We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

U.S. Cybersecurity

Microsoft patches Windows Kernel zero-day exploited since 2023
Winsage
March 12, 2025

Microsoft patches Windows Kernel zero-day exploited since 2023

ESET has identified a zero-day vulnerability in the Windows Win32 Kernel Subsystem, designated as CVE-2025-24983, which has been exploited since March 2023. This vulnerability, stemming from a use-after-free weakness, allows low-privileged attackers to escalate access to SYSTEM privileges without user interaction. It primarily affects older Windows versions, including Windows Server 2012 R2 and Windows 8.1, but also poses risks to newer versions like Windows Server 2016 and Windows 10 (build 1809 and earlier). The exploit was first seen in the wild in March 2023, targeting systems compromised by the PipeMagic malware. Microsoft has addressed this vulnerability in the recent Patch Tuesday updates. Additionally, five other zero-day vulnerabilities were also patched, and CISA has mandated that Federal Civilian Executive Branch agencies secure their systems by April 1st.
Microsoft Attacks—240 Million Windows Users Must Act Before It’s Too Late
Winsage
March 12, 2025

Microsoft Attacks—240 Million Windows Users Must Act Before It’s Too Late

Microsoft has released its latest Patch Tuesday updates, addressing six actively exploited vulnerabilities among a total of 67 Common Vulnerabilities and Exposures (CVEs). The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned users to update their systems by April 1st or consider turning off their devices. The update includes 56 new CVEs across various platforms, with six rated as critical and already being exploited. Approximately 800 million users are still on Windows 10, which will stop receiving security updates after October 14, 2025. An estimated 240 million users may not be able to upgrade to Windows 11 for free. Windows 10's market share has declined below 60%, while Windows 11 approaches a 40% share. Microsoft has stated that only fully licensed Windows 10 machines capable of supporting Windows 11 will be eligible for the upgrade. The urgency for users with non-upgradable Windows 10 devices is emphasized due to the increasing number of exploited vulnerabilities.
Feds add Windows, router vulnerabilities to actively exploited list
Winsage
March 4, 2025

Feds add Windows, router vulnerabilities to actively exploited list

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its list of actively exploited vulnerabilities, highlighting several critical exploits. Key vulnerabilities include: - CVE-2023-20118: Affects specific Cisco Small Business Router models (RV016, RV042, RV042G, RV082, RV320, RV325), allowing hackers to remotely execute arbitrary commands via specially crafted HTTP requests, potentially granting root-level privileges. - CVE-2023-20025: Could enable hackers to bypass admin credential requirements for CVE-2023-20118. - CVE-2018-8639: Affects various Windows operating systems (Windows 7, Windows Server 2012 R2, Windows 10) due to the Win32k component's failure to manage memory objects, allowing local attackers to execute arbitrary code in kernel mode. Neither Microsoft nor Cisco has issued specific security advisories regarding these vulnerabilities.
CISA Alerts on Active Exploitation of Cisco Small Business Router Flaw
Winsage
March 4, 2025

CISA Alerts on Active Exploitation of Cisco Small Business Router Flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert about a command injection vulnerability (CVE-2023-20118) affecting Cisco Small Business RV Series Routers, which are end-of-life. This vulnerability, rated 6.5 on the CVSSv3.1 scale, allows authenticated attackers to execute arbitrary commands with root privileges. The affected models include RV016, RV042, RV042G, RV082, RV320, and RV325, running firmware versions released before April 2023. Cisco will not provide patches for these devices. CISA mandates that federal agencies either implement mitigations or stop using the routers by March 24, 2025. Private organizations are also encouraged to address the issue, especially due to exploitation attempts linked to the PolarEdge botnet campaign. Administrators are advised to restrict administrative access, monitor logs for unusual activity, and consider decommissioning affected devices. The continued use of unpatched routers poses significant risks to critical infrastructure, particularly in small business and remote work environments.
U.S. CISA adds Multiple Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog
Winsage
March 4, 2025

U.S. CISA adds Multiple Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) catalog, which now includes several significant security flaws: - CVE-2023-20118: A command injection vulnerability in Cisco Small Business RV Series Routers with a CVSS score of 6.5, allowing authenticated remote attackers to execute arbitrary commands. Cisco will not provide a fix for this issue. - CVE-2022-43939: An authorization bypass vulnerability in the Hitachi Vantara Pentaho BA Server. - CVE-2022-43769: A special element injection vulnerability in the Hitachi Vantara Pentaho BA Server. - CVE-2018-8639: An elevation of privilege vulnerability in Microsoft Windows with a CVSS score of 7.8, allowing an attacker to run arbitrary code in kernel mode. - CVE-2024-4885: An unauthenticated remote code execution vulnerability in Progress WhatsUp Gold with a CVSS score of 9.8, allowing command execution with iisapppoolnmconsole privileges. CISA has mandated that federal agencies address these vulnerabilities by March 24, 2025, under Binding Operational Directive (BOD) 22-01, and advises private organizations to review the KEV catalog for necessary actions.
Microsoft just fixed 72 Windows security flaws — update your PC right now
Winsage
December 12, 2024

Microsoft just fixed 72 Windows security flaws — update your PC right now

Microsoft's Patch Tuesday updates for 2024 addressed 72 security vulnerabilities, including 17 classified as Critical, 52 as Important, and one as Moderate. One vulnerability, CVE-2024-49138, is actively exploited and relates to privilege escalation in the Windows Common Log File System (CLFS) driver. Microsoft has mitigated 1,088 vulnerabilities this year. The flaw allows attackers to gain elevated system privileges and has been recognized by CrowdStrike. It is the fifth actively exploited CLFS privilege escalation vulnerability since 2022 and the ninth patched this year. Microsoft is implementing additional verification steps for log files and has introduced new security mitigations using Hash-based Message Authentication Codes (HMAC). This vulnerability is listed in the Known Exploited Vulnerabilities catalog by CISA, requiring Federal Civilian Executive Branch agencies to remediate it by December 31st. The most critical vulnerability this month is CVE-2024-49112, a remote code execution flaw affecting the Windows Lightweight Directory Access Protocol (LDAP). Other significant remote code execution vulnerabilities include CVE-2024-49117 (Windows Hyper-V), CVE-2024-49105 (Remote Desktop Client), and CVE-2024-49063 (Microsoft Muzic). Users are advised to update their systems promptly and ensure Windows Defender is activated.
New Windows 0Day Attack Confirmed—Homeland Security Says Update Now
Winsage
December 11, 2024

New Windows 0Day Attack Confirmed—Homeland Security Says Update Now

Microsoft has confirmed a zero-day security vulnerability, CVE-2024-49138, which poses a significant risk of full system compromise for Windows devices. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included this vulnerability in its Known Exploited Vulnerability Catalog and recommends immediate action to mitigate risks. CVE-2024-49138 is a heap-based buffer overflow in the Microsoft Windows Common Log File System driver, affecting various editions of Windows since Server 2008. It has a CVSSv3.1 score of 7.8 and is rated Important by Microsoft, with risk-based prioritization suggesting it should be treated as Critical. Evidence indicates that this vulnerability is being exploited in the wild, raising concerns about potential ransomware attacks. Users are urged to update their systems promptly.
FBI Warns Americans to Start Using Encrypted Messaging Apps
AppWizard
December 4, 2024

FBI Warns Americans to Start Using Encrypted Messaging Apps

America's leading cybersecurity and law enforcement officials convened to address cyber threats, particularly following the Salt Typhoon intrusion attributed to Chinese government hackers, described by Senator Mark Warner as “the worst hack in our nation’s history.” The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI advised Americans to use encrypted messaging applications like Signal to protect against foreign infiltration. Encryption was emphasized as a vital defense, with officials noting that the hackers could not access encrypted communications, although they did gain access to metadata related to messages and phone calls. The Five Eyes alliance issued guidelines to fortify systems against the Salt Typhoon attack. Concerns remain about the implications of potential shifts in governance and the protection of civil liberties in an increasingly volatile political climate.
Update Windows by October 29 to avoid risk
Winsage
October 25, 2024

Update Windows by October 29 to avoid risk

Microsoft has issued an advisory for a critical vulnerability identified as CVE-2024-43573, affecting over 240 million users, primarily targeting Windows 10 and Windows 11. Users are urged to update their systems by October 29, 2024, to avoid significant security threats. The vulnerability is linked to MSHTML, a component of Internet Explorer, and has been associated with infostealer attacks. The U.S. government recommends federal employees prioritize these updates. Trend Micro indicates that this vulnerability shares characteristics with previously patched issues, necessitating the application of the latest Patch Tuesday updates. Users on older Windows systems are advised to upgrade, as Microsoft will discontinue support for Windows 10 in October 2025.
Search