CISA has added new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including CVE-2012-4792 and CVE-2024-39891. These pose significant risks and are frequent attack vectors.

CISA released two ICS advisories on July 25, 2024, detailing security vulnerabilities. Users and administrators are urged to review the advisories for technical details and recommended mitigations.

Palo Alto Networks’ Unit 42 researchers discovered 15 BOLA vulnerabilities in Easy!Appointments using an automated AI tool. The vulnerabilities allowed low-privileged users to manipulate data of higher-privileged users. After notifying the vendor, all issues were patched in version 1.5.0. This highlights the importance of continuous software scrutiny for API vulnerabilities.

Threat actors are leveraging the CrowdStrike outage for social engineering, embedding malicious VBA code in Word documents. Remarkably, a custom GrammarlyDocumentId appears in these files. Are cybercriminals using Grammarly for polished phishing? Not quite. It seems they’re just recycling old documents. But hey, even malware deserves good grammar!

Didier Stevens reveals on the StormCast podcast how running Hashcat with a NVIDIA GeForce RTX 3080 GPU can skyrocket your power consumption. His data shows that long Hashcat runs are real energy guzzlers.

Want to practice handling BSODs without risking your sanity? Use Sysinternals’ NotMyFault tool to trigger a Blue Screen of Death. Just don’t blame us if your computer starts seeing red!

Scammers are diving headfirst into the GenAI buzz! Since ChatGPT’s launch, a whopping 28.75% of GenAI-related domains have been flagged as suspicious. From malware to spam, cyber crooks are cashing in on the AI craze. Stay vigilant, folks—GenAI might just stand for “Generous AI Scammers.”

CVE-2024-27808 is a critical WebKit vulnerability. Improve your memory handling, or processing malicious web content might just lead to arbitrary code execution.

CISA has added CVE-2024-37085, a VMware ESXi Authentication Bypass Vulnerability, to its Known Exploited Vulnerabilities Catalog. This type of vulnerability is a frequent attack vector for cybercriminals and poses significant risks. All organizations are urged to prioritize timely remediation to reduce exposure to cyberattacks.

Apple’s latest security updates patch vulnerabilities across Safari, iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. Don’t let cyber threat actors get the upper hand—review the advisories and update now!

DigiCert is revoking certain TLS certificates because of a domain control verification issue. This could temporarily disrupt websites and services. Customers are urged to check their DigiCert account and replace non-compliant certificates promptly.

Discover the quirky world of spreadsheet formats: Open a protected .xls file, save it as .xlsx, and watch as the OOXML file adopts the 16-bit hash from the original OLE file.

Secure boot has been around since Windows 8, ensuring the integrity of the system’s boot process. With certificates expiring in 2026, updating to the new 2023 certificates is crucial. Don’t worry, your system won’t crash in 2026, but make sure to follow Microsoft’s instructions to keep everything running smoothly.

Russian threat actor Fighting Ursa is back, this time using a fake Audi Q7 ad to lure diplomats into malware traps. This campaign, targeting diplomats since March 2024, showcases their knack for recycling old tactics and exploiting known vulnerabilities.

Discovering ipv4.games, a site that brings back old-school “hacking” vibes with leaderboards tracking IP addresses you can connect from. Cheating or part of the fun? Either way, proxy scans are in play.

CISA released nine ICS advisories on August 1, 2024, addressing current security issues and vulnerabilities. Review these advisories for technical details and mitigation tips to stay safe.

Firefox 129 just patched more security holes than Swiss cheese! From fullscreen notification tricks to out-of-bounds memory mishaps, these vulnerabilities had it all. Thankfully, our favorite browser is back in fighting form. Keep calm and update Firefox!

Threat actors love obfuscation, and they’ve got more tricks than a magician at a children’s party. Recently, I stumbled upon a VBS file with over 13,000 lines of garbage code hiding the Remcos RAT payload. It was like finding a needle in a haystack, but with Excel and some luck, I unraveled the mystery.

CISA warns against weak Cisco password types and recommends using type 8 password protection for enhanced security. Organizations should review NSA’s best practices and avoid reusing passwords across systems to prevent malicious actors from accessing system configuration files. Disable Cisco Smart Install to further safeguard your network.

CISA released an ICS advisory on August 8, 2024, highlighting security issues and vulnerabilities. Don’t wait until your coffee machine turns against you—review the advisory for technical details and mitigations!