Critical Zero-Click RCE Vulnerability Discovered in Microsoft Outlook Applications
Discover the critical vulnerability CVE-2024-38021 impacting Microsoft Outlook applications, allowing zero-click remote code execution. Learn about the risks posed, the timeline of events, and the importance of immediate action to deploy patches and enhance email security measures.
GitLab Releases Updates to Address Dozens of Vulnerabilities
GitLab has released updates to address over a dozen vulnerabilities in its Community Edition and Enterprise Edition software, including a critical bug that could allow for automated pipeline execution. Organizations are urged to update to versions 17.1.1, 17.0.3, and 16.11.5 to mitigate security risks.
Millions of OpenSSH Servers at Risk Due to Newly Disclosed Vulnerability
Millions of OpenSSH servers are at risk of a newly disclosed vulnerability, regreSSHion (CVE-2024-6387), allowing unauthenticated remote code execution. Exploiting a signal handler race condition in ‘sshd’, attackers can gain root privileges on glibc-based Linux systems. With over 14 million potentially vulnerable instances, organizations must address this critical threat promptly to prevent system takeovers and malware installations.
Top 5 Critical CVEs Identified in May 2024
May brought a fresh wave of security concerns with critical vulnerabilities in popular software like Apache, Gitlab, and Github. Discover the top 5 CVEs demanding immediate attention to ensure security, including CVE-2024-27348 in Apache HugeGraph-Server allowing for unauthenticated RCE.
Backdoor Found in XZ Utilities Used by Many Linux Distros (CVE-2024-3094)
A vulnerability (CVE-2024-3094) has been discovered in XZ Utils, the XZ format compression utilities that are included in most Linux distributions. This vulnerability, as warned by Red Hat, may allow a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely. The cause of the vulnerability has been identified as malicious code present in versions 5.6.0 and 5.6.1 of the xz libraries. Red Hat has identified the vulnerable packages in Fedora 41 and Fedora Rawhide, urging users of those distros to immediately stop using them. The discovery of malicious code in the latest versions of the xz libraries highlights the critical importance of maintaining vigilance and expertise in cybersecurity.