patches

  • Blog
    digitpatrox1 week ago
    22

    Cleo patches critical zero-day exploited in data theft attacks

    Cleo has released security updates for a zero-day flaw in its LexiCom, VLTransfer, and Harmony software, currently exploited in data theft attacks. In October, the company patched a pre-auth remote code execution vulnerability (CVE-2024-50623) in its managed file transfer software and recommended that “all customers upgrade immediately.” Huntress security researchers first spotted evidence of attacks targeting fully patched Cleo software…

    Read More »
  • Blog
    digitpatrox1 week ago
    83

    Everything you need to know about the Cleo file transfer vulnerability, including affected products, patches, and temporary mitigations

    A vulnerability in the popular managed file transfer (MFT) service from software company Cleo is being actively exploited by threat actors, researchers have warned. Reports from multiple security firms have warned that three different Cleo products were being attacked in the wild, including Cleo Harmony, the firm’s widely-used file transfer service capability. VLTrader, a server-side solution aimed at mid-sized corporations,…

    Read More »
  • Blog
    digitpatrox1 week ago
    26

    Microsoft Patches One Actively Exploited Vulnerability, Among Others

    December brought a relatively mild Patch Tuesday, with one vulnerability having been actively exploited. Of all 70 vulnerabilities fixed, 16 were classified as critical. “This year, cybersecurity professionals must be on Santa’s nice list, or, at the very least, Microsoft’s,” Tyler Reguly, associate director of security R&D at cybersecurity software and services company Fortra, told TechRepublic in an email. Microsoft…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    124

    New Windows Server 2012 zero-day gets free, unofficial patches

    Free unofficial security patches have been released through the 0patch platform to address a zero-day vulnerability introduced over two years ago in the Windows Mark of the Web (MotW) security mechanism. Windows automatically adds Mark of the Web (MotW) flags to all documents and executables downloaded from untrusted sources. These MotW labels inform the Windows operating system, Microsoft Office, web…

    Read More »
  • Blog
    digitpatroxNovember 22, 2024
    31

    Apple Patches Two Zero-Day Attack Vectors

    Apple’s latest security updates for iOS, macOS, Safari, visionOS, and iPadOS contained brief but critical disclosures of two actively exploited vulnerabilities. The tech giant said Clément Lecigne and Benoît Sevens of Google’s Threat Analysis Group discovered the vulnerabilities. NIST lists the vulnerabilities as CVE-2024-44308 and CVE-2024-44309. What are the vulnerabilities Apple patched? Apple didn’t disclose much information about the exploitation…

    Read More »
  • Blog
    digitpatroxNovember 14, 2024
    44

    Microsoft patches Windows zero-day exploited in attacks on Ukraine

    Suspected Russian hackers were caught exploiting a recently patched Windows vulnerability as a zero-day in ongoing attacks targeting Ukrainian entities. The security flaw (CVE-2024-43451) is an NTLM Hash Disclosure spoofing vulnerability reported by ClearSky security researchers, which can be exploited to steal the logged-in user’s NTLMv2 hash by forcing connections to a remote attacker-controlled server. ClearSky spotted this campaign in…

    Read More »
  • Blog
    digitpatroxNovember 2, 2024
    107

    Synology hurries out patches for zero-days exploited at Pwn2Own

    Synology, a Taiwanese network-attached storage (NAS) appliance maker, patched two critical zero-days exploited during last week’s Pwn2Own hacking competition within days. Midnight Blue security researcher Rick de Jager found the critical zero-click vulnerabilities (tracked together as CVE-2024-10443 and dubbed RISK:STATION) in the company’s Synology Photos and BeePhotos for BeeStation software. As Synology explains in security advisories published two days after the…

    Read More »
  • Blog
    digitpatroxOctober 30, 2024
    43

    QNAP patches second zero-day exploited at Pwn2Own to get root

    QNAP has released security patches for a second zero-day bug exploited by security researchers during last week’s Pwn2Own hacking contest. This critical SQL injection (SQLi) vulnerability, tracked as CVE-2024-50387, was found in QNAP’s SMB Service and is now fixed in versions 4.15.002 or later and h4.15.002 and later. The zero-day flaw was patched one week after allowing YingMuo (working with…

    Read More »
  • Blog
    digitpatroxOctober 29, 2024
    59

    New Windows Themes zero-day gets free, unofficial patches

    Free unofficial patches are now available for a new Windows Themes zero-day vulnerability that allows attackers to steal a target’s NTLM credentials remotely. NTLM has been extensively exploited in NTLM relay attacks, where threat actors force vulnerable network devices to authenticate against servers under their control, and pass-the-hash attacks, where they exploit system vulnerabilities or deploy malicious software to acquire NTLM…

    Read More »
  • Blog
    digitpatroxOctober 29, 2024
    45

    Apple’s iOS 18.1 iPhone and macOS 15.1 Updates Include Dozens of Security Patches

    It’s been quite the week for Apple, and it’s only Tuesday. The company announced a new iMac with the M4 chip; debuted a new Mac mini with M4 and M4 Pro; and, with new operating system updates, launched Apple Intelligence on compatible Macs, iPhones, and iPads. But iOS 18.1 and macOS 15.1 weren’t only about Apple Intelligence: In addition to…

    Read More »
Load More
Back to top button
close