TheCyberThrone Security Week In Review – August 03, 2024
Posted inSecurity NewsLetter

TheCyberThrone Security Week In Review – August 03, 2024

1

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, August 03, 2024.

MOVEit fixes High Severity Vulnerability -CVE-2024-6576

Progress Software has warned customers about a new high-severity vulnerability that could allow attackers to escalate privileges within the system. The vulnerability tracked as CVE-2024-6576 with a CVSS score of 7.3 that stemming from improper authentication mechanisms, affects several versions of MOVEit Transfer released in 2023 and 2024……

CISA KEV Update Part IV – July 2024

The US CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation……

  • CVE-2024-4879 
  • CVE-2024-5217 
  • CVE-2023-45249 
Advertisements

EchoSpoofing bug in Proofpoint enabled phishing campaign

Security researchers have discovered an exploit that allowed threat actors to override Proofpoint email protections and sends millions of spoofed emails aimed at stealing funds and credit card details.

Proofpoint’s Secure Email Relay Solution allows customers to block unwanted phishing emails that can lead to data breaches and social engineering scams. However, malicious actors bypassed these protections through an exploit researchers have dubbed “EchoSpoofing.” that steals sensitive information……

SUBSCRIBE TO OUR BLOG TODAY !

We understand the importance of staying on top of the latest threats and vulnerabilities that can harm your digital life. You’ll receive the latest cybersecurity news, insights, resources, offers and analysis straight to your inbox every day

Google fixes critical vulnerability CVE-2024-6990 in Chrome

Google has released the latest security update for its Chrome browser, addressing several critical vulnerabilities.

The most critical vulnerability tracked as, CVE-2024-6990, involves an uninitialized use in Dawn, a graphics abstraction layer. The other vulnerabilities, CVE-2024-7255 and CVE-2024-7256, involve out-of-bounds reads in WebTransport, and insufficient data validation in Dawn and both could lead to exploitation…….

Advertisements

CISA adds CVE-2024-37085 to its KEV catalog

The U.S. CISA added an authentication bypass VMware ESXi vulnerability, tracked as CVE-2024-37085 with a CVSS score of 6.8, to its Known Exploited Vulnerabilities (KEV) catalog.

The flaw is an authentication bypass vulnerability in VMware ESXi, and it’s being exploited by multiple ransomware gangs. CISA orders federal agencies to fix this vulnerability by August 20, 2024…..

This brings end of this week in review security coverage. Thanks for visiting TheCyberThrone. If you like us please follow us on FacebookTwitterInstagram

Tags:

1 Comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.