Month: December 2024
MS-ISAC ADVISORY NUMBER: 2024-136 DATE(S) ISSUED: 12/10/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated…
Read MoreMultiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Details of these vulnerabilities are as follows Tactic: Execution (TA0002) Technique: Exploitation for Client Execution (T1203): Adobe Experience Manager: Improper Input Validation (CVE-2024-43711, CVE-2024-43755) Cross-site Scripting (Stored XSS) (CVE-2024-43712, CVE-2024-53960, CVE-2024-43713, CVE-2024-43714, CVE-2024-43715, CVE-2024-43718, CVE-2024-43719, CVE-2024-43720, CVE-2024-43721,…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-135 DATE(S) ISSUED: 12/10/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create…
Read More403 Forbidden WHAT? Why am I seeing this? Your access to this site was blocked by Wordfence, a security provider, who protects sites from malicious activity. If you believe Wordfence should be allowing you access to this site, please let them know using the steps below so they can investigate why this is happening. Reporting…
Read More
Microsoft addressed over 1000 CVEs as part of Patch Tuesday releases in 2024, including 22 zero-day vulnerabilities. Background Microsoft’s Patch Tuesday, a monthly release of software patches for Microsoft products, has just celebrated its 21st anniversary. After a wrap-up covering the 20th anniversary in 2023, the Tenable Security Response Team (SRT) chose to keep the…
Read MoreIvanti released security updates to address vulnerabilities in Ivanti Cloud Service Application, Ivanti Desktop and Server Management (DSM), Ivanti Connect Secure and Police Secure, Ivanti Sentry, and Ivanti Patch SDK. CISA encourages users and administrators to review the following Ivanti security advisories and apply the necessary guidance and updates: Source link lol
Read MoreMicrosoft released security updates to address vulnerabilities in multiple Microsoft products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following and apply necessary updates: Source link lol
Read MoreAdobe released security updates to address vulnerabilities in multiple Adobe software products including Adobe Acrobat, Adobe Illustrator, and Adobe InDesign. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following Adobe Security Bulletin and apply necessary updates: Source link…
Read More
Microsoft addresses 70 CVEs with 16 rated critical, including one zero-day that was exploited in the wild. Microsoft patched 70 CVEs in its December 2024 Patch Tuesday release, with 16 rated critical, and 54 rated as important. Remote code execution (RCE) vulnerabilities accounted for 42.9% of the vulnerabilities patched this month, followed by elevation of…
Read MoreCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-49138 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01:…
Read More