THN Cybersecurity Recap: Top Threats, Tools and Trends (Oct 7 - Oct 13)

Hey there, it's your weekly dose of "what the heck is going on in cybersecurity land " – and trust me, you NEED to be in the loop this time. We've got everything from zero-day exploits and AI gone rogue to the FBI playing crypto kingpin – it's full of stuff they don't 🤫 want you to know. So let's...

CVE-2024-43614

Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally...

CVE-2024-43614

Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally...

CVE-2024-43519

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

CVE-2024-43614 Microsoft Defender for Endpoint for Linux Spoofing Vulnerability

...

CVE-2024-43614 Microsoft Defender for Endpoint for Linux Spoofing Vulnerability

...

October 8, 2024—KB5044288 (OS Build 25398.1189)

October 8, 2024—KB5044288 OS Build 25398.1189 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...

Microsoft Defender for Endpoint for Linux Spoofing Vulnerability

Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally...

KLA73904 Multiple vulnerabilities in Microsoft System Center

Multiple vulnerabilities were found in Microsoft System Center. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Microsoft Configuration Manager can be...

PT-2024-6973 · Microsoft · Wdac Ole Db Provider For Sql Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft WDAC OLE DB provider for SQL Server affected versions not specified Description: The issue is related to errors in numerical truncation in the Microsoft WDAC OLE DB provider for SQL Server. It allows remote attackers to execute...

Microsoft Defender 安全漏洞

Microsoft Defender is a threat protection software from Microsoft USA. A security vulnerability exists in Microsoft Defender. An attacker exploits the vulnerability to perform spoofing attacks...

PT-2024-6835 · Microsoft · Defender For Endpoint For Linux

Name of the Vulnerable Software and Affected Versions: Microsoft Defender for Endpoint for Linux affected versions not specified Description: The issue is related to errors in handling relative directory paths, which can be exploited to conduct spoofing attacks. Recommendations: At the moment,...

CVE-2024-38324

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system...

CVE-2024-38324

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system...

IBM Storage Defender 安全漏洞

IBM Storage Defender is a solution from International Business Machines IBM that provides end-to-end data resiliency. A security vulnerability exists in IBM Storage Defender versions 2.0.0 through 2.0.7, which stems from a failure to validate server names during registration and logout operations...

CVE-2024-38324 IBM Storage Defender improper certificate validation

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system...

CVE-2024-38324

CVE-2024-38324 affects IBM Storage Defender on‑prem Defender-Sensor-CMD CLI versions 2.0.0–2.0.7. The issue is that the CLI does not validate the server name during registration and unregistration, which could lead to exposure of sensitive information to an attacker with access to the system. Doc...

CVE-2024-38324 IBM Storage Defender improper certificate validation

IBM Storage Defender 2.0.0 through 2.0.7 on-prem defender-sensor-cmd CLI does not validate server name during registration and unregistration operations which could expose sensitive information to an attacker with access to the system...

PT-2024-27944 · Ibm · Ibm Storage Defender

Name of the Vulnerable Software and Affected Versions: IBM Storage Defender versions 2.0.0 through 2.0.7 Description: The issue concerns the defender-sensor-cmd CLI in IBM Storage Defender, which does not validate the server name during registration and unregistration operations. This could...

Security Bulletin: Denial of service and SQL injection might affect IBM Storage Defender – Resiliency Service

Summary IBM Storage Defender – Resiliency Service is vulnerable and can result in data confidentiality and service availabilty issues. The vulnerabilities have been addressed. CVE-2024-38325, CVE-2024-41990, CVE-2024-41989, CVE-2024-42005, CVE-2024-42005, CVE-2024-41991, CVE-2024-38324...