Category: Good news
MS-ISAC ADVISORY NUMBER: 2024-131 DATE(S) ISSUED: 11/20/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated…
Read MoreApple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply necessary updates: Source link lol
Read MoreThe Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI), operated by MITRE, has released the 2024 CWE Top 25 Most Dangerous Software Weaknesses. This annual list identifies the most critical software weaknesses that adversaries frequently exploit to compromise systems, steal sensitive data, or disrupt essential services.…
Read MoreCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD)…
Read MoreUSDA turned to Fast IDentity Online (FIDO) capabilities, a set of authentication protocols that uses cryptographic keys on user devices, to offer a secure way to authenticate user identities without passwords. USDA’s adoption of FIDO highlights the importance of organizations moving away from password authentication and adopting more secure MFA technologies. This report offers examples…
Read More
After Nutanix CEO Rajiv Ramaswami was “approached” about a role with a competitor, the Nutanix board responded with an “off-cycle” stock award worth nearly $50 million, citing “immediate retention concerns,” according to a recent filing with the SEC. Nutanix President and CEO – and a former VMware C-level executive – Rajiv Ramaswami won a massive…
Read MoreCISA released one Industrial Control Systems (ICS) advisory on November 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations. Source link lol
Read More
‘Nutanix has sensed blood in the water from the Broadcom acquisition and it is making a big push to do right by partners,’ says Gary McConnell, CEO of Nutanix partner VirtuIT. ‘They’ve rolled out a ton of training and have made their technical and sales resources available to partners that are new to having discussions…
Read MoreMS-ISAC ADVISORY NUMBER: 2024-130 DATE(S) ISSUED: 11/18/2024 OVERVIEW: Multiple vulnerabilities have been discovered in Palo Alto PAN-OS, the most severe of which could allow for authentication bypass. PAN-OS is the software that runs all Palo Alto Networks next-generation firewalls. Successful exploitation could allow for authentication bypass with administrator privileges. An attacker could then install programs;…
Read MoreThe CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring…
Read More