patch

New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now

Feb 18, 2025 by iHash Leave a Comment

Feb 18, 2025Ravie LakshmananVulnerability / Network Security Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions. The vulnerabilities, detailed by the Qualys Threat … [Read more...] about New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks — Patch Now

February 2025 Patch Tuesday: Updates and Analysis

Feb 12, 2025 by iHash Leave a Comment

Actively Exploited Zero-Day Vulnerability in Windows Ancillary Function Driver for WinSock Windows Ancillary Function Driver for WinSock received a patch for CVE-2025-21418, which has a severity of Important and a CVSS score of 7.8. Windows Ancillary Function Driver for WinSock is primarily responsible for handling network-related functions. This elevation of … [Read more...] about February 2025 Patch Tuesday: Updates and Analysis

January 2025 Patch Tuesday: Updates and Analysis

Jan 15, 2025 by iHash Leave a Comment

Actively Exploited Zero-Day Vulnerabilities in Windows Hyper-V NT Kernel Integration VSP Windows Hyper-V NT Kernel Integration VSP received patches for CVE-2025-21333, CVE-2025-21334 and CVE-2025-21335, which all have a severity of Important and a CVSS score of 7.8. These elevation of privilege (EoP) vulnerabilities allow an attacker who successfully exploits them to gain … [Read more...] about January 2025 Patch Tuesday: Updates and Analysis

December 2024 Patch Tuesday: Updates and Analysis

Dec 11, 2024 by iHash Leave a Comment

Zero-Day Vulnerability (CVE-2024-49138) Exploit Observed in the Wild CVE-2024-49138 is a privilege escalation vulnerability within the Microsoft Windows Common Log File System (CLFS) driver, categorized as Important in severity. CrowdStrike Counter Adversary Operations discovered and privately reported this vulnerability to Microsoft, which subsequently acknowledged, … [Read more...] about December 2024 Patch Tuesday: Updates and Analysis

Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged

Dec 10, 2024 by iHash Leave a Comment

Dec 10, 2024Ravie LakshmananVulnerability / Threat Analysis Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems. Cybersecurity company Huntress said it discovered evidence of threat actors exploiting the issue en … [Read more...] about Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged

Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP

Nov 28, 2024 by iHash Leave a Comment

Nov 28, 2024Ravie LakshmananIoT Security / Vulnerability Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges. "These vulnerabilities pose significant risks, allowing unauthenticated remote code … [Read more...] about Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP

November 2024 Patch Tuesday: Updates and Analysis

Nov 13, 2024 by iHash Leave a Comment

Microsoft Discloses Vulnerability within Airlift.microsoft.com In an effort to provide additional transparency for Microsoft-hosted services, Microsoft has disclosed a Critical privilege escalation vulnerability within airlift.microsoft.com (CVE-2024-49056). This vulnerability has been fully mitigated by Microsoft and requires no customer interaction. Microsoft has stated … [Read more...] about November 2024 Patch Tuesday: Updates and Analysis

Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now

Sep 27, 2024 by iHash Leave a Comment

Sep 27, 2024Ravie LakshmananSoftware Security / Vulnerability Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities. The issues, the company said, have been resolved in version 24.0.1 released on September 20, 2024. The company has yet to release any details about what the flaws are other … [Read more...] about Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now

September 2024 Patch Tuesday: Updates and Analysis

Sep 23, 2024 by iHash Leave a Comment

Microsoft has released security updates for 79 vulnerabilities in its September 2024 Patch Tuesday rollout. These include four actively exploited zero-days (CVE-2024-38014, CVE-2024-38217, CVE-2024-38226, CVE-2024-43491). Seven of the vulnerabilities are rated Critical in severity, while the remaining 72 are rated Important or Moderate. September 2024 Risk Analysis This month’s … [Read more...] about September 2024 Patch Tuesday: Updates and Analysis

SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation

Sep 6, 2024 by iHash Leave a Comment

Sep 06, 2024Ravie LakshmananNetwork Security / Threat Detection SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10. "An improper … [Read more...] about SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation

JBL Flip 6 Portable Bluetooth Speaker (Open Box) for $74

Navee V25 300W Foldable e-Scooter for $299

Smart Tracker Includes Key Ring – Works with Apple Find My App (2-Pack) for $34

Harmony Premium Plan Lifetime Subscription for $99

Lenovo 11.6" 100e Chromebook 2nd Gen (2019) MediaTek MT8173C 4GB RAM 16GB eMMC (Refurbished) for $54