on Penetration Testing.