flaw

Intel Processor Vulnerability Causes Buffer Overflow Flaw in UEFI, Affecting Hundreds of PCs and Servers

by
Intel Processor Vulnerability Causes Buffer Overflow Flaw in UEFI, Affecting Hundreds of PCs and Servers

A new vulnerability has been discovered in the Phoenix SecureCore UEFI firmware that affects multiple desktop and mobile Intel Core processors. The vulnerability, identified as CVE-2024-0762 with a severity level of 7.5, was first detected on the Lenovo ThinkPad X1 Carbon 7th Gen and SecureCore versions firmware. Known as UEFIcanhazbufferoverflow, this vulnerability has been found … Read more

Intel-powered PCs worldwide suffering from critical firmware flaw

by
Intel-powered PCs worldwide suffering from critical firmware flaw

Security experts have identified a new vulnerability in Intel CPUs that could allow threat actors to execute malicious code on affected devices remotely. The vulnerability, known as CVE-2024-0762, is a buffer overflow bug found in the Phoenix SecureCore UEFI firmware. This bug affects various Intel CPUs, including Alder Lake, Coffee Lake, Comet Lake, Ice Lake, … Read more

Researchers Discover Security Flaw in UEFI System Impacting Various Intel Processors

by
Researchers Discover Security Flaw in UEFI System Impacting Various Intel Processors

Cybersecurity researchers have recently discovered a security flaw in Phoenix SecureCore UEFI Firmware that affects multiple families of Intel Core processors. This vulnerability, known as CVE-2024-0762, allows for buffer overflow that could lead to malicious code execution in the Trusted Platform Module (TPM) configuration. This flaw can be exploited by a local attacker to gain … Read more

Report shows Citrix software flaw was exploited in recent cyberattack on Boeing

by
Report shows Citrix software flaw was exploited in recent cyberattack on Boeing

The recent cyberattack on Boeing, carried out by the LockBit 3.0 ransomware group, targeted the aviation giant and other organizations using a vulnerability in Citrix software, known as Citrix Bleed. The Russia-based group claimed responsibility for the attack last month, but later removed Boeing’s name from the leak site and extended the deadline for negotiations. … Read more

Report: Recent cyberattack on Boeing attributed to flaw in Citrix software

by
Report shows Citrix software flaw was exploited in recent cyberattack on Boeing

The Citrix vulnerability, known as Citrix Bleed, has been exploited by the LockBit 3.0 ransomware group to target various organizations, including aviation giant Boeing. LockBit 3.0, a Russia-based group, recently claimed responsibility for the attack on Boeing, leading to a data leak of around 50 GB of information allegedly stolen from Boeing systems. Despite unsuccessful … Read more

Citrix discreetly addresses crucial security flaw resembling Citrix Bleed

by
Citrix discreetly addresses crucial security flaw resembling Citrix Bleed

A critical vulnerability impacting certain Citrix NetScaler devices has been discovered by researchers at Bishop Fox, allowing attackers to access sensitive information from device memory. The vulnerability was found in Citrix NetScaler ADC and Gateway running version 13.1-50.23, but has since been quietly fixed by Citrix. The affected devices are utilized for authentication, authorization, and … Read more

Citrix Resolves Critical Flaw in NetScaler Servers

by

Citrix quietly fixed a vulnerability in its NetScaler Application Delivery Control (ADC) and Gateway appliances that allowed remote, unauthenticated attackers to potentially access sensitive information stored in the memory of the affected systems. The flaw was similar to the “CitrixBleed” zero-day vulnerability disclosed by Citrix last year, but not as severe, according to researchers at … Read more

VMware issues no-patch advisory for critical flaw in old SSO plugin

by
VMware issues no-patch advisory for critical flaw in old SSO plugin

VMware issued a security advisory Tuesday warning users to uninstall the VMware Enhanced Authentication Plug-in (EAP) due to critical and high severity vulnerabilities. The VMware EAP is a deprecated browser plugin that enables seamless single sign-on (SSO) to vSphere’s management interface from client workstations. It is an optional feature that stopped receiving support with the … Read more

VMware Alert: Uninstall EAP Now – Critical Flaw Puts Active Directory at Risk

by
VMware Alert: Uninstall EAP Now – Critical Flaw Puts Active Directory at Risk

Feb 21, 2024NewsroomActive Directory / Vulnerability VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as CVE-2024-22245 (CVSS score: 9.6), the vulnerability has been described as an arbitrary authentication relay bug. “A malicious actor could trick a target domain user with EAP installed … Read more

Critical flaw found in deprecated VMware EAP. Uninstall it now

by
Critical flaw found in deprecated VMware EAP. Uninstall it now

Critical flaw found in deprecated VMware EAP. Uninstall it immediately Pierluigi Paganini February 21, 2024 VMware urges customers to uninstall the deprecated Enhanced Authentication Plugin (EAP) after the disclosure of a critical flaw CVE-2024-22245. VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) after the discovery of an arbitrary authentication relay flaw … Read more