Cyber Security Informer

Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed

Schneier on Security

APRIL 5, 2024

It seems that the FCC might be fixing the vulnerabilities in SS7 and the Diameter protocol: On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers’ locations.

Surveillance

Surveillance Telecommunications

April’s Patch Tuesday Brings Record Number of Fixes

Krebs on Security

APRIL 9, 2024

Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month’s patch batch — a record 147 flaws in Windows and related software. Yes, you read that right. “As far as I can tell, it’s the largest Patch Tuesday release from Microsoft of all time.”

DNS

DNS Social Engineering Malware Media

Atlassian Flaws Fixes: Critical Bamboo Patch Mitigates Risk

Security Boulevard

APRIL 5, 2024

These Atlassian flaws fixes address vulnerabilities across several platforms, including Bamboo, Bitbucket, Confluence, and Jira. Let’s delve into the details of these fixes and understand their significance in protecting […] The post Atlassian Flaws Fixes: Critical Bamboo Patch Mitigates Risk appeared first on TuxCare.

Risk

Risk Software Cybersecurity

Google fixed critical Chrome vulnerability CVE-2024-4058

Security Affairs

APRIL 25, 2024

The IT giant also fixed a high-severity flaw tracked as CVE-2024-4059. Google also fixed another high-severity flaw tracked as CVE-2024-4060. This critical flaw was reported by Toan (suto) Pham and Bao (zx) Pham of Qrious Secure on 2024-04-02, the researchers have been awarded a $16,000 bounty.

Engineering

Engineering Hacking Information Security

Multiple Squid Vulnerabilities Fixed in Ubuntu

Security Boulevard

APRIL 24, 2024

Recent Squid Vulnerabilities Fixed […] The post Multiple Squid Vulnerabilities Fixed in Ubuntu appeared first on TuxCare. The post Multiple Squid Vulnerabilities Fixed in Ubuntu appeared first on Security Boulevard. Let’s delve into the specifics of these vulnerabilities and understand their implications.

Watch This? Patch This! LG Fixes Smart TV Vulns

Security Boulevard

APRIL 10, 2024

LG Fixes Smart TV Vulns appeared first on Security Boulevard. 4×CVE=RCE or Merely CE? Update your LG TV now, or let hackers root it. But is Bitdefender overhyping the issue? The post Watch This? Patch This!

Social Engineering

Social Engineering IoT Data privacy Engineering

Vendors are Fixing Security Flaws Faster

Schneier on Security

FEBRUARY 16, 2022

In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero. In 2021, only one bug exceeded its fix deadline, though 14% of bugs required the grace period. Google’s Project Zero is reporting that software vendors are patching their code faster.

Software

Microsoft pulls fix for Outlook bug behind ICS security alerts

Bleeping Computer

APRIL 23, 2024

Microsoft reversed the fix for an Outlook bug causing erroneous security warnings after installing December 2023 security updates [.]

Microsoft releases emergency fix for Windows Server crashes

Bleeping Computer

MARCH 22, 2024

Microsoft has released emergency out-of-band (OOB) updates to fix a known issue causing Windows domain controllers to crash after installing the March 2024 Windows Server security updates. [.]

Microsoft fixes two Windows zero-days exploited in malware attacks

Bleeping Computer

APRIL 9, 2024

Microsoft has fixed two actively exploited zero-day vulnerabilities during the April 2024 Patch Tuesday, although the company failed to initially tag them as such. [.]

Malware

Big Fix

Security Boulevard

MARCH 18, 2024

BigFix is a cybersecurity tool that offers endpoint management and security compliance solutions to identify, manage, and fix vulnerabilities across various devices. The post Big Fix appeared first on VERITI. The post Big Fix appeared first on Security Boulevard.

Cybersecurity

Microsoft fixes Windows Sysprep issue behind 0x80073cf2 errors

Bleeping Computer

APRIL 5, 2024

Microsoft has fixed a known issue causing 0x80073cf2 errors when using the System Preparation (Sysprep) tool after installing November Windows 10 updates. [.]

Google fixes Chrome zero-days exploited at Pwn2Own 2024

Bleeping Computer

MARCH 27, 2024

Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition. [.]

Hacking

Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own

Bleeping Computer

MARCH 22, 2024

Mozilla has released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited during the Pwn2Own Vancouver 2024 hacking competition. [.]

Hacking

No fix KrbRelay VMware style

Pen Test Partners

FEBRUARY 20, 2024

Unfortunately, VMware have decided not to fix the issue as they deem the enhanced authentication plugin as no longer supported, even though the vSphere 7 product line that uses the plugin remains supported until April 2025. It’s also frustrating that VMware took 126 days to essentially publish a no fix disclosure. Extension provided.

Authentication

Authentication Risk

Palo Alto Networks fixed multiple DoS bugs in its firewalls

Security Affairs

APRIL 11, 2024

Palo Alto Networks fixed several vulnerabilities in its PAN-OS operating system, including 3 issues that can trigger a DoS condition on its firewalls. Palo Alto Networks also fixed an improper Group Membership Change vulnerability in Cloud Identity Engine (CIE). ” reads the advisory.

Firewall

Firewall Software Engineering Authentication

How to Fix Outlook Email Errors?

Security Boulevard

APRIL 23, 2024

Reading Time: 5 min Struggling to fix your Outlook email errors? The post How to Fix Outlook Email Errors? This guide tackles common Outlook errors like sending issues, attachment problems, and connection errors. appeared first on Security Boulevard.

Cybersecurity

Telegram fixes Windows app zero-day used to launch Python scripts

Bleeping Computer

APRIL 12, 2024

Telegram fixed a zero-day vulnerability in its Windows desktop application that could be used to bypass security warnings and automatically launch Python scripts. [.]

Multiple Puma Vulnerabilities Fixed in Ubuntu

Security Boulevard

APRIL 4, 2024

In this article, we’ll explore the specifics […] The post Multiple Puma Vulnerabilities Fixed in Ubuntu appeared first on TuxCare. The post Multiple Puma Vulnerabilities Fixed in Ubuntu appeared first on Security Boulevard. Recently, the Ubuntu security team released updates to address Puma vulnerabilities in Ubuntu 22.04

Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks

Bleeping Computer

APRIL 3, 2024

IT security software company Ivanti has released patches to fix multiple security vulnerabilities impacting its Connect Secure and Policy Secure gateways. [.]

VPN

VPN Software

Fortinet fixed a critical remote code execution bug in FortiClientLinux

Security Affairs

APRIL 10, 2024

Fortinet fixed a dozen vulnerabilities in multiple products, including a critical-severity remote code execution (RCE) issue, tracked as CVE-2023-45590 (CVSS score of 9.4), in FortiClientLinux. Below are the impacted versions and the one released by the company to fix the issue. ” reads the advisory published by Fortinet.

Cyber threats

Cyber threats Hacking Information Security

Telegram fixes Windows app zero-day caused by file extension typo

Bleeping Computer

APRIL 12, 2024

Telegram fixed a zero-day vulnerability in its Windows desktop application that could be used to bypass security warnings and automatically launch Python scripts. [.]

Cisco fixes critical Expressway Series CSRF vulnerabilities

Security Affairs

FEBRUARY 8, 2024

CISCO fixed two critical flaws in Expressway Series collaboration gateways exposing vulnerable devices to cross-site request forgery (CSRF) attacks. The company urges customers to upgrade to an appropriate fixed software release : Cisco Expressway Series Release First Fixed Release Earlier than 14.0 Migrate to a fixed release.

Accountability

Accountability Software Hacking

FCC: Phone Network Bugs Must Be Fixed — But are SS7/Diameter Beyond Repair?

Security Boulevard

APRIL 5, 2024

The post FCC: Phone Network Bugs Must Be Fixed — But are SS7/Diameter Beyond Repair? Fast enough for government work: The Federal Communications Commission is finally minded to do something about decades-old vulnerabilities. appeared first on Security Boulevard.

Government

Government Digital transformation Social Engineering Telecommunications

Fix SPF Permerror: Overcome SPF Too Many DNS Lookups Limit

Security Boulevard

APRIL 26, 2024

Reading Time: 8 min Fixing SPF Permerror: Resolving authentication hiccups to enhance email deliverability and limiting too many DNS lookups The post Fix SPF Permerror: Overcome SPF Too Many DNS Lookups Limit appeared first on Security Boulevard.

DNS

DNS Authentication Cybersecurity

Google fixes one more Chrome zero-day exploited at Pwn2Own

Bleeping Computer

APRIL 3, 2024

Google has fixed another zero-day vulnerability in the Chrome browser, which was exploited by security researchers during the Pwn2Own hacking contest last month. [.]

Hacking

Rust gets security fix for Windows vulnerability

InfoWorld on Security

APRIL 12, 2024

The Rust language team has published a point release of Rust to fix a critical vulnerability to the standard library that could benefit an attacker when using Windows. Rust 1.77.2 , published on April 9, includes a fix for CVE-2024-24576.

Google shares “fix” for deleted Google Drive files

Bleeping Computer

DECEMBER 8, 2023

Google says it identified and fixed a bug causing customer files added to Google Drive after April-May 2023 to disappear. However, the fix isn't working for all affected users. [.]

GitHub’s new AI-powered tool auto-fixes vulnerabilities in your code

Bleeping Computer

MARCH 20, 2024

GitHub introduced a new AI-powered feature capable of speeding up vulnerability fixes while coding. This feature is in public beta and automatically enabled on all private repositories for GitHub Advanced Security (GHAS) customers [.]

Software

Mitel Issues Critical Fixes for XSS Vulnerabilities in MiContact Center Business

Penetration Testing

APRIL 27, 2024

These updates tackle significant vulnerabilities that could potentially allow unauthorized script execution through... The post Mitel Issues Critical Fixes for XSS Vulnerabilities in MiContact Center Business appeared first on Penetration Testing.

Penetration Testing

GitLab Races to Fix Critical XSS Flaws – Don’t Delay Your Upgrade

Penetration Testing

APRIL 10, 2024

... The post GitLab Races to Fix Critical XSS Flaws – Don’t Delay Your Upgrade appeared first on Penetration Testing. GitLab, the widely used DevOps platform for code collaboration and project management, has released a significant security update.

Penetration Testing

Windows 11 KB5034765 update released with Start Menu fixes

Bleeping Computer

FEBRUARY 13, 2024

Microsoft has released the KB5034765 cumulative update for Windows versions 23H2 and 22H2 to fix several bugs in the OS, including an issue that causes problems with the Start menu. [.]

Software

Recent Node.js Vulnerabilities Fixed in Ubuntu

Security Boulevard

MARCH 19, 2024

Vulnerabilities Fixed in Ubuntu appeared first on TuxCare. Vulnerabilities Fixed in Ubuntu appeared first on Security Boulevard. To address these risks, the Ubuntu security team swiftly released security updates across multiple Ubuntu releases, including Ubuntu 22.04 LTS, Ubuntu 20.04 […] The post Recent Node.js The post Recent Node.js

Risk

Google fixed two actively exploited Pixel vulnerabilities

Security Affairs

APRIL 3, 2024

Two issues fixed by the IT giant, tracked as CVE-2024-29745 and CVE-2024-29748, are actively exploited in the wild. Google addressed several vulnerabilities in Android and Pixel devices, including two actively exploited flaws. Google addressed 28 vulnerabilities in Android and 25 flaws in Pixel devices. ” reads the advisory.

Spyware

Spyware Firmware Hacking Information Security

Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability

The Hacker News

MARCH 20, 2024

Ivanti has disclosed details of a critical remote code execution flaw impacting Standalone Sentry, urging customers to apply the fixes immediately to stay protected against potential cyber threats. Tracked as CVE-2023-41724, the vulnerability carries a CVSS score of 9.6. "An

Cyber threats

Windows 10 KB5034843 update released with 9 new changes, fixes

Bleeping Computer

FEBRUARY 29, 2024

Microsoft has released the optional KB5034843 Preview cumulative update for Windows 10 22H2 with an updated sharing experience and eight other fixes or changes. [.]

Apple fixed actively exploited zero-day CVE-2024-23222

Security Affairs

JANUARY 22, 2024

This is the first actively exploited zero-day vulnerability fixed by the company this year. The issue has been fixed in iOS 16.7.5 Apple released security updates to address a zero-day vulnerability, tracked as CVE-2024-23222, that impacts iPhones, Macs, and Apple TVs. ” reads the advisory published by the company.

Hacking

Hacking Information Security

Windows 10 KB5035845 update released with 9 new changes, fixes

Bleeping Computer

MARCH 12, 2024

Microsoft has released the KB5035845 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes nine new changes and fixes. [.]

Apple fixes two new iOS zero-days exploited in attacks on iPhones

Bleeping Computer

MARCH 5, 2024

Apple released emergency security updates to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones. [.]

Technology

Ivanti fixed two critical flaws in its Avalanche MDM

Security Affairs

APRIL 17, 2024

The installation will apply a fix for each CVE listed in the table below. . “To address the security vulnerabilities listed below, it is highly recommended to download the Avalanche installer and update to the latest Avalanche 6.4.3. These vulnerabilities affect any older versions of Avalanche. You can download the latest Avalanche 6.4.3

Mobile

Mobile Software Hacking Information Security

Cisco fixed critical Unity Connection vulnerability CVE-2024-20272

Security Affairs

JANUARY 10, 2024

Cisco’s advisory states that there are no workarounds that address this vulnerability and urges customers to install security patches to fix the bug. The following table reports the fixed software release. Cisco Unity Connection Release First Fixed Release 12.5

Authentication

Authentication Hacking Software Information Security

Google fixes first actively exploited Chrome zero-day of 2024

Bleeping Computer

JANUARY 16, 2024

Google has released security updates to fix the first Chrome zero-day vulnerability exploited in the wild since the start of the year. [.]

Apple fixes two new iOS zero-days in emergency updates

Bleeping Computer

NOVEMBER 30, 2023

Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. [.]

Several OpenJDK Vulnerabilities Fixed

Security Boulevard

FEBRUARY 27, 2024

In this article, we will explore the details of these vulnerabilities and […] The post Several OpenJDK Vulnerabilities Fixed appeared first on TuxCare. The post Several OpenJDK Vulnerabilities Fixed appeared first on Security Boulevard. The affected versions include 21.0.1, 11.0.21, 8u392, and earlier.

Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed

April’s Patch Tuesday Brings Record Number of Fixes

Trending Sources

Atlassian Flaws Fixes: Critical Bamboo Patch Mitigates Risk

Google fixed critical Chrome vulnerability CVE-2024-4058

Multiple Squid Vulnerabilities Fixed in Ubuntu

Watch This? Patch This! LG Fixes Smart TV Vulns

Vendors are Fixing Security Flaws Faster

Microsoft pulls fix for Outlook bug behind ICS security alerts

Microsoft releases emergency fix for Windows Server crashes

Microsoft fixes two Windows zero-days exploited in malware attacks

Big Fix

Microsoft fixes Windows Sysprep issue behind 0x80073cf2 errors

Google fixes Chrome zero-days exploited at Pwn2Own 2024

Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own

No fix KrbRelay VMware style

Palo Alto Networks fixed multiple DoS bugs in its firewalls

How to Fix Outlook Email Errors?

Telegram fixes Windows app zero-day used to launch Python scripts

Multiple Puma Vulnerabilities Fixed in Ubuntu

Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks

Fortinet fixed a critical remote code execution bug in FortiClientLinux

Telegram fixes Windows app zero-day caused by file extension typo

Cisco fixes critical Expressway Series CSRF vulnerabilities

FCC: Phone Network Bugs Must Be Fixed — But are SS7/Diameter Beyond Repair?

Fix SPF Permerror: Overcome SPF Too Many DNS Lookups Limit

Google fixes one more Chrome zero-day exploited at Pwn2Own

Rust gets security fix for Windows vulnerability

Google shares “fix” for deleted Google Drive files

GitHub’s new AI-powered tool auto-fixes vulnerabilities in your code

Mitel Issues Critical Fixes for XSS Vulnerabilities in MiContact Center Business

GitLab Races to Fix Critical XSS Flaws – Don’t Delay Your Upgrade

Windows 11 KB5034765 update released with Start Menu fixes

Recent Node.js Vulnerabilities Fixed in Ubuntu

Google fixed two actively exploited Pixel vulnerabilities

Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability

Windows 10 KB5034843 update released with 9 new changes, fixes

Apple fixed actively exploited zero-day CVE-2024-23222

Windows 10 KB5035845 update released with 9 new changes, fixes

Apple fixes two new iOS zero-days exploited in attacks on iPhones

Ivanti fixed two critical flaws in its Avalanche MDM

Cisco fixed critical Unity Connection vulnerability CVE-2024-20272

Google fixes first actively exploited Chrome zero-day of 2024

Apple fixes two new iOS zero-days in emergency updates

Several OpenJDK Vulnerabilities Fixed

Stay Connected