Month: September 2024
Microsoft says this month’s Patch Tuesday cumulative updates also fix a known issue causing Windows Server 2019 boot problems, freezes, and performance issues after installing the August 2024 security updates. Redmond first confirmed this known issue on August 21, following widespread reports from Windows admins that their servers were experiencing performance issues and becoming unusable…
Read More
‘We’re not sure why they don’t list [the vulnerability] as being under active attack, but you should treat it as though it were,’ writes Trend Micro’s Dustin Childs. Microsoft’s monthly release of security fixes addresses five zero-day vulnerabilities that are seeing active exploitation, despite the company only listing four zero days in its disclosure Tuesday,…
Read More
“People enjoy a narrative where they say like, ‘How are you possibly doing your own chips when you have other partners who have their other chips?’ And it turns out, customers like choice,” said AWS CEO Matt Garman. Amazon Web Services CEO Matt Garman is bullish about his company’s future in homemade silicon chips as…
Read MoreCisco released security updates to address two vulnerabilities (CVE-2024-20439 and CVE-2024-20440) in Cisco Smart Licensing Utility. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisory and apply the necessary updates: Source link lol
Read More
Ivanti has fixed a maximum severity vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers gain remote code execution on the core server. Ivanti EPM helps admins manage client devices that run various platforms, including Windows, macOS, Chrome OS, and IoT operating systems. The security flaw (CVE-2024-29847) is caused by a deserialization…
Read More
A novel acoustic attack named ‘PIXHELL’ can leak secrets from air-gapped and audio-gapped systems, and without requiring speakers, through the LCD monitors they connect to. In a PIXHELL attack, malware modulates the pixel patterns on LCD screens to induce noise in the frequency range of 0-22 kHz, carrying encoded signals within those acoustic waves that can…
Read MoreMicrosoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Source link lol
Read MoreMS-ISAC ADVISORY NUMBER: 2024-098 DATE(S) ISSUED: 09/10/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or…
Read MoreCISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38226 Microsoft Publisher Security Feature Bypass Vulnerability CVE-2024-43491 Microsoft Windows Update Remote Code Execution Vulnerability CVE-2024-38014 Microsoft Windows Installer Privilege Escalation Vulnerability CVE-2024-38217 Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability These types of vulnerabilities are…
Read MoreIvanti released security updates to address multiple vulnerabilities in Ivanti Endpoint Manager, Cloud Service Application 4.6, and Workspace Control. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Ivanti advisories and apply the necessary guidance and updates: Source link…
Read More