Security News
Another new ransomware gang, this one dubbed EstateRansomware, is exploiting a Veeam vulnerability that was patched more than a year ago to drop file-encrypting malware, a LockBit variant, and extort payments from victims. Veeam fixed the flaw, tracked as CVE-2023-27532, in March 2023 for versions 12/11a and later of its backup and replication software.
Patch Tuesday Clear your Microsoft system administrator's diary: The bundle of fixes in Redmond's July Patch Tuesday is a doozy, with at least two bugs under active exploitation. The first of two vulnerabilities for sure under active exploit - CVE-2024-38080 - is a Windows Hyper-V elevation of privilege flaw with a 7.8-out-of-10 CVSS rating, which Microsoft deemed "Important."
Today is Microsoft's July 2024 Patch Tuesday, which includes security updates for 142 flaws, including two actively exploited and two publicly disclosed zero-days. [...]
Microsoft temporarily pulled and then re-released the Windows 11 preview update KB5039302, originally released on June 25th. The original preview was causing reboots on systems using virtualization, such as Azure Virtual Desktop and VMware. Per the announcement, all Kaspersky products must be removed by September 29th. Just as a reminder, last month Microsoft released the final updates for Windows 10 21H2 Education and Enterprise editions.
GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment (CI/CD)...
A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed....
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Information regarding which content is presented to you and how you interact with it can be used to determine whether the content e.g. reached its intended audience and matched your interests.
A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors in the wild. The vulnerability, tracked as CVE-2024-28995...
VMware has issued a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws. VMware vCenter Server is a central management platform for VMware vSphere, enabling the management of virtual machines and ESXi hosts.
A proof-of-concept exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in attacks. CVE-2024-29855, rated 9.0 as per CVSS v3.1, is an authentication bypass vulnerability impacting Veeam Recovery Orchestrator versions 7.0.0.337 and 7.1.0.205 and older.