27 Dec, 2024

SolarWinds fixes critical RCE bug affecting all Web Help Desk versions

A critical vulnerability in SolarWinds’ Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a security advisory today. The company has released a hotfix and says that the security issue, tracked as CVE-2024-28986, is a Java deserialization that would allow an attacker to run commands […]

1 min read

Tips & Tricks For Sending Text Messages on iPhone

Get more out of your iPhone text messages with these simple and advanced tips for using iMessage. Easily react to messages or use fun effects with just a few taps. Make texting on your iPhone more than just typing words on a screen. These tips and tricks will help you improve the way you communicate, whether you’re […]

7 mins read

Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now

Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems using IPv6, which is enabled by default. Found by Kunlun Lab’s XiaoWei and tracked as CVE-2024-38063, this security bug is caused by an Integer Underflow weakness, which attackers could exploit to trigger buffer overflows […]

3 mins read

3AM ransomware stole data of 464,000 Kootenai Health patients

Kootenai Health has disclosed a data breach impacting over 464,000 patients after their personal information was stolen and leaked by the 3AM ransomware operation. Kootenai Health is a not-for-profit healthcare provider in Idaho, operating the largest hospital in the region, offering a wide range of medical services, including emergency care, surgery, cancer treatment, cardiac care, […]

2 mins read

Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited

Today is Microsoft’s August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day. This Patch Tuesday fixed eight critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution, and […]

15 mins read

Ivanti warns of critical vTM auth bypass with public exploit

​Today, Ivanti urged customers to patch a critical authentication bypass vulnerability impacting Virtual Traffic Manager (vTM) appliances that can let attackers create rogue administrator accounts. Ivanti vTM is a software-based application delivery controller (ADC) that provides app-centric traffic management and load balancing for hosting business-critical services. Tracked as CVE-2024-7593, this auth bypass vulnerability is due […]

3 mins read

Critical SAP flaw allows remote attackers to bypass authentication

SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the system. The flaw, tracked as CVE-2024-41730 and rated 9.8 as per the CVSS v3.1 system, is a “missing authentication check” bug impacting SAP BusinessObjects Business Intelligence Platform versions 430 and […]

2 mins read

New Windows SmartScreen bypass exploited as zero-day since March

Today, Microsoft revealed that a Mark of the Web security bypass vulnerability exploited by attackers as a zero-day to bypass SmartScreen protection was patched during the June 2024 Patch Tuesday. SmartScreen is a security feature introduced with Windows 8 that protects users against potentially malicious software when opening downloaded files tagged with a Mark of […]

3 mins read

STALKER 2 Deep Dive Showcases 30 Minutes of Gameplay

GSC GameWorld has released the first developer deep dive for STALKER 2, which showcases 30 minutes of gameplay. As it stands, STALKER 2 is one of the most anticipated games for 2024, and it’s great to get a glimpse into the game with the new showcase. STALKER 2 will utilize Unreal Engine 5, which promises to feature […]

2 mins read

X faces GDPR complaints for unauthorized use of data for AI training

European privacy advocate NOYB (None of Your Business) has filed nine GDPR complaints about X using the personal data from over 60 million users in Europe to train “Grok,” the social media company’s large language model. According to NOYB, X did not inform its users that their data was being used to train AI and did […]

3 mins read