#zero_day

Microsoft patched 61 vulnerabilities in the March 2024 Patch Tuesday round, including two critical flaws in Hyper-V.

Apple and Microsoft recently released software updates to fix dozens of security holes in their operating systems. Microsoft today patched at least 60 vulnerabilities in its Windows OS. Meanwhile, Apple's new macOS Sonoma addresses at least 68 security weaknesses, and its latest updates for iOS fixes two zero-day flaws.

March’s Patch Tuesday is relatively light, containing 60 vulnerabilities — only two labeled “critical.”

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low Attack Complexity Vendor: Schneider Electric Equipment: EcoStruxure Power Design Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability may allow for arbitrary code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Schneider Electric - EcoStruxure Power Design - Ecodial, an equipment management platform, are affected: EcoStruxure Power Design - Ecodial NL: All Versions EcoStruxure Power Design - Ecodial INT: All Versions EcoStruxure Power Design - Ecodial FR: All Versions 3.2 Vulnerability Overview 3.2.1 DESERIALIZATION OF UNTRUSTED DATA CWE-502 All versions of Schneider Electric EcoStruxure Power Design - Ecodial NL, INT, and FR deserializes untrusted data which could allow an attacker to perform code execution when a malicious project file is loaded into the application by a valid user. CVE-2024-2229 has been assigned to this vulnerability...

By Deeba Ahmed Patch Now! One-Day Vulnerabilities Exploited by Magnet Goblin to Deliver Linux Malware! This is a post from HackRead.com Read the original post: Magnet Goblin Hackers Using Ivanti Flaws to Deploy Linux Malware

By Deeba Ahmed Midnight Blizzard (aka Cozy Bear and APT29) originally breached Microsoft on January 12, 2024. This is a post from HackRead.com Read the original post: Russian Midnight Blizzard Hackers Breached Microsoft Source Code

By Waqas The teasure trove of highly sentisive data is being sold for just $3,000 in Monero (XMR) cryptocurrency on Breach Forums. This is a post from HackRead.com Read the original post: Hacker Claims Breaching US Federal Contractor Acuity, Selling ICE, USCIS Data

Apple has released a security update for iOS and iPadOS to patch two zero-day vulnerabilities which are reported to already have been exploited.

Apple has released security updates to address several security flaws, including two vulnerabilities that it said have been actively exploited in the wild. The shortcomings are listed below - CVE-2024-23225 - A memory corruption issue in Kernel that an attacker with arbitrary kernel read and write capability can exploit to bypass kernel memory protections CVE-2024-23296 - A memory

By Deeba Ahmed Group-IB Report Warns of Evolving Cyber Threats Including AI and macOS Vulnerabilities and Ransomware Attacks. This is a post from HackRead.com Read the original post: Report Uncovers Massive Sale of Compromised ChatGPT Credentials