Netizen Blog and News
The Netizen team sharing expertise, insights and useful information in cybersecurity, compliance, and software assurance.
Category: Application Security
-
Microsoft’s August 2024 Patch Tuesday addresses 89 security flaws, with 8 critical vulnerabilities in various categories. Six zero-day vulnerabilities were actively exploited, including local privilege escalation flaws and remote code execution issues. Adobe also released 11 security bulletins for its products. Prompt installation of updates is crucial, with backup recommended as a precaution.
-
A cybersecurity breach at National Public Data has exposed 2.7 billion records of US citizens, leading to a class-action lawsuit. The lawsuit argues the company failed to protect personal information and benefited economically from collecting it. Malicious browser extensions have also been identified as a new vector for malware distribution, affecting at least 300,000 users.…
-
KnowBe4, a cybersecurity firm, faced a security breach involving a North Korean hacker posing as an employee. Although no data was compromised, the incident prompted tighter hiring and vetting processes. Organizations can prevent insider threats by implementing end-user training, UEBA tools, MFA, network segmentation, monitoring, incident response, and clear policies. Netizen offers advanced cybersecurity solutions…
-
Microsoft researchers discovered a critical vulnerability in ESXi hypervisors allowing ransomware operators to gain full admin access. Exploitation leads to encrypted file systems, affecting hosted servers and enabling data exfiltration. CVE-2024-37085 was disclosed to VMware, prompting a security update. Ransomware operators identified include Storm-0506 and Octo Tempest. Organizations are advised to apply security updates, enforce…
-
A DDoS attack caused a 10-hour global outage for Microsoft services, impacting various platforms and organizations. Chinese hackers targeted Japanese entities with advanced LODEINFO malware. Netizen offers advanced cybersecurity solutions, including “CISO-as-a-Service” and automated assessment tools for continuous system scanning and risk analysis, ensuring robust protection for businesses.
-
This content covers phishing tactics targeting Amazon users, EU scrutiny of Meta, and a federal recovery from a CrowdStrike outage. It advises caution with unsolicited links and attachments, scrutinizing messages, and not divulging personal information online. It also highlights Netizen’s cybersecurity solutions including CISO-as-a-Service and vulnerability assessments.
-
Netizen’s Security Operations Center (SOC) has identified five critical vulnerabilities from July that require immediate patching or remediation. These include high-severity issues in Microsoft’s Windows Hyper-V, SharePoint, Rejetto HTTP File Server, Azure Kinect SDK, and OpenSSH. Netizen provides advanced security solutions and services, including compliance support, vulnerability assessments, and automated assessment tools.
-
In recent developments, a significant vulnerability has been identified in ARM’s Memory Tagging Extension (MTE), a security feature designed to mitigate memory corruption issues in the ARMv8.5-A architecture. This vulnerability exploits speculative execution, a performance optimization feature in modern CPUs, to bypass MTE’s protections and leak sensitive information. Understanding Memory Tagging Execution (MTE) MTE aims…
-
Atlassian has released crucial security updates for its Bamboo, Confluence, and Jira products, addressing high-severity vulnerabilities. These updates fix issues such as server-side request forgery (SSRF) and file inclusion vulnerabilities, as well as denial-of-service (DoS) flaws. Users are advised to apply these patches promptly to prevent unauthorized access and service disruptions.
-
Ivanti has addressed high-severity vulnerabilities in its Endpoint Manager (EPM) and Endpoint Manager for Mobile (EPMM) products. The most critical is an SQL injection flaw (CVE-2024-37381) affecting the Core server of EPM 2024 flat, allowing authenticated attackers with network access to execute arbitrary code. Hotfixes and updates are available for mitigation.
Netizen Blog and News 