Author: nlqip

MS-ISAC ADVISORY NUMBER: 2024-112 DATE(S) ISSUED: 10/08/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe is a software that is used for creating and publishing a wide variety of contents including graphics, photography, illustration, animation, multimedia, motion pictures and print.  Successful…

Read More

MS-ISAC ADVISORY NUMBER: 2024-113 DATE(S) ISSUED: 10/08/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated…

Read More

Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks. Also, Adobe plugged 52 security holes across a range of products, and Apple has addressed a bug in its new macOS 15 “Sequoia” update that broke many cybersecurity…

Read More

TD Synnex, ConnectWise, Critical Start, ThoughtSpot, Microsoft, CrowdStrike and Capgemini were among the tech companies making key executive hires and moves in September 2024. New CEOs at TD Synnex, ConnectWise, ThoughtSpot and Critical Start were among the biggest executive moves in September. Taking those top spots, respectively, were Patrick Zammit, previously with Avnet; Manny Rivelo,…

Read More

An automated scanner has been released to help security professionals scan environments for devices vulnerable to the Common Unix Printing System (CUPS) RCE flaw tracked as CVE-2024-47176. The flaw, which enables attackers to perform arbitrary remote code execution if certain conditions are met, was disclosed late last month by the person who discovered it, Simone…

Read More

Microsoft reminded customers today that multiple editions of Windows 11 22H2 and 21H2 have reached their end of servicing. This announcement applies to Windows 11 22H2 Home, Pro, Pro Education, Pro for Workstations, and SE editions released on September 20, 2022. One year after the Home and Pro editions, Windows 11 21H2 Enterprise, Education, and IoT…

Read More

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-43047 Qualcomm Multiple Chipsets Use-After-Free Vulnerability CVE-2024-43572 Microsoft Windows Management Console Remote Code Execution Vulnerability CVE-2024-43573 Microsoft Windows MSHTML Platform Spoofing Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks…

Read More

Adobe released security updates to address multiple vulnerabilities in Adobe software. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.     CISA encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates:   Security update available for Adobe Substance 3D Printer| APSB24-52 Security…

Read More

An emerging phishing-as-a-service (PhaaS) platform called Mamba 2FA has been observed targeting Microsoft 365 accounts in AiTM attacks using well-crafted login pages. Additionally, Mamba 2FA offers threat actors an adversary-in-the-middle (AiTM) mechanism to capture the victim’s authentication tokens and bypass multi-factor authentication (MFA) protections on their accounts. Mamba 2FA is currently sold to cybercriminals for…

Read More

It’s the third time in 2024 that has seen Microsoft’s monthly patch release consist of fixes for more than 100 vulnerabilities, according to Trend Micro’s Dustin Childs. For the third time in 2024, Microsoft’s monthly patch release has included fixes for more than 100 vulnerabilities, according to a Trend Micro researcher. The tech giant disclosed…

Read More