Three vulnerabilities were patched in the recent Edge release. Two are Remote Code Execution vulnerabilities and are considered a Type Confusion in V8, they allow a remote attacker to exploit heap corruption via a crafted HTML page. These vulnerabilities are CVE-2024-1939 and CVE-2024-1938. The other vulnerability is a low severity information disclosure vulnerability present in Microsoft Edge for Android. It is classified as CVE-2024-26186. These vulnerabilities are fixed in the latest Microsoft Edge Stable Channel, 122.0.2363.63.
A vulnerability has been discovered and patched in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software.
On the 21st of February, a significant cybersecurity incident was reported by Change Healthcare, a leading provider of healthcare technology...
A vulnerability has been discovered in Vim, an open-source text editor program. It is identified as CVE-2024-22667 (CVSSv3: 7.8) and is a stack-based...
ConnectWise has released a security update for its ScreenConnect software. Two vulnerabilities are associated with the patch...
VMware has released an advisory regarding two vulnerabilities, CVE-2024-22245 (CVSSv3:9.6) and CVE-2024-22250 (CVSSv3:7.8) which impact the VMware Enhanced Authentication Plug-in (EAP). They are arbitrary authentication relay and session hijack vulnerabilities which exist in the depreciated EAP plug-in. VMware advises users to remove this component from impacted environments. These vulnerabilities were attributed to VMware to Ceri Coburn from Pen Test Partners as the reporter of them.
Every second Tuesday of the month, Microsoft releases many security fixes to several of its software solutions, this is known as “Patch Tuesday.” This time around there have been several critical vulnerabilities and zero-days which have been remediated with the recent fixes. A total of two zero-day vulnerabilities and five critical vulnerabilities alongside 60+ other various vulnerabilities of varying severity. This report will only cover the most critical/notable vulnerabilities.
In late January 2024, two prominent French healthcare payment service providers, Viamedis and Almerys, fell victim to significant data breaches, impacting over 33 million people, nearly half of France's population. This event marks one of the most consequential cyberattacks in the nation's recent history. Viamedis and Almerys, known for their technological and administrative solutions facilitating transactions within France's intricate insurance coverage system, had sensitive data compromised.
A vulnerability has been disclosed in FortiOS and FortiProxy. The vulnerability is categorized as CVE-2024-21762 and has a 9.6 (Critical) CVSS score. The vulnerability allows for a remote unauthenticated attacker to craft HTTP requests to execute unexpected or unauthorized code or commands. This vulnerability has been added to CISA’s known exploited vulnerabilities catalog. This was[DFR1] a zero-day vulnerability, it is under active exploitation and needs to be fixed as soon as possible.