“Reporter Impact: High. Memory safety bugs in Firefox and Thunderbird could lead to exploitable crashes. Beware of malicious iframes, tricky ‘Save As’ extensions, and sneaky offscreen canvases!”

Join us as the Akamai Security Intelligence Group dissects June’s Patch Tuesday. With 49 vulnerabilities patched, including a critical one in Microsoft Message Queuing (MSMQ), we’re here to help you navigate the bugs.

Attackers are getting creative by using malicious MSIX packages to drop a preconfigured NetSupport client. This sneaky method allows them to communicate with compromised computers without building their own C2 infrastructure. Forget AnyDesk or TeamViewer; NetSupport is the silent underdog in the remote support tools game.

Microsoft squashes Azure Machine Learning bugs before they can wreak havoc! Thanks to Wiz and Tenable’s discoveries, vulnerabilities like SSRF and path traversal were patched up by May 9, 2024. No customer data was compromised, so breathe easy and enjoy the ride on this cloud computing journey!

Having trouble with eml files? Meet the superhero emldump.py! It struggled with a pesky BOM (Byte Order Mark) but emerged victorious after a codec upgrade. Now, nothing can stop it from parsing your MIME/eml files with ease!

Curious about drone EXIF data? Discover how your DJI Mini Pro 4 drone captures more than just stunning aerial shots—it logs extensive metadata, from GPS coordinates to camera settings. Spoiler alert: the altitude might surprise you!

CISA and FBI’s new guidance urges businesses to adopt Zero Trust, SSE, and SASE for better network access security. They highlight the risks of traditional VPNs and the importance of securing remote environments.

RAD SecFlow-2 devices are vulnerable to path traversal attacks, allowing attackers to access sensitive files. With a CVSS v4 score of 8.7, this flaw poses a serious remote threat. RAD recommends upgrading to SecFlow-1p and following CISA’s cybersecurity measures for protection.

CISA released an ICS advisory on June 18, 2024. Check out the latest on security issues, vulnerabilities, and exploits. CISA urges users and admins to review these crucial ICS advisories for details and mitigations.

CISA’s latest report dives into why SMBs avoid Single Sign-On (SSO) and offers solutions to boost security. Their blog calls out software manufacturers to rethink practices that might compromise customer security. For details, check out CISA’s Secure by Design page.

CISA released three ICS advisories on June 20, 2024, detailing critical security issues and vulnerabilities. Users and administrators are urged to review these advisories for essential technical details and mitigation strategies.

Cyber attackers are now targeting Java Spring configuration files, with IP address 43.133.9.79 from Tencent’s cloud data centers leading the charge. They’re hunting for files like “application-core.yml” and “appsettings.yml.” Ensure your vulnerability scanners include these URLs to avoid accidental exposure.

Sysinternals’ Process Monitor (procmon) version 4.01 improves performance, user interface, and adds a new event for process start.

Cobalt Strike may sound like a cool action movie, but it’s a real cybersecurity headache. This article dives into how threat actors are using cracked versions of this tool, leveraging Malleable C2 profiles from public code repositories. Despite its defensive origins, Cobalt Strike remains a top threat to organizations.

CISA released two new ICS advisories on June 25, 2024. Stay ahead of security issues, vulnerabilities, and exploits by reviewing these critical updates for your Industrial Control Systems.

CISA released seven Industrial Control Systems advisories, shedding light on the latest security issues and vulnerabilities. Administrators, grab your tech hats and dive into these advisories to keep your systems safe!

Despite SSL 2.0’s upcoming 30th birthday, around 492,000 web servers still support this outdated protocol, up from 464,000 last year. While SSL 2.0 support continues to decline, this increase raises concerns about server vulnerabilities and the technical debt we’re accumulating.

Juniper Networks is calling all IT superheroes! A pesky vulnerability in Junos OS: SRX Series could cause a denial-of-service disaster. Review the security bulletin and update faster than a speeding packet!

CISA has added CVE-2024-20399, a Cisco NX-OS Command Injection Vulnerability, to its Known Exploited Vulnerabilities Catalog. This catalog helps federal agencies and organizations prioritize timely remediation to reduce exposure to cyberattacks.

CISA just dropped seven ICS advisories, revealing security flaws more alarming than a cat in a cucumber patch. Users and admins, grab your magnifying glasses and check out the latest ICS advisories for the scoop on vulnerabilities and fixes!