CERT-IN Warns of Critical Vulnerabilities in Google Chrome
CERT-IN warns of critical vulnerabilities in Google Chrome that could expose users to remote attacks. Users are urged to update to version 128.0.6613.119 or newer to safeguard their systems against these serious ‘use after free’ vulnerabilities, which could allow unauthorized access. Stay secure by practicing good cybersecurity habits and keeping software up to date.
CISA Warns of Exploited Twilio Authy Vulnerability
The U.S. CISA has issued a cybersecurity alert regarding a critical vulnerability in Twilio’s Authy service (CVE-2024-39891), which is being actively exploited. This information disclosure issue affects Authy app versions on Android and iOS, allowing unauthorized access to sensitive phone numbers. Twilio urges users to update their apps immediately to prevent potential phishing attacks. Organizations are advised to take these warnings seriously and enhance their security measures to protect sensitive data.
Critical Zero-Click RCE Vulnerability Discovered in Microsoft Outlook Applications
Discover the critical vulnerability CVE-2024-38021 impacting Microsoft Outlook applications, allowing zero-click remote code execution. Learn about the risks posed, the timeline of events, and the importance of immediate action to deploy patches and enhance email security measures.
Security Vulnerability Discovered in Sleep Number Beds
Discover the potential security vulnerability in Sleep Number beds uncovered by computer engineer Dillan Mills. Find out how Mills found a backdoor-like connection that allows remote access to the bed’s control hub, raising concerns about privacy and security. Learn how users can take control of their bed’s network connectivity to mitigate the risk of unauthorized access.
GitLab Releases Updates to Address Dozens of Vulnerabilities
GitLab has released updates to address over a dozen vulnerabilities in its Community Edition and Enterprise Edition software, including a critical bug that could allow for automated pipeline execution. Organizations are urged to update to versions 17.1.1, 17.0.3, and 16.11.5 to mitigate security risks.
Millions of OpenSSH Servers at Risk Due to Newly Disclosed Vulnerability
Millions of OpenSSH servers are at risk of a newly disclosed vulnerability, regreSSHion (CVE-2024-6387), allowing unauthenticated remote code execution. Exploiting a signal handler race condition in ‘sshd’, attackers can gain root privileges on glibc-based Linux systems. With over 14 million potentially vulnerable instances, organizations must address this critical threat promptly to prevent system takeovers and malware installations.
U.S. Government Issues Critical Warning to Google Pixel Users About Firmware Vulnerability
U.S. government issues critical warning to Google Pixel users about CVE-2024-32896 firmware vulnerability, urging immediate action before July 4 deadline. GrapheneOS highlights risk extends beyond Pixels, emphasizing need for prompt updates and vigilance to mitigate potential security risks.
Critical Vulnerability Discovered in Microsoft Power BI Exposes Sensitive Data
Discover the critical vulnerability in Microsoft Power BI that exposes sensitive data to unauthorized users. Learn why prompt action is crucial to mitigate this security threat and protect your organization’s data. Stay informed about cybersecurity threats and take proactive steps to enhance your data security.
Microsoft Addresses Dangerous DNSSEC Flaws
Microsoft recently addressed a dangerous DNSSEC zero-day flaw, CVE-2023-50868, affecting a third-party DNSSEC mechanism called NSEC3. The delay in releasing a fix raised questions about Microsoft’s response time. Researchers also discovered another serious DNSSEC flaw, ‘KeyTrap’ (CVE-2023-50387), capable of impacting up to 31% of all DNS servers. Both vulnerabilities allow attackers to overload DNS resolvers’ CPU cycles, leading to unresponsiveness and facilitating DNS cache poisoning.
Top 5 Critical CVEs Identified in May 2024
May brought a fresh wave of security concerns with critical vulnerabilities in popular software like Apache, Gitlab, and Github. Discover the top 5 CVEs demanding immediate attention to ensure security, including CVE-2024-27348 in Apache HugeGraph-Server allowing for unauthenticated RCE.