Aug 16, 2024 | VULNERABILITIES AND UPDATES
Researchers have warned of a new vulnerability in NetSuite’s SuiteCommerce tool that could expose sensitive data. Stemming from misconfigured access controls, the vulnerability leaves sensitive personally identifiable information (PII) exposed, including the full...
Aug 16, 2024 | VULNERABILITIES AND UPDATES
Google and a cybersecurity company are disputing over claims that an application on Android phones left the devices vulnerable to cyberattacks and spyware. On Thursday, cybersecurity company iVerify published a report about an Android package called...
Aug 16, 2024 | VULNERABILITIES AND UPDATES
Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode. Tracked as CVE-2024-38058, this important severity security flaw can...
Aug 16, 2024 | VULNERABILITIES AND UPDATES
Researchers have found a way to manipulate the credential validation process in Microsoft Entra ID identity environments that they say attackers can use to bypass authentication in hybrid identity infrastructures. The attack would require an adversary to have admin...
Aug 16, 2024 | VULNERABILITIES AND UPDATES
Security experts are ratcheting up the urgency for Windows sysadmins to patch a pre-auth remote code execution vulnerability in the Windows TCP/IP stack, warning that zero-click exploitation is very likely. Technical details on the vulnerability, tracked as...
Aug 16, 2024 | VULNERABILITIES AND UPDATES
Trend Micro’s Zero Day Initiative (ZDI) has detailed a recently patched zero-day vulnerability that cybercriminals have exploited to bypass Windows protections. The flaw, tracked as CVE-2024-38213 and named Copy2Pwn by ZDI, was fixed by Microsoft in June 2024, but it...
