2024 - Cyber Security Informer

Microsoft Patch Tuesday, July 2024 Edition

Krebs on Security

JULY 9, 2024

The first Microsoft zero-day this month is CVE-2024-38080 , a bug in the Windows Hyper-V component that affects Windows 11 and Windows Server 2022 systems. CVE-2024-38080 allows an attacker to increase their account privileges on a Windows machine. “This requires close access to a target,” Kikta said.

Internet

Internet Internet Engineering Software

Ransomware Remains a ‘Brutal’ Threat in 2024

Lohrman on Security

JULY 21, 2024

Several recently released cyber industry reports show steady or growing ransomware numbers in 2024 so far, and impacts on business and government have never been greater.

Ransomware

Ransomware Government

Patch Tuesday, May 2024 Edition

Krebs on Security

MAY 14, 2024

CVE-2024-30051 is an “elevation of privilege” bug in a core Windows library. ” CVE-2024-30040 is a security feature bypass in MSHTML , a component that is deeply tied to the default Web browser on Windows systems. . First, the zero-days.

Social Engineering

Social Engineering Backups Malware Banking

Patch Tuesday, June 2024 “Recall” Edition

Krebs on Security

JUNE 11, 2024

CVE-2024-30080 is a flaw in the Microsoft Message Queuing (MSMQ) service that can allow attackers to execute code of their choosing. CVE-2024-30080 has been assigned a CVSS vulnerability score of 9.8 (10 CVE-2024-30078 is a remote code execution weakness in the Windows WiFi Driver , which also has a CVSS score of 9.8.

Internet

Internet Internet Software Malware

Cybersecurity Predictions for 2024

elections, and an increased focus on AI, and you have the perfect recipe for a knotty and turbulent 2024. Add to that hacktivism due to global conflicts and U.S. We’ve recently looked back at what happened within cybersecurity in 2023.

Cybersecurity

The Top 24 Security Predictions for 2024 (Part 1)

Lohrman on Security

DECEMBER 17, 2023

Where next for cyber in 2024? Here’s your annual roundup of cybersecurity forecasts, top cyber trends and cybersecurity industry prediction reports as we head into calendar year 2024.

Cybersecurity

CVE-2024-40767: OpenStack Nova Vulnerability Exposes Cloud Servers to Data Theft Risk

Penetration Testing

JULY 25, 2024

A critical vulnerability (CVE-2024-40767) has been discovered in OpenStack Nova, the open-source cloud computing platform’s core component for managing virtual servers.

Risk

Risk Cybersecurity

CVE-2024-40725 & CVE-2024-40898: Apache HTTP Server Flaws Put Millions of Websites at Risk

Penetration Testing

JULY 17, 2024

The Apache Software Foundation has issued a security advisory regarding two critical vulnerabilities, CVE-2024-40725 and CVE-2024-40898, affecting Apache HTTP Server versions 2.4.0 through 2.4.61.

Risk

Risk Software Cybersecurity

CVE-2024-39700 (CVSS 9.9): Severe Flaw in JupyterLab Template Discovered

Penetration Testing

JULY 24, 2024

A critical vulnerability, designated CVE-2024-39700, has been discovered in the widely-used JupyterLab extension template. ... The post CVE-2024-39700 (CVSS 9.9): Severe Flaw in JupyterLab Template Discovered appeared first on Cybersecurity News.

Data breaches

Data breaches Cybersecurity

Active Exploits Targeting Apache HugeGraph Flaw (CVE-2024-27348): PoC Code Released

Penetration Testing

JULY 16, 2024

A remote code execution (RCE) vulnerability, tracked as CVE-2024-27348, is currently under active exploitation in the wild, targeting Apache HugeGraph-Server deployments.

Cybersecurity

CVE-2024-40628 & CVE-2024-40629: Two Maximum Severity Flaws in JumpServer

Penetration Testing

JULY 21, 2024

The vulnerabilities, identified as CVE-2024-40628 and... The post CVE-2024-40628 & CVE-2024-40629: Two Maximum Severity Flaws in JumpServer appeared first on Cybersecurity News.

Cybersecurity

CVE-2024-29201 & CVE-2024-29202 Flaws Expose JumpServer Users to RCE Attacks

Penetration Testing

APRIL 1, 2024

JumpServer, a popular open-source bastion host system, has recently been found to contain two critical vulnerabilities (CVE-2024-29201 and CVE-2024-29202) that could allow attackers to execute arbitrary code remotely.

Penetration Testing

Penetration Testing Risk

VuFind Libraries Face Critical Vulnerabilities – CVE-2024-25737 & CVE-2024-25738

Penetration Testing

MAY 26, 2024

The flaws, identified as CVE-2024-25737 and... The post VuFind Libraries Face Critical Vulnerabilities – CVE-2024-25737 & CVE-2024-25738 appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Risk

CVE-2024-25065 & CVE-2024-23946: Critical Vulnerabilities Exposed in Apache OFBiz

Penetration Testing

FEBRUARY 28, 2024

Two critical vulnerabilities (CVE-2024-25065, CVE-2024-23946) have been discovered that put a wide range of businesses at risk. Decoding the Vulnerabilities... The post CVE-2024-25065 & CVE-2024-23946: Critical Vulnerabilities Exposed in Apache OFBiz appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Risk

CVE-2024-36138: High-Severity Vulnerability in Node.js Allows Code Execution on Windows

Penetration Testing

JULY 8, 2024

The most severe vulnerability, CVE-2024-36138, is... The post CVE-2024-36138: High-Severity Vulnerability in Node.js Project has released a security update to address multiple vulnerabilities, including a high-severity flaw that could allow attackers to bypass security measures and execute arbitrary code.

Cybersecurity

CVE-2024-40075: XXE Vulnerability Found in Laravel v11.x

Penetration Testing

JULY 23, 2024

This vulnerability, designated as CVE-2024-40075, is an XML External Entity (XXE) flaw that... The post CVE-2024-40075: XXE Vulnerability Found in Laravel v11.x A significant vulnerability has been identified in Laravel v11.x, x, the popular PHP web framework renowned for building modern, elegant web applications.

Cybersecurity

Cisco Confirms Critical OpenSSH regreSSHion (CVE-2024-6387) Flaw in Multiple Products

Penetration Testing

JULY 7, 2024

Cisco has issued a critical security advisory, warning users of a high-severity vulnerability (CVE-2024-6387) codenamed “regreSSHion” that affects the OpenSSH server component in various Cisco products and cloud services.

Cybersecurity

CVE-2024-4367 & CVE-2024-34342: JavaScript Flaws Threaten Millions of PDF.js and React-PDF Users

Penetration Testing

MAY 7, 2024

This vulnerability, which allows for... The post CVE-2024-4367 & CVE-2024-34342: JavaScript Flaws Threaten Millions of PDF.js and React-PDF Users appeared first on Penetration Testing.

Penetration Testing

CVE-2024-29745 & CVE-2024-29748: Critical Google Pixel Flaws Exploited – Update Immediately

Penetration Testing

APRIL 3, 2024

Google has revealed in their April 2024 Pixel Update Bulletin that several serious security flaws could be putting your Pixel device at risk.

Penetration Testing

Penetration Testing Risk

CVE-2024-37726: MSI Center Flaw Exposes Windows Systems to Privilege Escalation Attacks

Penetration Testing

JULY 3, 2024

Tracked as CVE-2024-37726, this vulnerability affects all versions of MSI Center up to... The post CVE-2024-37726: MSI Center Flaw Exposes Windows Systems to Privilege Escalation Attacks appeared first on Cybersecurity News.

Cybersecurity

CVE-2024-5671 (CVSS 9.8) Exposes Trellix Intrusion Prevention System to Remote Attacks

Penetration Testing

JUNE 18, 2024

The flaws, tracked as CVE-2024-5671 and CVE-2024-5731, leave unprotected systems vulnerable to remote code... The post CVE-2024-5671 (CVSS 9.8) Trellix, a prominent cybersecurity provider, has issued urgent patches for two critical vulnerabilities discovered in its Intrusion Prevention System (IPS).

Cybersecurity

The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409

Trend Micro

JULY 16, 2024

We check the OpenSSH vulnerabilities CVE-2024–6387 and CVE-2024-6409, examining their potential real-world impact and the possibility of exploitation for CVE-2024–6387 in x64 systems.

Cyber threats

Bitwarden vs KeePass (2024): Battle of the Best – Who Wins?

Tech Republic Security

JULY 3, 2024

Dive into our 2024 analysis and make the best decision for your security needs! Bitwarden vs KeePass: Who comes out on top?

Password Management

Password Management Passwords

PoC Exploit Published for Windows Kernel Elevation of Privilege Vulnerability (CVE-2024-30088)

Penetration Testing

JUNE 25, 2024

A security researcher has published a proof-of-concept (PoC) exploit code targeting a recent high-severity vulnerability (CVE-2024-30088) in Microsoft Windows. This critical flaw holds a risk severity score of 7.0

Risk

Risk Cybersecurity

CVE-2024-22860 & CVE-2024-22862: Critical FFmpeg Remote Code Execution Flaws

Penetration Testing

JANUARY 29, 2024

Discovered through Google’s OSS-Fuzz service, three security vulnerabilities have been identified in its systems, two of which... The post CVE-2024-22860 & CVE-2024-22862: Critical FFmpeg Remote Code Execution Flaws appeared first on Penetration Testing.

Penetration Testing

Docker Users Beware: CVE-2024-41110 (CVSS 10) Could Lead to System Takeover

Penetration Testing

JULY 23, 2024

This vulnerability, identified as CVE-2024-41110, has a CVSS score of 10, indicating a critical severity. The issue allows... The post Docker Users Beware: CVE-2024-41110 (CVSS 10) Could Lead to System Takeover appeared first on Cybersecurity News.

Engineering

Engineering Cybersecurity

Patch Tuesday Update – June 2024

Security Boulevard

JUNE 11, 2024

The post Patch Tuesday Update - June 2024 appeared first on Digital Defense. The post Patch Tuesday Update – June 2024 appeared first on Security Boulevard.

Critical Security Advisory for Apache CloudStack: CVE-2024-38346 and CVE-2024-39864

Penetration Testing

JULY 8, 2024

The Apache Software Foundation has issued an urgent security advisory, disclosing two critical vulnerabilities (CVE-2024-38346 and CVE-2024-39864) affecting the widely used open-source cloud computing platform, Apache CloudStack.

Software

Software Risk Cybersecurity

D-Link Routers Exposed: Critical Backdoor Vulnerability Discovered (CVE-2024-6045)

Penetration Testing

JUNE 16, 2024

Taiwan’s CERT (Computer Emergency Response Team) has issued a critical security advisory regarding a high-severity vulnerability (CVE-2024-6045) affecting numerous models of D-Link wireless routers.

Wireless

Wireless Cybersecurity

CVE-2024-6387: Critical OpenSSH Unauthenticated RCE Flaw ‘regreSSHion’ Exposes Millions of Linux Systems

Penetration Testing

JULY 1, 2024

The vulnerability, identified as CVE-2024-6387, affects OpenSSH’s server (sshd)... The post CVE-2024-6387: Critical OpenSSH Unauthenticated RCE Flaw ‘regreSSHion’ Exposes Millions of Linux Systems appeared first on Cybersecurity News.

Cybersecurity

AWS Security Update: CVE-2024-30164 and CVE-2024-30165 Flaws Found in Client VPN

Penetration Testing

JULY 21, 2024

These flaws, identified as CVE-2024-30164 and CVE-2024-30165, could potentially allow malicious actors with access to a... The post AWS Security Update: CVE-2024-30164 and CVE-2024-30165 Flaws Found in Client VPN appeared first on Cybersecurity News.

VPN

VPN Cybersecurity

Avaya IP Office Users Urged to Patch Critical Flaws (CVE-2024-4196 & CVE-2024-4197)

Penetration Testing

JUNE 27, 2024

Two newly discovered vulnerabilities, CVE-2024-4196 and CVE-2024-4197, have been identified and could potentially allow remote attackers... The post Avaya IP Office Users Urged to Patch Critical Flaws (CVE-2024-4196 & CVE-2024-4197) appeared first on Cybersecurity News.

Cybersecurity

CVE-2024-26229: Windows Elevation of Privilege Flaw Weaponized, PoC Exploit on GitHub

Penetration Testing

JUNE 14, 2024

Security researchers are raising the alarm as proof-of-concept (PoC) exploit code targeting a recently patched high-severity vulnerability (CVE-2024-26229) in Microsoft Windows has surfaced on GitHub.

Cybersecurity

VMware vCenter Server RCE (CVE-2024-22274): PoC Exposes Systems to Remote Takeover

Penetration Testing

JULY 8, 2024

A proof-of-concept (PoC) exploit has been released, targeting a recently patched high-severity vulnerability (CVE-2024-22274) in the VMware vCenter Server. With a CVSS score of 7.2,

Cybersecurity

CVE-2024-20360: Cisco FMC Vulnerability Grants Hackers Root Access

Penetration Testing

MAY 23, 2024

This flaw, identified as CVE-2024-20360, carries a CVSS score of 8.8,... The post CVE-2024-20360: Cisco FMC Vulnerability Grants Hackers Root Access appeared first on Penetration Testing.

Penetration Testing

Penetration Testing Software

CVE-2024-28397: js2py Vulnerability Exposes Millions of Python Users to RCE

Penetration Testing

JUNE 21, 2024

The flaw, designated CVE-2024-28397 and... The post CVE-2024-28397: js2py Vulnerability Exposes Millions of Python Users to RCE appeared first on Cybersecurity News.

Cybersecurity

CVE-2024-34331: Parallels Desktop Vulnerability Gives Root to Hackers, PoC Published

Penetration Testing

JUNE 4, 2024

Security researcher Mykola Grymalyuk published the technical details and a proof-of-concept (PoC) exploit code for a vulnerability (CVE-2024-34331) in Parallels Desktop for Mac, a popular virtualization software.

Penetration Testing

Penetration Testing Software

CVE-2024-5148: GNOME Remote Desktop Vulnerability Exposes Sensitive Information

Penetration Testing

MAY 24, 2024

Security researcher Matthias Gerstner has discovered a critical vulnerability (CVE-2024-5148) in GNOME Remote Desktop versions 46.0 gnome-remote-desktop offers remote access... The post CVE-2024-5148: GNOME Remote Desktop Vulnerability Exposes Sensitive Information appeared first on Penetration Testing.

Penetration Testing

CVE-2024-33006: Critical SAP Vulnerability Exposes Systems to Complete Takeover

Penetration Testing

MAY 14, 2024

German enterprise software giant SAP has announced the release of 14 new security notes and three updates to previously released notes as part of its May 2024 Security Patch Day.

Penetration Testing

Penetration Testing Software

Git Patches Critical RCE Vulnerabilities – CVE-2024-32002 & CVE-2024-32004

Penetration Testing

MAY 15, 2024

The Git project, a cornerstone of software development, has recently addressed a series of critical security vulnerabilities that could expose users to remote code execution (CVE-2024-32002, CVE-2024-32004) and unauthorized data manipulation.

Penetration Testing

Penetration Testing Software

Critical Security Vulnerability CVE-2024-3912 (CVSS 9.8) Hits ASUS Routers

Penetration Testing

JUNE 16, 2024

Taiwan’s CERT has issued a critical security alert regarding a severe vulnerability (CVE-2024-3912) found in multiple ASUS router models. The flaw, discovered by security researcher Carlos Köpke, allows remote attackers to execute commands on... The post Critical Security Vulnerability CVE-2024-3912 (CVSS 9.8)

Cybersecurity

Cybersecurity Firmware

PoC Exploit Published for Chrome 0-day CVE-2024-4947 Vulnerability

Penetration Testing

MAY 19, 2024

A proof-of-concept (PoC) exploit code for a recently patched zero-day CVE-2024-4947 vulnerability in Google Chrome has surfaced, making it crucial for users to immediately update their browsers to the latest versions.

Penetration Testing

CVE-2024-23225 & CVE-2024-23296: Apple Patches Actively Exploited 0-Day Flaws

Penetration Testing

MARCH 5, 2024

Apple recently pushed out emergency patches to fix two zero-day vulnerabilities (CVE-2024-23225 and CVE-2024-23296) that are already under attack. Hackers were actively using these... The post CVE-2024-23225 & CVE-2024-23296: Apple Patches Actively Exploited 0-Day Flaws appeared first on Penetration Testing.

Penetration Testing

Ransomware and Cyber Extortion in Q2 2024

Digital Shadows

JULY 15, 2024

ReliaQuest identified a 20% rise in ransomware-affected organizations in Q2 2024. Despite disruptions, new groups are increasing activity.

Ransomware

Microsoft Patch Tuesday, July 2024 Edition

Ransomware Remains a ‘Brutal’ Threat in 2024

Trending Sources

Patch Tuesday, May 2024 Edition

Patch Tuesday, June 2024 “Recall” Edition

Cybersecurity Predictions for 2024

The Top 24 Security Predictions for 2024 (Part 1)

CVE-2024-40767: OpenStack Nova Vulnerability Exposes Cloud Servers to Data Theft Risk

CVE-2024-40725 & CVE-2024-40898: Apache HTTP Server Flaws Put Millions of Websites at Risk

CVE-2024-39700 (CVSS 9.9): Severe Flaw in JupyterLab Template Discovered

Active Exploits Targeting Apache HugeGraph Flaw (CVE-2024-27348): PoC Code Released

CVE-2024-40628 & CVE-2024-40629: Two Maximum Severity Flaws in JumpServer

CVE-2024-29201 & CVE-2024-29202 Flaws Expose JumpServer Users to RCE Attacks

VuFind Libraries Face Critical Vulnerabilities – CVE-2024-25737 & CVE-2024-25738

CVE-2024-25065 & CVE-2024-23946: Critical Vulnerabilities Exposed in Apache OFBiz

CVE-2024-36138: High-Severity Vulnerability in Node.js Allows Code Execution on Windows

CVE-2024-40075: XXE Vulnerability Found in Laravel v11.x

Cisco Confirms Critical OpenSSH regreSSHion (CVE-2024-6387) Flaw in Multiple Products

CVE-2024-4367 & CVE-2024-34342: JavaScript Flaws Threaten Millions of PDF.js and React-PDF Users

CVE-2024-29745 & CVE-2024-29748: Critical Google Pixel Flaws Exploited – Update Immediately

CVE-2024-37726: MSI Center Flaw Exposes Windows Systems to Privilege Escalation Attacks

CVE-2024-5671 (CVSS 9.8) Exposes Trellix Intrusion Prevention System to Remote Attacks

The Potential Impact of the OpenSSH Vulnerabilities CVE-2024–6387 and CVE-2024-6409

Bitwarden vs KeePass (2024): Battle of the Best – Who Wins?

PoC Exploit Published for Windows Kernel Elevation of Privilege Vulnerability (CVE-2024-30088)

CVE-2024-22860 & CVE-2024-22862: Critical FFmpeg Remote Code Execution Flaws

Docker Users Beware: CVE-2024-41110 (CVSS 10) Could Lead to System Takeover

Patch Tuesday Update – June 2024

Critical Security Advisory for Apache CloudStack: CVE-2024-38346 and CVE-2024-39864

D-Link Routers Exposed: Critical Backdoor Vulnerability Discovered (CVE-2024-6045)

CVE-2024-6387: Critical OpenSSH Unauthenticated RCE Flaw ‘regreSSHion’ Exposes Millions of Linux Systems

AWS Security Update: CVE-2024-30164 and CVE-2024-30165 Flaws Found in Client VPN

Avaya IP Office Users Urged to Patch Critical Flaws (CVE-2024-4196 & CVE-2024-4197)

CVE-2024-26229: Windows Elevation of Privilege Flaw Weaponized, PoC Exploit on GitHub

VMware vCenter Server RCE (CVE-2024-22274): PoC Exposes Systems to Remote Takeover

CVE-2024-20360: Cisco FMC Vulnerability Grants Hackers Root Access

CVE-2024-28397: js2py Vulnerability Exposes Millions of Python Users to RCE

CVE-2024-34331: Parallels Desktop Vulnerability Gives Root to Hackers, PoC Published

CVE-2024-5148: GNOME Remote Desktop Vulnerability Exposes Sensitive Information

CVE-2024-33006: Critical SAP Vulnerability Exposes Systems to Complete Takeover

Git Patches Critical RCE Vulnerabilities – CVE-2024-32002 & CVE-2024-32004

Critical Security Vulnerability CVE-2024-3912 (CVSS 9.8) Hits ASUS Routers

PoC Exploit Published for Chrome 0-day CVE-2024-4947 Vulnerability

CVE-2024-23225 & CVE-2024-23296: Apple Patches Actively Exploited 0-Day Flaws

Ransomware and Cyber Extortion in Q2 2024

Stay Connected