If you need to add encryption or digital signing to the Thunderbird email app (or other supporting apps) on Android, there’s one clear and easy route to success.
Latest stories for ZDNET in Security – Read More
Citrix and Fortinet have released patches for multiple vulnerabilities, including high-severity bugs in NetScaler and FortiOS.
The post Citrix, Fortinet Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
CISA, Schneider Electric, Siemens, and Rockwell Automation have released November 2024 Patch Tuesday security advisories.
The post ICS Patch Tuesday: Security Advisories Released by CISA, Schneider, Siemens, Rockwell appeared first on SecurityWeek.
SecurityWeek – Read More
Security researchers say the botnet created by China’s Volt Typhoon re-emerged recently, leveraging the same core infrastructure and techniques.
The post China’s Volt Typhoon Rebuilding Botnet appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild.
The security vulnerabilities are among the 90 security bugs the tech giant addressed as part of its Patch Tuesday update for November 2024. Of the 90 flaws, four are rated Critical, 85 are rated Important, and one is rated Moderate in
The Hacker News – Read More
Despite having only a scant focus on cybersecurity regulations a decade ago, countries in the Middle East — led by Saudi Arabia and other Gulf nations — have adopted mature frameworks and regulations amid escalating volumes of attacks.
darkreading – Read More
The Patch Tuesday for November of 2024 includes 89 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
Microsoft assessed that exploitation of the four “critical” vulnerabilities is “less likely.”
CVE-2024-43639 is a remote code execution vulnerability in Windows Kerberos that could be exploited by an attacker by creating a specially crafted application to leverage a vulnerable cryptographic protocol. While considered “critical” it was determined that exploitation is “less likely” and not been detected in the wild.
CVE-2024-43625 is a privilege escalation vulnerability in a VMSwitch driver, which is a networking component of Hyper-V. An attacker could exploit this by sending a specific series of network packets to the driver to trigger a “use after free” vulnerability in the Hyper-V host, allowing the attacker to execute arbitrary code with elevated privileges.Although classified as “critical,” exploitation was deemed “less likely” and the attack complexity considered “high.” Microsoft has not detected active exploitation of this vulnerability in the wild.
CVE-2024-43602 is a remote code execution vulnerability in Azure CycleCloud. Although marked as “critical,” Microsoft has determined that exploitation is “less likely.” If an attacker has gained basic user privileges they may be able to exploit this by sending specially crafted packets to the Azure CycleCloud cluster to gain root privileges. Microsoft has not detected active exploitation of this vulnerability in the wild.
CVE-2024-43498 is a “critical” remote code execution vulnerability in .NET and Visual Studio. Microsoft has assessed exploitation of this vulnerability as “less likely.” A remote attacker could exploit a vulnerable .NET web app by sending specially crafted packets, or loading a specially crafted file into a vulnerable application. In the wild exploitation of this vulnerability has not been detected by Microsoft.
Of the vulnerabilities included in the release, several “important” updates were listed as “exploitation more likely”. These updates are listed below:
Additionally, Talos would like to highlight the following “important” vulnerabilities as exploitation has been detected by Microsoft:
A complete list of all the other vulnerabilities Microsoft disclosed this month is available on its update page. In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Cisco Security Firewall customers should use the latest update to their ruleset by updating their SRU. Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.
The rules included in this release that protect against the exploitation of many of these vulnerabilities are 62022, 62023, 64218-64224, 64229, 64232 and 64233. There are also Snort 3 rules 301064, 300612, 301065, 301066 and 301073.
Cisco Talos Blog – Read More
The data leak was not actually due to a breach in Amazon’s systems but rather that of a third-party vendor; the supply chain incident affected several other clients as well.
darkreading – Read More
The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack.
darkreading – Read More
Teixeira pleaded guilty in March to six counts of the willful retention and transmission of national defense information under the Espionage Act.
The post Pentagon Secrets Leaker Jack Teixeira Sentenced to 15 Years in Prison by a Federal Judge appeared first on SecurityWeek.
SecurityWeek – Read More