Microsoft’s January 2024 Patch Tuesday includes security updates for 49 flaws and 12 remote code execution vulnerabilities. Two critical vulnerabilities were fixed, including a Windows Kerberos Security Feature Bypass and a Hyper-V RCE.
Users are recommended to switch to the mobile versions available on iOS and Google Play. The decision to sunset the desktop app is part of Twilio’s effort to focus on areas with higher demand.
A blind SQL injection vulnerability (CVE-2023-51448) in Cacti, a widely-used network monitoring, performance and fault management framework, could lead to information disclosure and potentially remote code execution. Cacti is often used in network operation centers of telecoms and web hosting providers, to collect network performance data and store it in RRDtool, a logging and graphing […]
A threat actor known as IntelBroker has claimed responsibility for a major data breach targeting the United States Department of Transportation (DOT). The federal executive department, entrusted with the planning, coordination, and implementation of federal transportation projects and policies, is now grappling with the fallout of a substantial compromise to its aviation department. DOT Data […]
Several vulnerabilities have been found in a popular line of pneumatic torque wrenches made by a subsidiary of Bosch, a German engineering and technology corporation. The mechanical wrenches are typically found in manufacturing facilities that perform safety-critical tightening tasks, especially automotive production lines, according to researchers at industrial cybersecurity firm Nozomi Networks. The vulnerabilities in […]
Endpoint Security Path Traversal Flaw Allows Malicious Actors to Exploit Kyocera’s Device Manager Prajeet Nair (@prajeetspeaks) • January 9, 2024 Researchers identified a path traversal vulnerability in Kyocera’s Device Manager. (Image: Shutterstock) Researchers found a path traversal vulnerability in Kyocera’s Device Manager product, which is used for overseeing large printer fleets in mid- […]
Jan 10, 2024NewsroomPrivacy / Regulatory Compliance The U.S. Federal Trade Commission (FTC) on Tuesday prohibited data broker Outlogic, which was previously known as X-Mode Social, from sharing or selling any sensitive location data with third-parties. The ban is part of a settlement over allegations that the company “sold precise location data that could be used […]
Jan 10, 2024NewsroomVulnerability / Windows Security Microsoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024. Of the 48 bugs, two are rated Critical and 46 are rated Important in severity. There is no evidence that any of the issues are publicly known […]
Jan 10, 2024NewsroomPatch Management / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This includes CVE-2023-27524 (CVSS score: 8.9), a high-severity vulnerability impacting the Apache Superset open-source data visualization software that could enable remote code execution. […]