Microsoft on Tuesday shipped fixes to address a total of 90 security flaws, including 10 zero-days, of which six have come under active exploitation in the wild. Of the 90 bugs, seven are rated Critical, 79 are rated Important, and one is rated Moderate in severity. This is also in addition to 36 vulnerabilities that […]
Author Archives: Onsite Computing, Inc.
Ivanti has rolled out security updates for a critical flaw in Virtual Traffic Manager (vTM) that could be exploited to achieve an authentication bypass and create rogue administrative users. The vulnerability, tracked as CVE-2024-7593, has a CVSS score of 9.8 out of a maximum of 10.0. “Incorrect implementation of an authentication algorithm in Ivanti vTM […]
The China-backed threat actor known as Earth Baku has diversified its targeting footprint beyond the Indo-Pacific region to include Europe, the Middle East, and Africa starting in late 2022. Newly targeted countries as part of the activity include Italy, Germany, the U.A.E., and Qatar, with suspected attacks also detected in Georgia and Romania. Governments, media […]
Australia’s Evolution Mining said its IT systems were infected with ransomware in an Aug. 8 cyber incident. Go to Source Author: Dark Reading Staff
Microsoft fixed 88 vulnerabilities on Tuesday as part of its monthly patching cycle. Six of those flaws were already being actively exploited in the wild before a patch was available and another four were publicly disclosed, putting the total number of zero-day vulnerabilities covered in this release at 10. Of the 88 vulnerabilities patched only […]
Today, Microsoft revealed that a Mark of the Web security bypass vulnerability exploited by attackers as a zero-day to bypass SmartScreen protection was patched during the June 2024 Patch Tuesday. […] Go to Source Author: Sergiu Gatlan
SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the system. […] Go to Source Author: Bill Toulas
After years of review, the National Institute of Standards and Technology officially picked the world’s first three post-quantum encryption algorithms as the basis for its post-quantum security strategy: ML-KEM, ML-DSA, and SLH-DSA. NIST first asked cryptographers to develop these new standards in 2016, when the threat of quantum computers started becoming a reality. Quantum computers are expected […]
The August 2024 Windows Server updates fix a known issue that breaks multiple Microsoft 365 Defender features after installing last month’s security updates. […] Go to Source Author: Sergiu Gatlan
Attackers are already actively exploiting six of the bugs and four others are public, including one for which Microsoft has no patch yet. Go to Source Author: Jai Vijayan, Contributing Writer