Microsoft Patch Tuesday, September 2024 Security Update Review

Microsoft’s September Patch Tuesday updates are out, addressing a range of vulnerabilities across multiple products. Let’s dive into the key updates and their implications. Microsoft Patch’s Tuesday, September 2024 edition addressed 79 vulnerabilities, including six critical and 71 important severity vulnerabilities. In this month’s updates, Microsoft has addressed four zero-day vulnerabilities known to be exploited … Continue reading “Microsoft Patch Tuesday, September 2024 Security Update Review”

Cisco Patches Identity Services Engine (ISE) Vulnerability with Public Exploit Code (CVE-2024-20469)

Cisco warned its customers about a security flaw impacting the Cisco Identity Services Engine (ISE), which has a publicly available exploit code. Tracked as CVE-2024-20469, the vulnerability may allow an attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. Rafal Lykowski and Alexandre Labbé of A1 Digital International … Continue reading “Cisco Patches Identity Services Engine (ISE) Vulnerability with Public Exploit Code (CVE-2024-20469)”

Veeam Patches Multiple Vulnerabilities Impacting Backup and Replication

Veeam released a security advisory to address six vulnerabilities of varying severities. Successful exploitation of the vulnerabilities may allow remote attackers to execute arbitrary code, leading to possible system compromise. One of the six vulnerabilities tracked as CVE-2024-40711 has a critical severity rating with a CVSS score of 9.8. The vulnerability may allow an attacker … Continue reading “Veeam Patches Multiple Vulnerabilities Impacting Backup and Replication”

South Korean Attackers Group Exploits WPS Office Vulnerability (CVE-2024-7262)

APT-C-60, a South Korea-aligned cyber espionage group, has been exploiting a zero-day vulnerability in the Windows version of WPS Office. Attackers exploited the vulnerability to install the SpyGlace backdoor on East Asian targets. Tracked as CVE-2024-7262, the vulnerability allows an attacker to perform remote code execution. ESET (Electronic Systems Engineering Technology) researchers have discovered and … Continue reading “South Korean Attackers Group Exploits WPS Office Vulnerability (CVE-2024-7262)”

Unauthorized Access Vulnerability in InPost PL and WooCommerce Plugin (CVE-2024-6500)

The InPost for WooCommerce and InPost PL WordPress plugins are tools designed to integrate InPost’s parcel locker delivery services with WooCommerce and WordPress websites. The InPost for WooCommerce plugin allows customers to choose InPost parcel lockers as a delivery option during checkout, streamlining shipping processes.

WordPress Multilingual Plugin (WPML) CMS Server-Side Template Injection Vulnerability (CVE-2024-6386)

A critical vulnerability has been discovered in a popular WordPress plugin called WPML, tracked as CVE-2024-6368, with a CVSS score of 9.9. Successful exploitation of the vulnerability may allow an authenticated attacker to execute arbitrary code on the vulnerable server. The vulnerability was first disclosed to WordPress in June 2024 and was fully patched in … Continue reading “WordPress Multilingual Plugin (WPML) CMS Server-Side Template Injection Vulnerability (CVE-2024-6386)”

SolarWinds Web Help Desk Hardcoded Credential Vulnerability (CVE-2024-28987)

SolarWinds released a security advisory to address a critical vulnerability impacting its Web Help Desk (WHD). Tracked as CVE-2024-28987, the vulnerability has a CVSS score of 9.1. Successful exploitation of the vulnerability may allow a remote, unauthenticated user to access internal functionality and modify data. CISA acknowledged the active exploitation of CVE-2024-28987 by adding it … Continue reading “SolarWinds Web Help Desk Hardcoded Credential Vulnerability (CVE-2024-28987)”

Google Patches Ninth Chrome Zero-day Vulnerability of the Year (CVE-2024-7971)

For the ninth time this year, Google Chrome users are urged to update their browsers immediately as a new zero-day vulnerability has been discovered. Google released a security advisory to address the zero-day vulnerability tracked as CVE-2024-7971. CVE-2024-7971 is a type confusion vulnerability in Chrome’s V8 JavaScript engine. Security researchers with the Microsoft Threat Intelligence … Continue reading “Google Patches Ninth Chrome Zero-day Vulnerability of the Year (CVE-2024-7971)”

GitHub Patches Multiple Security Vulnerabilities (CVE-2024-6800, CVE-2024-6337, & CVE-2024-7711)

GitHub released security advisories to address three security vulnerabilities in Enterprise Server (GHES). Tracked as CVE-2024-6800, CVE-2024-6337, & CVE-2024-7711, these vulnerabilities may allow attackers to gain unauthorized access and manipulate repositories. CVE-2024-6800 has been given a critical severity rating with a CVSS score of 9.5.