CISA has added CVE-2024-37085, a VMware ESXi Authentication Bypass Vulnerability, to its Known Exploited Vulnerabilities Catalog. This type of vulnerability is a frequent attack vector for cybercriminals and poses significant risks. All organizations are urged to prioritize timely remediation to reduce exposure to cyberattacks.

Apple’s latest security updates patch vulnerabilities across Safari, iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. Don’t let cyber threat actors get the upper hand—review the advisories and update now!

DigiCert is revoking certain TLS certificates because of a domain control verification issue. This could temporarily disrupt websites and services. Customers are urged to check their DigiCert account and replace non-compliant certificates promptly.

Discover the quirky world of spreadsheet formats: Open a protected .xls file, save it as .xlsx, and watch as the OOXML file adopts the 16-bit hash from the original OLE file.

Secure boot has been around since Windows 8, ensuring the integrity of the system’s boot process. With certificates expiring in 2026, updating to the new 2023 certificates is crucial. Don’t worry, your system won’t crash in 2026, but make sure to follow Microsoft’s instructions to keep everything running smoothly.

Russian threat actor Fighting Ursa is back, this time using a fake Audi Q7 ad to lure diplomats into malware traps. This campaign, targeting diplomats since March 2024, showcases their knack for recycling old tactics and exploiting known vulnerabilities.

Discovering ipv4.games, a site that brings back old-school “hacking” vibes with leaderboards tracking IP addresses you can connect from. Cheating or part of the fun? Either way, proxy scans are in play.

CISA released nine ICS advisories on August 1, 2024, addressing current security issues and vulnerabilities. Review these advisories for technical details and mitigation tips to stay safe.

Firefox 129 just patched more security holes than Swiss cheese! From fullscreen notification tricks to out-of-bounds memory mishaps, these vulnerabilities had it all. Thankfully, our favorite browser is back in fighting form. Keep calm and update Firefox!

Threat actors love obfuscation, and they’ve got more tricks than a magician at a children’s party. Recently, I stumbled upon a VBS file with over 13,000 lines of garbage code hiding the Remcos RAT payload. It was like finding a needle in a haystack, but with Excel and some luck, I unraveled the mystery.

CISA warns against weak Cisco password types and recommends using type 8 password protection for enhanced security. Organizations should review NSA’s best practices and avoid reusing passwords across systems to prevent malicious actors from accessing system configuration files. Disable Cisco Smart Install to further safeguard your network.

CISA released an ICS advisory on August 8, 2024, highlighting security issues and vulnerabilities. Don’t wait until your coffee machine turns against you—review the advisory for technical details and mitigations!

CISA and the FBI updated their advisory on Royal Ransomware, revealing new tactics and indicators. BlackSuit ransomware is targeting critical sectors like healthcare and government facilities. Network defenders, check the advisory for mitigation tips and head to #StopRansomware for further guidance.

Cisco Small Business SPA300 and SPA500 Series IP Phones are vulnerable to remote command execution and DoS attacks due to unchecked HTTP packets. With CVSS scores of 9.8 and 7.5, these vulnerabilities allow attackers to execute commands or cause device reloads. No fixes or workarounds are available.

CISA and the FBI have released the Secure by Demand Guide to help organizations ensure their software manufacturers prioritize secure technology from the start. This guide offers questions to ask when buying software and tips for integrating security into the procurement lifecycle.

GeoServer, the go-to platform for geographic data, has new vulnerabilities that are causing quite a stir. Scans for GeoServer skyrocketed after the latest SQL exploit was discovered. Surprisingly, most scans hail from China, with the default “Home Page” URL being the most popular target.

CISA released a new Industrial Control Systems advisory on August 6, 2024. Stay ahead of the hackers—review these advisories for crucial security details and mitigations!

Firefox’s Enhanced Tracking Protection may leave a shim in place of blocked scripts, but beware: a clever attacker might bypass strict-dynamic CSP using a DOM Clobbering attack, turning your secure site into an XSS playground.

In December 2023, we stumbled upon an open directory filled with defense evasion scripts targeting antivirus and critical services. Threat actors used tools like Ngrok for proxy services and PoshC2 for command and control. The infrastructure has been active since September 2023, pointing to long-term malicious activity. Ten new sigma rules were created.

Johannes Ullrich dives into “Origin” in web applications with a video demo. Think Cross Origin Resource Sharing and Private Network Access, but with fewer yawns. Don’t miss this quirky yet informative take on web security!