The CEO of Change Healthcare has revealed that hackers were able to exploit a vulnerability in Citrix software to gain unauthorized access to their systems. This breach exposed sensitive information and put the company at risk. The cyber criminals were able to break in by taking advantage of the security flaw in the popular software … Read more
A vulnerability (CVE-2024-0762) in Phoenix SecureCore UEFI running on multiple Intel processors has been identified by Eclypsium researchers. This vulnerability could allow for local exploitation to escalate privileges and execute arbitrary code within the firmware during runtime. The researchers pointed out that this type of low-level exploitation is typical of firmware backdoors found in the … Read more
A new vulnerability known as “UEFIcanhazbufferoverflow,” identified as CVE-2024-0762, has been discovered in the Phoenix SecureCore UEFI firmware, impacting various desktop and mobile Intel Core processors. This vulnerability, disclosed by cybersecurity researchers, exposes a critical buffer overflow issue within the Trusted Platform Module (TPM) configuration, potentially enabling unauthorized code execution by malicious actors. Eclypsium, a … Read more
A critical vulnerability has been discovered in the Phoenix SecureCore UEFI firmware, known as CVE-2024-0762, impacting devices with various Intel CPUs. Lenovo has already released firmware updates to address the flaw, which is identified as ‘UEFICANHAZBUFFEROVERFLOW’ and involves a buffer overflow bug in the firmware’s Trusted Platform Module (TPM) configuration that could allow for code … Read more
Researchers at Eclypsium have identified a new vulnerability in the Phoenix SecureCode UEFI firmware that runs on Intel Core processors. This vulnerability, known as CVE-2024-0762, has the potential to impact millions of laptops from various manufacturers like Acer, ASUS, Dell, Fujitsu, HP, Lenovo, and MSI. In a blog post on June 20, Eclypsium researchers highlighted … Read more
A critical security flaw has been found in the UEFI firmware system used by multiple PC and server models with Intel processors. The vulnerability, known as UEFIcanhazbufferoverflow, allows malicious actors to exploit a variable within the Trusted Platform Module (TPM) configuration, putting affected devices at serious risk. Experts have identified this vulnerability as a prime … Read more
A critical vulnerability in Microsoft Azure has been uncovered, putting users at risk. The exact details of the vulnerability have not been disclosed, but it is said to be severe in nature. Microsoft has not provided clear information on the status of a patch for this vulnerability, leaving users concerned about their security on the … Read more
Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a critical security flaw in Citrix NetScaler ADC and Gateway appliances. The vulnerability, known as Citrix Bleed (CVE-2023-4966), allows attackers to bypass password requirements and MFA, gaining access to user sessions and elevated permissions. Despite Citrix addressing the issue, it became a zero-day exploit as … Read more
A critical cybersecurity vulnerability known as CVE-2023-4966, dubbed “Citrix Bleed,” has been exploited by LockBit 3.0 affiliates to breach Boeing’s parts and distribution business. Other trusted third parties have also reported similar activity impacting their organizations. This information was confirmed by cybersecurity and law enforcement officials in a joint advisory released on Tuesday. The Cybersecurity … Read more
Healthcare organizations are being warned to protect their systems against a cybersecurity vulnerability known as Citrix Bleed. This vulnerability, which affects the Citrix Application Delivery Controller (ADC) and Citrix Gateway appliances, could potentially allow attackers to gain unauthorized access to sensitive information. The Citrix Bleed vulnerability was discovered by cybersecurity researchers earlier this year and … Read more