Security News

Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability
2024-03-11 04:28

Infosec in brief Cybersecurity researchers informed Microsoft that Notorious North Korean hackers Lazarus Group discovered the "Holy grail" of rootkit vulnerabilities in Windows last year, but Redmond still took six months to patch the problem. Avast claims Lazarus Group used the vulnerability to obtain read/write primitive on the Windows kernel and install their FudModule rootkit, but Microsoft's opinion on the severity of admin-to-kernel exploits meant it didn't prioritize the matter, waiting until February's patch Tuesday to fix the issue, which it tagged as CVE-2024-21338, with a CVSS score of 8/10. "Some Windows components and configurations are explicitly not intended to provide a robust security boundary," Microsoft states on its Security Servicing criteria page.

Week in review: Attackers use phishing emails to steal NTLM hashes, Patch Tuesday forecast
2024-03-10 09:00

What organizations need to know about the Digital Operational Resilience ActIn this Help Net Security interview, Kris Lovejoy, Global Security and Resilience Leader at Kyndryl, discusses the impact of the Digital Operational Resilience Act on organizations across the EU, particularly in ICT risk management and cybersecurity. Cisco patches Secure Client VPN flaw that could reveal authentication tokensCisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which could be exploited by unauthenticated, remote attackers to grab users' valid SAML authentication token.

Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client
2024-03-08 08:09

Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with that of a targeted...

March 2024 Patch Tuesday forecast: A popular framework updated
2024-03-08 06:45

The February 2024 Patch Tuesday was pretty typical, with the standard Microsoft Windows, Office, and Exchange Server updates. Before we get to the March 2024 Patch Tuesday forecast, I want to provide information on the updated NIST framework.

Exploit available for new critical TeamCity auth bypass bug, patch now
2024-03-04 22:42

A critical vulnerability in the TeamCity On-Premises CI/CD solution from JetBrains can let a remote unauthenticated attacker take control of the server with administrative permissions. "Compromising a TeamCity server allows an attacker full control over all TeamCity projects, builds, agents and artifacts, and as such is a suitable vector to position an attacker to perform a supply chain attack" - Rapid7.

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199)
2024-03-04 16:03

JetBrains has fixed two critical security vulnerabilities affecting TeamCity On-Premises and is urging customers to patch them immediately. "Rapid7 originally identified and reported these vulnerabilities to us and has chosen to adhere strictly to its own vulnerability disclosure policy. This means that their team will publish full technical details of these vulnerabilities and their replication steps within 24 hours of this notice," the company stated today.

Enhancing security through proactive patch management
2024-03-04 04:00

Despite its importance, patching can be challenging for organizations due to factors such as the sheer volume of patches released by software vendors, compatibility issues with existing systems, and the need to balance security with operational continuity. To ensure effective patch management, organizations should establish clear policies and procedures for patching, automate patch deployment where possible, regularly scan for vulnerabilities, prioritize patches based on risk, and conduct thorough testing before deployment.

ConnectWise urges ScreenConnect admins to patch critical RCE flaw
2024-02-20 16:48

ConnectWise warned customers to patch their ScreenConnect servers immediately against a maximum severity flaw that can be used in remote code execution attacks. ConnectWise has yet to assign CVE IDs to the two security flaws that impact all servers running ScreenConnect 23.9.7 and prior.

Critical Flaws Found in ConnectWise ScreenConnect Software  - Patch Now
2024-02-20 10:38

ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a critical bug that could enable remote code execution on...

Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP!
2024-02-20 10:02

ConnectWise has fixed two vulnerabilities in ScreenConnect that could allow attackers to execute remote code or directly impact confidential data or critical systems. ConnectWise ScreenConnect is a remote desktop software solution popular with managed services providers and businesses they offer services to, as well as help desk teams.