patches

Blog
digitpatrox1 week ago
20

Microsoft patches Windows zero-day exploited in attacks on Ukraine

Suspected Russian hackers were caught exploiting a recently patched Windows vulnerability as a zero-day in ongoing attacks targeting Ukrainian entities. The security flaw (CVE-2024-43451) is an NTLM Hash Disclosure spoofing vulnerability reported by ClearSky security researchers, which can be exploited to steal the logged-in user’s NTLMv2 hash by forcing connections to a remote attacker-controlled server. ClearSky spotted this campaign in…
Read More »
Blog
digitpatrox3 weeks ago
86

Synology hurries out patches for zero-days exploited at Pwn2Own

Synology, a Taiwanese network-attached storage (NAS) appliance maker, patched two critical zero-days exploited during last week’s Pwn2Own hacking competition within days. Midnight Blue security researcher Rick de Jager found the critical zero-click vulnerabilities (tracked together as CVE-2024-10443 and dubbed RISK:STATION) in the company’s Synology Photos and BeePhotos for BeeStation software. As Synology explains in security advisories published two days after the…
Read More »
Blog
digitpatrox3 weeks ago
28

QNAP patches second zero-day exploited at Pwn2Own to get root

QNAP has released security patches for a second zero-day bug exploited by security researchers during last week’s Pwn2Own hacking contest. This critical SQL injection (SQLi) vulnerability, tracked as CVE-2024-50387, was found in QNAP’s SMB Service and is now fixed in versions 4.15.002 or later and h4.15.002 and later. The zero-day flaw was patched one week after allowing YingMuo (working with…
Read More »
Blog
digitpatrox3 weeks ago
32

New Windows Themes zero-day gets free, unofficial patches

Free unofficial patches are now available for a new Windows Themes zero-day vulnerability that allows attackers to steal a target’s NTLM credentials remotely. NTLM has been extensively exploited in NTLM relay attacks, where threat actors force vulnerable network devices to authenticate against servers under their control, and pass-the-hash attacks, where they exploit system vulnerabilities or deploy malicious software to acquire NTLM…
Read More »
Blog
digitpatrox3 weeks ago
24

Apple’s iOS 18.1 iPhone and macOS 15.1 Updates Include Dozens of Security Patches

It’s been quite the week for Apple, and it’s only Tuesday. The company announced a new iMac with the M4 chip; debuted a new Mac mini with M4 and M4 Pro; and, with new operating system updates, launched Apple Intelligence on compatible Macs, iPhones, and iPads. But iOS 18.1 and macOS 15.1 weren’t only about Apple Intelligence: In addition to…
Read More »
Blog
digitpatroxOctober 12, 2024
126

Firefox Update Patches Exploited Vulnerability

Mozilla, the company behind the browser Firefox, issued a fix on Wednesday for a zero-day vulnerability they say has been exploited. NIST lists the vulnerability as CVE-2024-9680, and its status as “awaiting analysis.” Firefox users should update to the latest version of the browser and of the extended support releases to protect their systems from potential attacks. Due to widespread…
Read More »
Blog
digitpatroxOctober 7, 2024
45

Qualcomm patches high-severity zero-day exploited in attacks

Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service that impacts dozens of chipsets. The security flaw (CVE-2024-43047) was reported by Google Project Zero’s Seth Jenkins and Amnesty International Security Lab’s Conghui Wang, and it is caused by a use-after-free weakness that can lead to memory corruption when successfully exploited by local attackers…
Read More »
Blog
digitpatroxSeptember 12, 2024
156

Microsoft patches rollback flaw in Windows 10

A flaw targeting Windows Update could rollback versions of the operating system so it’s easier to attack, according to Microsoft. Microsoft revealed the critical vulnerability in its September “Patch Tuesday” update, but it’s a similar style of attack spotted by a researcher last month. In August, SafeBreach security researcher Alon Leviev revealed a “downgrade” attack. Leviev was able to rollback…
Read More »
Blog
digitpatroxAugust 15, 2024
106

Microsoft patches six actively exploited vulnerabilities

The proximity to Black Hat and DEF CON may have played a part in that, however, as some of the publicly disclosed vulnerabilities came from talks given by security researchers last week at the two conferences. Those vulnerabilities might have been reported responsibly to Microsoft in advance, but weren’t considered severe enough to warrant out-of-band fixes — something that Microsoft…
Read More »

patches

Microsoft patches Windows zero-day exploited in attacks on Ukraine

Synology hurries out patches for zero-days exploited at Pwn2Own

QNAP patches second zero-day exploited at Pwn2Own to get root

New Windows Themes zero-day gets free, unofficial patches

Apple’s iOS 18.1 iPhone and macOS 15.1 Updates Include Dozens of Security Patches

Firefox Update Patches Exploited Vulnerability

Qualcomm patches high-severity zero-day exploited in attacks

Microsoft patches rollback flaw in Windows 10

Microsoft patches six actively exploited vulnerabilities

Sonos speakers and soundbars are up to $200 off ahead of Black Friday

What’s Free on the Epic Games Store Right Now?

Snowflake and Anthropic partner up on agentic AI, model sharing

The Best Ways to Keep Your Old House Warm in the Winter

US and India partner to strengthen semiconductor supply chain – Computerworld

Walmart’s October ‘Prime Day’ Sale Is Still Going

Windows 11 build 27754 overhauls the sign-in experience

Gifts for Car Lovers That Promise Convenience, Fun, and Safety

5 Ways I Take Instagram Stories to the Next Level

TikTok Is Pushing Old and False News as ”Breaking” Alerts

How to enable Do Not Track on your web browser for Windows

Indiana Jones The Great Circle Is Here with a Release Date and a PS5 Launch