August 2024 – Page 3 – TheCyberThrone

PoC Exploit for Microsoft bug CVE-2024-38054 released

Security researcher ‘Frost’ has released proof-of-concept exploit code for the high-severity vulnerability in the Kernel Streaming WOW Thunk Service Driver could enable local attackers to escalate privileges to SYSTEM level…

PravinKarthik August 25, 2024

Velvet Ant APT exploits Cisco bug CVE-2024-20399

Security researchers discovered that the China-linked APT group Velvet Ant has exploited the recently disclosed zero-day CVE-2024-20399 in Cisco switches to take over the network devices. Last month, Cisco addressed the NX-OS zero-day…

PravinKarthik August 24, 2024

SolarWinds fixes CVE-2024-28987 in WHD Product

SolarWinds has released an update to a new security flaw in its Web Help Desk (WHD) software that could allow remote unauthenticated attackers to gain unauthorized access to vulnerable instances.…

PravinKarthik August 24, 2024

Sonicwall fixes CVE-2024-40766 in SonicOS

SonicWall has released patch for a critical vulnerability affecting their SonicOS and could allow unauthorized access to SonicWall firewalls, potentially leading to a complete system compromise. The vulnerability tracked as…

PravinKarthik August 24, 2024

Halliburton suffers a cyberattack

Halliburton, a major oil service hit by a cyber-attack with a suspicion of ransomware, may be involved. Halliburton confirmed the incident in a Security and Exchange Commission (SEC) filing. Halliburton…

PravinKarthik August 23, 2024

Microsoft fixes Zeroday vulnerability CVE-2024-7971 in EDGE Browser

Microsoft has released patches for a critical vulnerability in EDGE Browser that is currently being exploited by malicious actors. This zero-day flaw, tracked as CVE-2024-7971, exists within Google Chrome’s V8…

PravinKarthik August 23, 2024

CISA adds multiple vulnerabilities to its KEV catalog

The U.S. CISA has added 4 vulnerabilities to it'd Known Exploited Vulnerabilities Catalog (KEV) belongs to Dahua, Microsoft, and Linux products based on the mass exploitation CVE-2022-0185 Linux Kernel Heap-Based…

PravinKarthik August 22, 2024

Google fixes ninth Zeroday CVE-2024-7971 in Chrome

Google released an emergency security update to address a Chrome zero-day vulnerability, tracked as CVE-2024-7971, that is actively exploited. The vulnerability is a type confusion issue that resides in Chrome’s V8 JavaScript…

PravinKarthik August 22, 2024