Microsoft on Tuesday shipped fixes to address a total of 90 security flaws, including 10 zero-days, of which six have come under active exploitation in the wild. Of the 90 bugs, seven are rated Critical, 79 are rated Important, and one is rated Moderate in severity. This is also in addition to 36 vulnerabilities that […]
Category Archives: Uncategorized
Ivanti has rolled out security updates for a critical flaw in Virtual Traffic Manager (vTM) that could be exploited to achieve an authentication bypass and create rogue administrative users. The vulnerability, tracked as CVE-2024-7593, has a CVSS score of 9.8 out of a maximum of 10.0. “Incorrect implementation of an authentication algorithm in Ivanti vTM […]
The China-backed threat actor known as Earth Baku has diversified its targeting footprint beyond the Indo-Pacific region to include Europe, the Middle East, and Africa starting in late 2022. Newly targeted countries as part of the activity include Italy, Germany, the U.A.E., and Qatar, with suspected attacks also detected in Georgia and Romania. Governments, media […]
Australia’s Evolution Mining said its IT systems were infected with ransomware in an Aug. 8 cyber incident. Go to Source Author: Dark Reading Staff
Attackers are already actively exploiting six of the bugs and four others are public, including one for which Microsoft has no patch yet. Go to Source Author: Jai Vijayan, Contributing Writer
The threat group is disrupting healthcare organizations. Victims can help themselves, though, even after compromise, by being careful in the decryption process. Go to Source Author: Nate Nelson, Contributing Writer
The new standards from NIST are designed for two tasks: general encryption and digital signatures. Go to Source Author: Jennifer Lawinski, Contributing Writer
Cash may be king, but law enforcement keeps track of who spends it, especially when it’s in the six-figure range. Go to Source Author: Dark Reading Staff
The CVSS 9.8 authentication bypass in Ivanti’s traffic manager admin panel already has a proof-of-concept (PoC) exploit lurking in the wild. Go to Source Author: Nate Nelson, Contributing Writer
Privilege escalation flaws in the healthcare chatbot platform could have allowed unauthorized cross-tenant access and management of other customers’ resources. Go to Source Author: Nathan Eddy, Contributing Writer