Simultaneously, organizations must adopt a more discerning approach to cybersecurity investment, recognizing that true security is not a commodity that can be purchased off the shelf. Leaders should prioritize allocating resources toward building robust internal capabilities, including skilled security teams, comprehensive security policies, and the implementation of continuous monitoring and improvement practices. By doing so,…
Read More
Aug 14, 2024Ravie LakshmananVulnerability / Network Security Ivanti has rolled out security updates for a critical flaw in Virtual Traffic Manager (vTM) that could be exploited to achieve an authentication bypass and create rogue administrative users. The vulnerability, tracked as CVE-2024-7593, has a CVSS score of 9.8 out of a maximum of 10.0. “Incorrect implementation…
Read More
Aug 14, 2024Ravie LakshmananWindows Security / Vulnerability Microsoft on Tuesday shipped fixes to address a total of 90 security flaws, including 10 zero-days, of which six have come under active exploitation in the wild. Of the 90 bugs, seven are rated Critical, 79 are rated Important, and one is rated Moderate in severity. This is…
Read MoreMultiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for arbitrary code execution. Adobe is a software that is used for creating and publishing a wide variety of contents including graphics, photography, illustration, animation, multimedia, motion pictures and print. Successful exploitation of the most severe of these vulnerabilities could…
Read More
The proximity to Black Hat and DEF CON may have played a part in that, however, as some of the publicly disclosed vulnerabilities came from talks given by security researchers last week at the two conferences. Those vulnerabilities might have been reported responsibly to Microsoft in advance, but weren’t considered severe enough to warrant out-of-band…
Read More
Today, Microsoft revealed that a Mark of the Web security bypass vulnerability exploited by attackers as a zero-day to bypass SmartScreen protection was patched during the June 2024 Patch Tuesday. SmartScreen is a security feature introduced with Windows 8 that protects users against potentially malicious software when opening downloaded files tagged with a Mark of…
Read More
Bloomberg reported that, even without the divestitures, the government will likely seek a ban of the “exclusive distribution agreements” at the heart of the case. The U.S. Department of Justice is considering a divestiture of Google’s Android operating system, AdWords ad sales platform and web browser, Chrome, after a judge ruled the tech giant is…
Read More
NIST says that this algorithm is intended to serve as a backup in case ML-DSA proves vulnerable. More than algorithms In addition to the mathematical encryption algorithms, NIST also released the relevant implementation details. “These finalized standards include instructions for incorporating them into products and encryption systems,” says Moody. “We encourage system administrators to start…
Read More
Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers. Image: Shutterstock. This month’s bundle of update joy from Redmond includes patches for security holes in Office, .NET, Visual Studio, Azure, Co-Pilot, Microsoft Dynamics, Teams,…
Read More
SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the system. The flaw, tracked as CVE-2024-41730 and rated 9.8 as per the CVSS v3.1 system, is a “missing authentication check” bug impacting SAP BusinessObjects Business Intelligence Platform versions…
Read More