Microsoft Addresses Dangerous DNSSEC Flaws
Microsoft recently addressed a dangerous DNSSEC zero-day flaw, CVE-2023-50868, affecting a third-party DNSSEC mechanism called NSEC3. The delay in releasing a fix raised questions about Microsoft’s response time. Researchers also discovered another serious DNSSEC flaw, ‘KeyTrap’ (CVE-2023-50387), capable of impacting up to 31% of all DNS servers. Both vulnerabilities allow attackers to overload DNS resolvers’ CPU cycles, leading to unresponsiveness and facilitating DNS cache poisoning.
Top 5 Critical CVEs Identified in May 2024
May brought a fresh wave of security concerns with critical vulnerabilities in popular software like Apache, Gitlab, and Github. Discover the top 5 CVEs demanding immediate attention to ensure security, including CVE-2024-27348 in Apache HugeGraph-Server allowing for unauthenticated RCE.
Veeam Warns Customers of Critical Security Vulnerability in Backup Enterprise Manager
Veeam issues critical security warning to customers regarding a vulnerability in Veeam Backup Enterprise Manager (VBEM) that could lead to unauthorized access. Users urged to update to version 12.1.2.172 or deactivate services to mitigate risk. Previous security incidents involving Veeam products highlighted, emphasizing the importance of staying vigilant against potential threats.
New Zero-Day Vulnerability Discovered in Windows Operating Systems
Cybersecurity experts have identified a new zero-day vulnerability in Windows operating systems, known as CVE-2024-30051, that could lead to privilege escalation. A patch was released by Microsoft on May 14, 2024, following the discovery of an exploit for this vulnerability. Users are advised to update their systems to prevent potential attacks.
Secureworks Integrates Threat Detection and Vulnerability Risk for Enhanced Resolution Processes
Secureworks announces a groundbreaking integration of threat detection and vulnerability risk to enhance threat resolution processes. By merging vulnerability context with threat detection and response, Secureworks aims to reduce security gaps and improve overall security resilience. This integration allows for faster investigation and remediation plans, ultimately enhancing an organization’s security posture.
Google and Mozilla Release Security Updates for Chrome and Firefox to Address High-Severity Flaws
Google and Mozilla have released security updates for Chrome and Firefox, fixing over 35 vulnerabilities, with a focus on high-severity flaws. Chrome 124 comes with patches for critical bugs, including object corruption in V8 JavaScript engine and WebAssembly, with bug bounty rewards totaling $65,000. Firefox 125 addresses 15 vulnerabilities, with five high-severity issues in the JIT component. Mozilla also released Firefox ESR 115.10 for enhanced security.
Study Reveals GPT-4’s Impressive Success in Exploiting Cybersecurity Vulnerabilities
A groundbreaking study explores the impressive capabilities of GPT-4, a large language model, in autonomously exploiting vulnerabilities in real-world systems. With a success rate of 87% when provided with detailed CVE descriptions, GPT-4 outperforms other models and scanners. However, the study highlights the model’s dependency on comprehensive vulnerability data for successful exploitation, prompting ethical considerations in cybersecurity.
Unpatched Vulnerability in D-Link NAS Devices Exploited in the Wild
An unpatched vulnerability affecting D-Link network-attached storage (NAS) devices has been discovered and is reportedly being exploited in the wild. The vulnerability, identified as CVE-2024-3273, impacts several D-Link NAS models, enabling unauthenticated attackers to execute arbitrary commands on the device. Despite D-Link’s advisory to discontinue using affected devices, exploitation attempts have been observed, highlighting the ongoing threat to D-Link devices and the need for proactive security measures.
Urgent Warning for Google Chrome Users on Windows
Google Chrome users on Windows are urged to update their browser immediately due to critical security fixes for CVE-2024-2883 and three high-risk issues. The ‘use after free’ vulnerability could potentially allow attackers to run arbitrary code on users’ PCs. Google aims to deploy the patch within 30 days, emphasizing the urgency of the situation. It is crucial for Windows users to update their browsers to mitigate the risk of exploitation and protect their devices from potential security threats.
New Vulnerability in Apple’s M-Series Chips Allows Secret Key Extraction
A newly discovered vulnerability in Apple’s M-series of chips has been revealed, allowing attackers to extract secret keys from Macs during cryptographic operations. The flaw cannot be directly patched and may impact the performance of M-series chips. Security experts emphasize the need for urgent action to prevent potential exploitation by attackers.