Critical

Cyble’s Weekly Vulnerability Report: Critical Security Flaws Found in Microsoft, VMware, Veeam, and ASUS Products

by
Cyble’s Weekly Vulnerability Report: Critical Security Flaws Found in Microsoft, VMware, Veeam, and ASUS Products

Last week, Cyble Research & Intelligence Labs (CRIL) analyzed 154 vulnerabilities in their weekly report, which included critical flaws in products from Microsoft, VMware, Veeam, and ASUS. The report highlighted that 126 of these vulnerabilities affected Siemens industrial control systems (ICS) products, posing a risk to critical manufacturing infrastructure. Despite the discovery of approximately 25,000 … Read more

Firmware Vulnerability Impacts Multiple Intel CPU Generations – Critical UEFI Code Execution Flaw Discovered in CPUs from 14th Gen Raptor Lake to 6th Gen Skylake, No Protection from TPM

by
Firmware Vulnerability Impacts Multiple Intel CPU Generations – Critical UEFI Code Execution Flaw Discovered in CPUs from 14th Gen Raptor Lake to 6th Gen Skylake, No Protection from TPM

Cybersecurity firm Eclypsium has uncovered significant security vulnerabilities in the Phoenix SecureCore UEFI firmware used by various Intel CPU and motherboard vendors across different generations. These vulnerabilities, dubbed “UEFIcanhazbufferoverflow,” are due to an insecure call to the UEFI service “GetVariable,” which could lead to a stack buffer overflow and allow malicious code execution. This kind … Read more

Collaboration between Mission Critical Partners and Amazon to enhance 911 support

by
Collaboration between Mission Critical Partners and Amazon to enhance 911 support

Mission Critical Partners (MCP) has announced a collaboration with Amazon Web Services (AWS) to deploy Amazon Connect in emergency communications centers (ECCs) across the United States. The initiative aims to address the severe staffing shortages affecting ECCs and the high volume of non-emergency calls they receive. ECCs handle around 240 million calls annually, many of … Read more

Critical firmware vulnerability (CVE-2024-0762) impacts Intel-based computers – Help Net Security

by
Critical firmware vulnerability (CVE-2024-0762) impacts Intel-based computers – Help Net Security

A vulnerability (CVE-2024-0762) in Phoenix SecureCore UEFI running on multiple Intel processors has been identified by Eclypsium researchers. This vulnerability could allow for local exploitation to escalate privileges and execute arbitrary code within the firmware during runtime. The researchers pointed out that this type of low-level exploitation is typical of firmware backdoors found in the … Read more

Intel-powered PCs worldwide suffering from critical firmware flaw

by
Intel-powered PCs worldwide suffering from critical firmware flaw

Security experts have identified a new vulnerability in Intel CPUs that could allow threat actors to execute malicious code on affected devices remotely. The vulnerability, known as CVE-2024-0762, is a buffer overflow bug found in the Phoenix SecureCore UEFI firmware. This bug affects various Intel CPUs, including Alder Lake, Coffee Lake, Comet Lake, Ice Lake, … Read more

Mission Critical Partners and Amazon Join Forces to Aid 911 Operations

by
Mission Critical Partners and Amazon Join Forces to Aid 911 Operations

The addition of Amazon Connect to the 911 community is a significant development for public safety and emergency response. Mission Critical Partners (MCP) is collaborating with Amazon Web Services (AWS) to expand the implementation of Amazon Connect across Emergency Communications Centers (ECCs) nationwide. Currently, 17 ECCs have successfully integrated Amazon Connect, resulting in a notable … Read more

Broadcom Urges Immediate Update for Critical Security Flaws in VMware vCenter Server

by
Broadcom Urges Immediate Update for Critical Security Flaws in VMware vCenter Server

Broadcom, the owner of VMware, recently issued a security alert regarding critical vulnerabilities in VMware vCenter Server. The advisory VMSA-2024-0012 addresses three critical vulnerabilities (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081) that can be exploited by malicious actors to gain unauthorized access to vCenter Server systems. These vulnerabilities can allow remote code execution and local users to gain complete … Read more

Critical Security Vulnerabilities Found in VMWare vCenter Server

by
Critical Security Vulnerabilities Found in VMWare vCenter Server

VMware recently released security updates to address critical vulnerabilities impacting its vCenter Server products. The vulnerabilities, known as CVE-2024-37079 and CVE-2024-37080, have been assigned a high CVSSv3.1 score of 9.8 out of 10. These vulnerabilities could potentially lead to remote code execution if successfully exploited through heap overflow in vCenter Server’s DCE/RPC protocol implementation. The … Read more

Critical Vulnerability in Microsoft Azure Revealed, Patch Status Uncertain – CyberNews.com

by

A critical vulnerability in Microsoft Azure has been uncovered, putting users at risk. The exact details of the vulnerability have not been disclosed, but it is said to be severe in nature. Microsoft has not provided clear information on the status of a patch for this vulnerability, leaving users concerned about their security on the … Read more

Breaking In with LockBit Ransomware by Exploiting Critical Citrix Bleed Vulnerability

by
Breaking In with LockBit Ransomware by Exploiting Critical Citrix Bleed Vulnerability

Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a critical security flaw in Citrix NetScaler ADC and Gateway appliances. The vulnerability, known as Citrix Bleed (CVE-2023-4966), allows attackers to bypass password requirements and MFA, gaining access to user sessions and elevated permissions. Despite Citrix addressing the issue, it became a zero-day exploit as … Read more