Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities

Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 critical vulnerabilities that could result in remote code execution. A brief description of the issues is as follows - CVE-2024-29847 (CVSS score: 10.0) - A deserialization of untrusted data vulnerability that allows a remote unauthenticated attacker to achieve code execution.

The Hacker News
Open in Source
#sql#vulnerability#rce#auth#zero_day#The Hacker News
Bug Left Some Windows PCs Dangerously Unpatched

Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year.

Microsoft Discloses 4 Zero-Days in September Update

This month's Patch Tuesday contains a total of 79 vulnerabilities — the fourth largest of the year.

Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score

September’s monthly round of patches from Microsoft included 79 vulnerabilities, seven of which are considered critical.

One More Tool Will Do It? Reflecting on the CrowdStrike Fallout

The proliferation of cybersecurity tools has created an illusion of security. Organizations often believe that by deploying a firewall, antivirus software, intrusion detection systems, identity threat detection and response, and other tools, they are adequately protected. However, this approach not only fails to address the fundamental issue of the attack surface but also introduces dangerous

Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks

The China-linked advanced persistent threat (APT) group known as Mustang Panda has been observed weaponizing Visual Studio Code software as part of espionage operations targeting government entities in Southeast Asia. "This threat actor used Visual Studio Code's embedded reverse shell feature to gain a foothold in target networks," Palo Alto Networks Unit 42 researcher Tom Fakterman said in a

Russia’s Most Notorious Special Forces Unit Now Has Its Own Cyber Warfare Team

Unit 29155 of Russia’s GRU military intelligence agency—a team responsible for coup attempts, assassinations, and bombings—has branched out into brazen hacking operations with targets across the world.

No cON Name 2024 Call For Papers

The No cON Name 2024 call for papers has been announced. It will be held in Barcelona, Spain, from November 18th through the 20th, 2024.