SolarWinds fixes critical RCE bug affecting all Web Help Desk versions
A critical vulnerability in SolarWinds’ Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a security advisory today. The company has released a hotfix and says that the security issue, tracked as CVE-2024-28986, is a Java deserialization that would allow an attacker to run commands […]
Tips & Tricks For Sending Text Messages on iPhone
Get more out of your iPhone text messages with these simple and advanced tips for using iMessage. Easily react to messages or use fun effects with just a few taps. Make texting on your iPhone more than just typing words on a screen. These tips and tricks will help you improve the way you communicate, whether you’re […]
Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now
Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems using IPv6, which is enabled by default. Found by Kunlun Lab’s XiaoWei and tracked as CVE-2024-38063, this security bug is caused by an Integer Underflow weakness, which attackers could exploit to trigger buffer overflows […]
3AM ransomware stole data of 464,000 Kootenai Health patients
Kootenai Health has disclosed a data breach impacting over 464,000 patients after their personal information was stolen and leaked by the 3AM ransomware operation. Kootenai Health is a not-for-profit healthcare provider in Idaho, operating the largest hospital in the region, offering a wide range of medical services, including emergency care, surgery, cancer treatment, cardiac care, […]
Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited
Today is Microsoft’s August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day. This Patch Tuesday fixed eight critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution, and […]
Ivanti warns of critical vTM auth bypass with public exploit
Today, Ivanti urged customers to patch a critical authentication bypass vulnerability impacting Virtual Traffic Manager (vTM) appliances that can let attackers create rogue administrator accounts. Ivanti vTM is a software-based application delivery controller (ADC) that provides app-centric traffic management and load balancing for hosting business-critical services. Tracked as CVE-2024-7593, this auth bypass vulnerability is due […]
Critical SAP flaw allows remote attackers to bypass authentication
SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the system. The flaw, tracked as CVE-2024-41730 and rated 9.8 as per the CVSS v3.1 system, is a “missing authentication check” bug impacting SAP BusinessObjects Business Intelligence Platform versions 430 and […]
New Windows SmartScreen bypass exploited as zero-day since March
Today, Microsoft revealed that a Mark of the Web security bypass vulnerability exploited by attackers as a zero-day to bypass SmartScreen protection was patched during the June 2024 Patch Tuesday. SmartScreen is a security feature introduced with Windows 8 that protects users against potentially malicious software when opening downloaded files tagged with a Mark of […]
STALKER 2 Deep Dive Showcases 30 Minutes of Gameplay
GSC GameWorld has released the first developer deep dive for STALKER 2, which showcases 30 minutes of gameplay. As it stands, STALKER 2 is one of the most anticipated games for 2024, and it’s great to get a glimpse into the game with the new showcase. STALKER 2 will utilize Unreal Engine 5, which promises to feature […]
X faces GDPR complaints for unauthorized use of data for AI training
European privacy advocate NOYB (None of Your Business) has filed nine GDPR complaints about X using the personal data from over 60 million users in Europe to train “Grok,” the social media company’s large language model. According to NOYB, X did not inform its users that their data was being used to train AI and did […]