The top U.S. cybersecurity agency is ordering all federal civilian agencies to patch three high-profile vulnerabilities in the next week because they are being exploited by hackers. On Wednesday, the Cybersecurity and Infrastructure Security Agency (CISA) added two Cisco product vulnerabilities — CVE-2024-20353 and CVE-2024-20359 — as well as one vulnerability affecting popular file transfer […]
Only three critical vulnerabilities were fixed as part of the April 2024 Patch Tuesday updates, but there are over 67 remote code execution bugs. More than half of the RCE flaws are found within Microsoft SQL drivers, likely sharing a common flaw.
Take action: Not the most urgent patch level for Android but definitely an important one for Pixel devices. It’s still wise to apply the Android patch as soon as your vendor releases an update for your phone. Depending on the vendor you might wait for some weeks before the update is released for your phone. […]
Take action: Not the most urgent patch level for Android but definitely an important one for Pixel devices. It’s still wise to apply the Android patch as soon as your vendor releases an update for your phone. Depending on the vendor you might wait for some weeks before the update is released for your phone. […]
Endpoint Security , Governance & Risk Management , Patch Management Gateway Maker Says Technique Won’t Succeed in Live Customer Environment Mihir Bagwe (MihirBagwe) • March 1, 2024 Ivanti disputes that hackers in a production environment can establish persistence after a factory reset. (Image: Shutterstock) Corporate VPN maker Ivanti disputed findings by the U.S. […]
Microsoft’s scheduled Patch Tuesday security update for February includes fixes for two zero-day security vulnerabilities under active attack, plus 71 other flaws across a wide range of its products. In all, five of the vulnerabilities for which Microsoft issued a February patch were rated as critical, 66 as important, and two as moderate. The update […]
The software company Ivanti has identified yet another new vulnerability in one of its products requiring an immediate patch from users. In an advisory on Thursday afternoon, the company spotlighted CVE-2024-22024 — a vulnerability affecting Ivanti Connect Secure, Ivanti Policy Secure and ZTA gateways. The vulnerability carries a severity score of 8.3 and “allows an […]
Mastodon users and administrators need to upgrade to the latest version to patch a critical vulnerability (CVE-2024-23832) that allows attackers to take over accounts remotely.
Citrix warns admins to immediately patch NetScaler for actively exploited zero-days Pierluigi Paganini January 17, 2024 Citrix fixed two actively exploited zero-day vulnerabilities impacting Netscaler ADC and Gateway appliances. Citrix warns customers to install security updates to address two actively exploited zero-day vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, impacting Netscaler ADC and Gateway appliances. “Exploits […]