The Cybersecurity and Infrastructure Security Agency is urging organizations to address an active vulnerability in Citrix NetScaler ADC and NetScaler Gateway, known as CitrixBleed, which could lead to session hijacking. Despite a patch being released on Oct. 10, exploitation of the vulnerability has been increasing, with Rapid7 researchers observing ongoing attacks in sectors such as … Read more
VMware‘s vCenter Server, a vital platform for managing virtual machines and ESXi hosts, has been found vulnerable to critical security flaws. Three vulnerabilities, CVE-2024-37079, CVE-2024-37080, and CVE-2024-37081, have been identified, posing risks of remote code execution and local privilege escalation. CVE-2024-37079 and CVE-2024-37080 are heap overflow vulnerabilities in the vCenter Server’s DCERPC protocol implementation, allowing … Read more
Mandiant researchers have issued a warning about a critical vulnerability in Citrix Netscaler that continues to be exploited despite a patch being issued on October 10. The vulnerability, identified as CVE-2023-4966, affects Netscaler ADC and Netscaler Gateway, and has been actively exploited since at least August. Although Citrix believed the patch would prevent further attacks, … Read more
Google recently released a security update for its Pixel smartphones to address 45 vulnerabilities in Android. While not as exciting as feature drops, this update is crucial due to one particularly dangerous flaw, CVE-2024-32896, a privilege escalation vulnerability. This flaw allows unauthorized access to system functions, potentially leading to harmful attacks. Google warns that this … Read more
Microsoft’s Digital Employee Experience (MDEE) has transitioned to Azure Update Management for patch management across their global system. The move to a decentralized DevOps model has streamlined operations while maintaining enterprise-level governance. With Azure Update Management, engineering teams can now take ownership of their server upgrades and patching, enhancing agility and meeting compliance goals month … Read more
Intel has recently introduced support for a new Gaudi 2-D AI accelerator on Linux, indicating the company’s potential expansion into AI markets. This new development comes after the previous release of the Gaudi 2-C model, hinting at Intel’s continuous advancements in AI technology. While Intel has been focusing on its next-generation Gaudi 3 AI accelerators, … Read more
A critical vulnerability in Microsoft Azure has been uncovered, putting users at risk. The exact details of the vulnerability have not been disclosed, but it is said to be severe in nature. Microsoft has not provided clear information on the status of a patch for this vulnerability, leaving users concerned about their security on the … Read more
A software vulnerability called Citrix Bleed is being increasingly associated with cyber attacks, posing risks to government and critical infrastructure. The good news is that a patch is available to address this issue. This vulnerability has been mentioned in reports across various sectors, with concerns raised in the credit union and healthcare industries. Ransomware attacks, … Read more
The Cybersecurity and Infrastructure Security Agency (CISA) has directed US federal agencies to defend their systems against three zero-day vulnerabilities in Citrix NetScaler and Google Chrome. These vulnerabilities have been patched but are actively being exploited in attacks, making them high-risk for federal enterprises. Citrix has advised its customers to immediately patch their Internet-exposed NetScaler … Read more
Microsoft has released an emergency out-of-band (OOB) update for Windows Server 2019 to address a bug that was causing 0x800f0982 errors when attempting to install the May 2024 Patch Tuesday security updates. Systems administrators had reported encountering this error when trying to install the updates, with the issue affecting servers without the English (United States) … Read more