vulnerability - Geek Feed

Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now

August 14, 2024August 14, 2024 geekfeed0Tagged IPv6, rce, Remote Code Execution, TCP/IP, vulnerability, windows, Windows exploit, Windows RCE, Zero-Click

Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems using IPv6, which is enabled by default. Found by Kunlun Lab’s XiaoWei and tracked as CVE-2024-38063, this security bug is caused by an Integer Underflow weakness, which attackers could exploit to trigger buffer overflows […]

3 mins read

Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited

August 14, 2024August 14, 2024 geekfeed0Tagged Actively Exploited, microsoft, Patch Tuesday, Security Update, vulnerability, windows, windows update, Zero-Day

Today is Microsoft’s August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day. This Patch Tuesday fixed eight critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution, and […]

15 mins read

Critical SAP flaw allows remote attackers to bypass authentication

August 14, 2024August 14, 2024 geekfeed0Tagged Authentication Bypass, bypass authentication, Critical SAP flaw, SAP, SSRF, vulnerability

SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the system. The flaw, tracked as CVE-2024-41730 and rated 9.8 as per the CVSS v3.1 system, is a “missing authentication check” bug impacting SAP BusinessObjects Business Intelligence Platform versions 430 and […]

2 mins read

Fake X content warnings on Ukraine war, earthquakes used as clickbait

August 12, 2024August 12, 2024 geekfeed0Tagged clickbait, fake content, Fraud, phishing, Redirect, Scam, twitter, Twitter bots, vulnerability, X users

X has always had a bot problem, but now scammers are utilizing the Ukraine war and earthquake warnings in Japan to entice users into clicking on fake content warnings and videos that lead to scam adult sites, malicious browser extensions, and shady affiliate sites. For months, X has been flooded with posts that contain what […]

2 mins read

Microsoft discloses unpatched Office flaw that exposes NTLM hashes

August 11, 2024August 11, 2024 geekfeed0Tagged microsoft, Microsoft 365, Microsoft Office, NTLM, Office 2016, Office 2019, Office LTSC 2021, phishing, vulnerability

Microsoft has disclosed a high-severity vulnerability affecting Office 2016 that could expose NTLM hashes to a remote attacker. Tracked as CVE-2024-38200, this security flaw is caused by an information disclosure weakness that enables unauthorized actors to access protected information. It impacts multiple 32-bit and 64-bit Office versions, including Office 2016, Office 2019, Office LTSC 2021, and […]

4 mins read

Cisco warns of critical RCE zero-days in IP phones

August 9, 2024August 9, 2024 geekfeed0Tagged 0day exploit, cisco, Cisco IP Phone, EOL, hardware, IP phone, rce, Remote Command Execution, vulnerability, zero days

Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 and SPA 500 series IP phones. The vendor has not made fixes available for these devices and shared no mitigation tips, so users of those products will have to move to newer and […]

2 mins read

CISA warns about actively exploited Apache OFBiz RCE flaw

August 9, 2024August 9, 2024 geekfeed0Tagged Actively Exploited, Apache, apache exploit, Apache OFBiz, CISA, vulnerability

The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz. Apache OFBiz (Open For Business) is a popular open-source enterprise resource planning (ERP) system that provides a suite of business applications to manage various aspects of an organization. Due to its versatility and […]

2 mins read

Exploit released for Cisco SSM bug allowing admin password changes

August 9, 2024August 9, 2024 geekfeed0Tagged admin password, Administrator, cisco, Passwords, vulnerability, Warning

Cisco warns that exploit code is now available for a maximum severity vulnerability that lets attackers change any user password on unpatched Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers. As a Cisco Smart Licensing component, Cisco SSM On-Prem helps manage accounts and product licenses on an organization’s environment using a dedicated dashboard […]

2 mins read

18-year-old security flaw in Firefox and Chrome exploited in attacks

August 9, 2024August 9, 2024 geekfeed0Tagged 0day, Browser, exploit, Firefox, google chrome, Internet, network, Safari, vulnerability, web browser

A vulnerability disclosed 18 years ago, dubbed “0.0.0.0 Day”, allows malicious websites to bypass security in Google Chrome, Mozilla Firefox, and Apple Safari and interact with services on a local network. However, it should be noted that this only affects Linux and macOS devices, and does not work on Windows. For impacted devices, threat actors […]

6 mins read

Critical ServiceNow RCE flaws actively exploited to steal credentials

July 26, 2024July 26, 2024 geekfeed0Tagged rce, rce vulnerability, Remote Code Execution, ServiceNow, vulnerability

Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks. This malicious activity was reported by Resecurity, which, after monitoring it for a week, identified multiple victims, including government agencies, data centers, energy providers, and software development firms. Although the vendor released security updates […]

2 mins read