Citrix recently informed its customers about a vulnerability in the PuTTY SSH client that could potentially allow attackers to steal a XenCenter administrator’s private SSH key. XenCenter is a tool used to manage Citrix Hypervisor environments from a Windows desktop and is responsible for tasks like monitoring and deploying virtual machines. This security flaw, identified … Read more
Millions of Google Chrome users are being urged to update their browsers immediately after a dangerous “high-level” vulnerability was discovered by researchers. The vulnerability, known as CVE-2024-5274, is a type confusion bug in the V8 JavaScript and WebAssembly engine. Google’s Threat Analysis team and Chrome Security flagged the issue on May 20, revealing that it … Read more
Xfinity, a subsidiary of Comcast Corporation, recently confirmed that more than 35 million of its customers were impacted by a data breach linked to the Citrix Bleed vulnerability. This cyberattack, which occurred in mid-October, resulted in the theft of usernames and encrypted passwords. Citrix first announced the discovery of the critical vulnerability CVE-2023-4966 on October … Read more
Google has acknowledged and is addressing an issue with Chrome for Android that is causing blank tabs to appear. The problem arises when users switch between open tabs, temporarily causing web page content to disappear. This issue has been noticed by many users, including the author of an article on Android Police. The fix for … Read more
Google has released a new update for Chromecast with Google TV, focusing on security and stability. The update, codenamed STTE.240315.002, includes important security patches that increase the Android security patch level until April 2024. This 134 MB update is the fourth in just five months, surpassing the previous year’s update schedule. While the official changelog … Read more
Citrix recently informed its customers about a security vulnerability in the PuTTY SSH client that could potentially allow attackers to steal a XenCenter administrator’s private SSH key. XenCenter is a tool used to manage Citrix Hypervisor environments from a Windows desktop, allowing users to deploy and monitor virtual machines. The vulnerability, tracked as CVE-2024-31497, affects … Read more
Administrators need to manually address a vulnerability in the PuTTY SSH client that could allow attackers to steal a private SSH key. The vulnerability, identified as CVE-2024-31497, is found in XenCenter for Citrix Hypervisor 8.2 CU1 LTSR. However, the vulnerable third-party component has been removed in version 8.2.6. Versions of PuTTY prior to 0.81 may … Read more
This week, two bugs in Citrix technology have caught the attention of the Cybersecurity and Infrastructure Security Agency (CISA). One of the vulnerabilities, labeled CVE-2023-6548, must be patched by federal agencies by January 24, while the other bug, labeled CVE-2023-6549, must be fixed by February 7. This quick fix timeline is unusual for CISA, but … Read more
One of the most serious VMware vulnerabilities in recent memory was secretly being exploited by a Chinese advanced persistent threat (APT) for years before a patch became available. It was all-hands-on-deck in October when news first broke of CVE-2023-34048, a 9.8 out of 10 “critical” CVSS-rated out-of-bounds write vulnerability affecting vCenter Server, VMware’s centralized platform … Read more
A Chinese hacking group has been exploiting a critical vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at least late 2021. The flaw was patched in October, with VMware confirming this Wednesday that it’s aware of CVE-2023-34048 in-the-wild exploitation, although it didn’t share any other details on the attacks. However, as security firm Mandiant revealed … Read more