TheCyberThrone Security Week In Review – June 15, 2024
Posted inSecurity NewsLetter

TheCyberThrone Security Week In Review – June 15, 2024

No Comments

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, June 15, 2024

PoC Exploit released for Veeam flaw CVE-2024-29849

A proof-of-concept exploit has been released for a critical authentication bypass vulnerability in Veeam Backup Enterprise Manager tracked as CVE-2024-29849. The vulnerability resides in the Veeam.Backup.Enterprise.RestAPIService.exe, a REST API server component of the Veeam Backup Enterprise Manager software. This service listens on TCP port 9398 and serves as an API version of the main web application, which operates on TCP port 9443…..

Veeam addressed another vulnerability- CVE-2024-29855

Veeam, has recently addressed a critical vulnerability resides within its Recovery Orchestrator (VRO) software. This vulnerability could grant unauthorized attackers’ administrative access to the VRO web user interface (UI).

The vulnerability tracked as CVE-2024-29855 was discovered in VRO version 7.0.0.337. This flaw allows an attacker to gain access to the VRO web UI with administrative privileges. However, the exploitation of this vulnerability requires the attacker to possess specific knowledge—the exact username and role of an account with an active VRO UI access token……

Advertisements

Microsoft Patch Tuesday June 2024

Microsoft addresses 51 CVEs in its June 2024 Patch Tuesday release with one rated as critical and no zero-day or publicly disclosed vulnerabilities. This includes CVE-2023-50868 that’s been issued by MITRE and CVE-2024-29187 that’s been issued by GitHub.

Those 51 fixed vulnerabilities are divided within below categories

  • 25 Elevation of Privilege Vulnerabilities
  • 18 Remote Code Execution Vulnerabilities
  • 3 Information Disclosure Vulnerabilities
  • 5 Denial of Service Vulnerabilities

SUBSCRIBE TO OUR BLOG TODAY !

We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

Google addressed Zeroday vulnerability in Pixel devices -CVE-2024-32896

Google has released a critical security update for Pixel devices, addressing a zero-day vulnerability that has been actively exploited in the wild.

The vulnerability tracked as CVE-2024-32896 is an elevation of privilege issue in Pixel Firmware, underscores the importance of promptly updating your devices to safeguard against potential attacks…..

Advertisements

Fortinet fixes several vulnerabilities – June 2024

Fortinet has released patches for multiple vulnerabilities in FortiOS and other products, including some code execution flaws.

The most important is a multiple stack-based buffer overflow vulnerabilities in the command line interpreter of FortiOS [CWE-121], tracked as CVE-2024-23110, can be exploited by an authenticated attacker to achieve code or command execution via specially crafted command line arguments…..

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on FacebookTwitterInstagram

Tags:

Comments

No comments yet. Why don’t you start the discussion?

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.