flaw
-
Blog
Microsoft patches rollback flaw in Windows 10
A flaw targeting Windows Update could rollback versions of the operating system so it’s easier to attack, according to Microsoft. Microsoft revealed the critical vulnerability in its September “Patch Tuesday” update, but it’s a similar style of attack spotted by a researcher last month. In August, SafeBreach security researcher Alon Leviev revealed a “downgrade” attack. Leviev was able to rollback…
Read More » -
Blog
Progress Software discloses maximum severity LoadMaster flaw – here’s what you need to know
Progress Software has issued a public notice declaring it has fixed a maximum severity security vulnerability affecting its LoadMaster and LoadMaster Multi-Tenant hypervisor software. LoadMaster is Progress’ load balancer and application delivery controller (ADC), underpinning high availability, secure, and scalable business applications and websites. The Multi-Tenant hypervisor, meanwhile, is an iteration of the LoadMaster software that allows users to run…
Read More » -
Blog
SolarWinds fixes hardcoded credentials flaw in Web Help Desk
SolarWinds has released a hotfix for a critical Web Help Desk vulnerability that allows attackers to log into unpatched systems using hardcoded credentials. Web Help Desk (WHD) is an IT help desk software widely used by government agencies, large corporations, and healthcare and education organizations to automate and streamline help desk management tasks. SolarWinds’ IT management products are used by over 300,000…
Read More » -
Blog
Billons of Chrome users at risk from hacker attacks — severe flaw exploited
Google is in the process of rolling out patches that address a high-severity security flaw in its Chrome browser. According to Google, this flaw has come under active exploitation in the wild. The flaw (tracked as CVE-2024-7971) is a confusion bug in the V8 JavaScript and WebAssembly engine (h/t to The Hacker News). Google acknowledged the flaw in a blog…
Read More » -
Blog
/cdn.vox-cdn.com/uploads/chorus_asset/file/25581118/SRC_20240813_3336.jpg)
Nomad’s updated Stand One Max charger fixes an annoying design flaw
Nomad is course-correcting from a small design blunder last year on its three-in-one MagSafe charging stand. Like its predecessor, the new Stand One Max for 2024 is a wireless multi-charger for a compatible iPhone, Apple Watch, and set of AirPods. However, now you can charge all of those devices with your phone in landscape orientation, allowing you to use Apple’s…
Read More » -
Blog
SolarWinds urges customers to patch critical Web Help Desk flaw
SolarWinds has issued a warning to customers after the discovery of a critical vulnerability in the firm’s Web Help Desk solution. The vulnerability, tracked as CVE-2024-28986, is a Java deserialization vulnerability that could be exploited to achieve remote code execution, the company confirmed in an advisory last week. “SolarWinds Web Help Desk was found to be susceptible to a Java…
Read More » -
Blog
A flaw in Proofpoint’s anti-phishing platform allowed a hacker to send millions of spam emails
Phishing campaigns were undertaken by a malicious actor through an exploited configuration of Proofpoint’s anti-phishing platform, allowing a malicious actor to send spam emails according to the firm. Dubbed “EchoSpoofing,” a report from Guardio Labs estimated that cyber criminals could have sent an approximate daily average of three million emails a day – with peak daily numbers reaching as high…
Read More » -
Blog
Critical SAP flaw allows remote attackers to bypass authentication
SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the system. The flaw, tracked as CVE-2024-41730 and rated 9.8 as per the CVSS v3.1 system, is a “missing authentication check” bug impacting SAP BusinessObjects Business Intelligence Platform versions 430 and 440 and is…
Read More »