• BleepingComputer

A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. The tact ... Read more

• tripwire.com

Tripwire's December 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe.First on the list is a notice about Windows Common Log File System Driver (CLFS). ... Read more

• The Hacker News

Cybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that's disguised as an employee CRM application as part of a su ... Read more

• Help Net Security

Welcome to 2025 and a new year of patch excitement! In my December article, I talked about Microsoft’s Secure Future Initiative (SFI) and how it manifested in many of the Microsoft products released i ... Read more

• The Register

Security researchers are once again being lured into traps by attackers, this time with fake exploits of serious Microsoft security flaws. Trend Micro spotted what appears to be a fork of the legitima ... Read more

• Trend Micro

In December 2024, two critical vulnerabilities in Microsoft's Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft’s monthly Patch Tuesday release. Both vulnerabilities we ... Read more

• The Hacker News

Every tap, click, and swipe we make online shapes our digital lives, but it also opens doors—some we never meant to unlock. Extensions we trust, assistants we rely on, and even the codes we scan are t ... Read more

• TheCyberThrone

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, January 04, 2025.CVE-2024-56512 impacts A ... Read more

• TheCyberThrone

CVE-2024-11944 is a vulnerability identified in iXsystems TrueNAS CORE. This vulnerability is classified as a Directory Traversal and Remote Code Execution (RCE) flaw. The exploitation of this vulnera ... Read more

• Trend Micro

In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112, a remote code execution (RCE) f ... Read more

• TheCyberThrone

The CVE-2024-49113 vulnerability is a significant Denial of Service (DoS) issue found in the Windows Lightweight Directory Access Protocol (LDAP). SafeBreach Labs developed the exploit code, which has ... Read more

• The Hacker News

Windows Server / Threat Mitigation A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger ... Read more

• Dark Reading

Source: Andriy Popov via Alamy Stock PhotoOne of two critical Active Directory Domain Controller vulnerabilities patched by Microsoft last month goes beyond the original denial-of-service (DoS) attack ... Read more

• TheCyberThrone

CVE-2024-12108 with a CVSS score of 9.6 is a critical security vulnerability affecting WhatsUp Gold, a network monitoring software developed by Progress Software Corporation.Affected VersionsThe vulne ... Read more

• TheCyberThrone

The CVE-2024-49112 vulnerability, identified as LDAPNightmare, has seen the release of a Proof-of-Concept (PoC) code by SafeBreach Labs. This particular security flaw is critical as it affects the Win ... Read more

• Cybersecurity News

Starlink recently announced on its official X account that it will soon launch the V3 satellites, which are expected to significantly enhance its satellite internet service by increasing bandwidth and ... Read more

• Cybersecurity News

SafeBreach Labs revealed a zero-click vulnerability in the Windows Lightweight Directory Access Protocol (LDAP) service, dubbed “LDAP Nightmare”. This critical vulnerability, tracked as CVE-2024-49112 ... Read more

• TheCyberThrone

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the biweekly ending Saturday, December 28, 2024.Indian users are ta ... Read more

• Cybersecurity News

Security researcher Abdelrhman Zayed, in collaboration with Mohamed Abdelhady, has published proof-of-concept (PoC) exploit code for CVE-2024-45387, a critical SQL injection vulnerability in Apache Tr ... Read more

• TheCyberThrone

In 2024, Microsoft’s Patch Tuesday updates played a critical role in addressing security vulnerabilities across various platforms. Throughout the year, a total of 1,000+ vulnerabilities were patched, ... Read more

• TheCyberThrone

The US CISA has added new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitationCVE-2021-44207: Acclaim Systems USAHERDS Use of Hard-Coded Credentials V ... Read more

• TheCyberThrone

Incident DiscoveryOn December 2, 2024, BeyondTrust identified a significant security breach during a forensics investigation. This discovery set off a series of urgent actions to mitigate the impact a ... Read more

• Cybersecurity News

The Apache Software Foundation recently released a critical security update to address a remote code execution (RCE) vulnerability in Apache Tomcat, identified as CVE-2024-56337. This vulnerability af ... Read more

• TheCyberThrone

Foxit Software recently released an essential security update for its Foxit PDF Reader and Foxit PDF Editor applications to address multiple critical vulnerabilities. These flaws included remote code ... Read more

• TheCyberThrone

In 2024, the cybersecurity landscape saw a significant number of exploited vulnerabilities, highlighting the ongoing challenges organizations face in protecting their systems and data.Some key trends ... Read more

• TheCyberThrone

Sophos released patches for three critical security vulnerabilities in their widely-used network security tool, Sophos Firewall that posed significant risks, including remote code execution and privil ... Read more

• CrowdStrike.com

Microsoft has released security updates for 71 vulnerabilities in its December 2024 Patch Tuesday rollout. Among these are 16 Critical vulnerabilities and one zero-day affecting the Windows Common Log ... Read more

• TheCyberThrone

Fortinet has released patches for vulnerabilities affecting its popular products, including FortiClient VPN, FortiManager, and FortiWLM. These flaws range from password exposure to remote code executi ... Read more

• CrowdStrike.com

Microsoft has released security updates for 71 vulnerabilities in its December 2024 Patch Tuesday rollout. Among these are 16 Critical vulnerabilities and one zero-day affecting the Windows Common Log ... Read more

• CrowdStrike.com

Microsoft has released security updates for 71 vulnerabilities in its December 2024 Patch Tuesday rollout. Among these are 16 Critical vulnerabilities and one zero-day affecting the Windows Common Log ... Read more

• CrowdStrike.com

Microsoft has released security updates for 71 vulnerabilities in its December 2024 Patch Tuesday rollout. Among these are 16 Critical vulnerabilities and one zero-day affecting the Windows Common Log ... Read more

• CrowdStrike.com

Microsoft has released security updates for 71 vulnerabilities in its December 2024 Patch Tuesday rollout. Among these are 16 Critical vulnerabilities and one zero-day affecting the Windows Common Log ... Read more

• CrowdStrike.com

Microsoft has released security updates for 71 vulnerabilities in its December 2024 Patch Tuesday rollout. Among these are 16 Critical vulnerabilities and one zero-day affecting the Windows Common Log ... Read more

• CrowdStrike.com

Microsoft has released security updates for 71 vulnerabilities in its December 2024 Patch Tuesday rollout. Among these are 16 Critical vulnerabilities and one zero-day affecting the Windows Common Log ... Read more

• TheCyberThrone

The Clop ransomware gang has recently claimed responsibility for a series of sophisticated data theft attacks targeting Cleo, a prominent provider of managed file transfer software. These attacks expl ... Read more

• TheCyberThrone

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the weeks ending Saturday, November 30, 2024.Jenkins fixes multiple ... Read more

• TheCyberThrone

The US CISA adds Cleo vulnerability to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitation reported.Security vendor Huntress was the first to publicize the attacks ... Read more

• TheCyberThrone

GitLab has released a crucial security update to address multiple vulnerabilities impacting various versions of its platform. This update, applicable to versions 17.6.2, 17.5.4, and 17.4.6 for both Co ... Read more

• TheCyberThrone

Apache Struts framework has been detected with a critical vulnerability that could allow attackers to execute malicious code remotely, posing a significant risk to affected systems.The vulnerability t ... Read more

• TheCyberThrone

A critical vulnerability identified has been discovered in the Splunk Secure Gateway app, affecting various versions of Splunk Enterprise and the Splunk Cloud Platform.The vulnerability tracked as CVE ... Read more

• TheCyberThrone

Cybersecurity researchers at Oasis Security have discovered a significant vulnerability in Microsoft’s Multi-Factor Authentication (MFA) system, which they have named AuthQuake.This vulnerability allo ... Read more

• TheCyberThrone

The Apache Software Foundation has announced the release of Apache Superset 4.1.0 with several bug fixes that could potentially allow attackers to bypass security controls, access sensitive data, and ... Read more

• TheCyberThrone

Google has released updates for its Chrome browser, addressing several security vulnerabilities, including two important vulnerabilities.The first vulnerability tracked as CVE-2024-12381 with a CVSSv3 ... Read more

• security.nl

Verschillende kritieke kwetsbaarheden in het Windows Lightweight Directory Access Protocol (LDAP) maken remote code execution door ongeauthenticeerde aanvallers mogelijk, zo waarschuwt Microsoft, dat ... Read more

• TheCyberThrone

The US CISA adds Microsoft vulnerability to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitation.The vulnerability tracked as CVE-2024-49138 with a CVSS score of 7. ... Read more

• The Hacker News

Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild. Of the 7 ... Read more

• krebsonsecurity.com

Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing ... Read more

• Cybersecurity News

Microsoft has released its December 2024 Patch Tuesday security update, addressing a total of 73 vulnerabilities across its product portfolio. This comprehensive update includes fixes for 16 critical ... Read more

• Dark Reading

Source: Zoonar GmbH via Alamy Stock PhotoA Windows zero-day security vulnerability under active exploit leads Microsoft's December 2024 Patch Tuesday security update, which hardly constitutes a sleigh ... Read more

• Help Net Security

On December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of its products, including a zero-day (CVE-2024-49138) that’s been exploited by attackers in the wild to execute code ... Read more

• The Register

Patch Tuesday Microsoft hasn't added too much coal to the stocking this Patch Tuesday, with just 72 fixes, only one of which scored more than nine on the CVSS threat ranking scale. Of more immediate c ... Read more

• tripwire.com

Today’s VERT Alert addresses Microsoft’s December 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1136 as soon as coverage is completed.I ... Read more

• BleepingComputer

Today is Microsoft's December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vulnerability.This Patch Tuesday fixed sixteen critical vulner ... Read more

• TheCyberThrone

A critical use-after-free vulnerability, tracked as CVE-2024-38193 with a CVSS score of 7.8, has been discovered in the afd.sys Windows driver that allows attackers to escalate privileges and execute ... Read more

• TheCyberThrone

The Django team has released Django 5.1.4, Django 5.0.10, and Django 4.2.17 versions to address two security vulnerabilities.The first vulnerability tracked as CVE-2024-53907 with a CVSS score of 7.5 ... Read more

• TheCyberThrone

SonicWall has released patches for several (six) vulnerabilities impacting its SMA 100 series SSL-VPN products. These flaws range from path traversal issues inherited from the Apache HTTP Server to cr ... Read more

• TheCyberThrone

SailPoint IdentityIQ has been affected by a critical vulnerability, that could allow sensitive data exposureThe vulnerability tracked as CVE-2024-10905 with a CVSS score of 10.0, stems from improper a ... Read more

• TheCyberThrone

The CISA has warned about a critical vulnerability in CyberPanel tracked as CVE-2024-51378, is being actively exploited by attackers to deploy ransomware and added to the known exploited vulnerability ... Read more

• TheCyberThrone

Security researchers have published a proof-of-concept (PoC) exploit for CVE-2024-8785 with a CVSS score of 9.8, a critical remote code execution vulnerability affecting Progress WhatsUp Gold,A critic ... Read more

• TheCyberThrone

Google has released patches for a high severity vulnerability in its popular  Chrome web browser residing within the V8 JavaScript engine and allow attackers to execute arbitrary code on users’ system ... Read more

• TheCyberThrone

The US CISA has added the below vulnerabilities to its Known Exploited Vulnerabilities Catalog based on the evidence of active exploitation.CVE-2023-45727 Tracked as CWE-611, North Grid Proself Enterp ... Read more

• TheCyberThrone

IBM has  released patches for multiple vulnerabilities, that could lead to a remote code execution to hard-coded credentials and privilege escalation that potentially compromising sensitive data and d ... Read more