October 2024 – TheCyberThrone

ServiceNow fixes CVE-2024-8923 and CVE-2024-8924

ServiceNow has addressed two significant vulnerabilities, CVE-2024-8923 and CVE-2024-8924, which could enable unauthorized remote access, potentially exposing sensitive data, and compromising platform integrity. The first vulnerability tracked as CVE-2024-8923, with…

PravinKarthik October 31, 2024

Proofpoint Acquires Normalyze

Proofpoint reached a definitive agreement to acquire data security posture management company Normalyze, and the deal expected to complete by November 2024 with financial terms is yet to be known.…

PravinKarthik October 31, 2024

PSAUX Ransomware exploits CyberPanel Vulnerabilities

The PSAUX ransomware has seen exploiting CyberPanel vulnerabilities affects versions 2.3.6 and 2.3.7 and permits unauthenticated attackers to gain root access, enabling complete control over affected systems. The vulnerabilities are…

PravinKarthik October 30, 2024

QNAP fixes CVE-2024-50388 that’s exploited in Pwn2Own Ireland

QNAP has addressed a critical zero-day vulnerability in its HBS 3 Hybrid Backup Sync software, following its successful exploitation at the recent Pwn2Own Ireland 2024 competition. The vulnerability, tracked as…

PravinKarthik October 30, 2024

Google fixes CVE-2024-10487 and CVE-2024-10488 in latest Chrome version

Google has released updates to address two vulnerabilities in the Chrome browser that could potentially allow attackers to take control of users' systems. The vulnerabilities, identified as CVE-2024-10487 and CVE-2024-10488,…

PravinKarthik October 30, 2024

Squid Proxy has a DoS Vulnerability CVE-2024-45802

The SQUID project has released patches for a high-severity DoS vulnerability in Squid. This vulnerability, tracked as CVE-2024-45802 with a CVSS score of 7.5, arises when Squid is configured with…

PravinKarthik October 30, 2024

SonicWall Vulnerability exploited by Fog and Akira Ransomware

Sonicwall SSL VPN vulnerability tracked as CVE-2024-40766 has been exploited in the recent cyberattacks involving Akira and Fog ransomware. Initial access to victim environments was facilitated through compromised SonicWall SSL…

PravinKarthik October 30, 2024

Decoding CISA’s draft guidance on Product Security Bad Practices

The U.S. CISA and the FBI have released a draft ‘Product Security Bad Practices’ guidance aimed at helping software manufacturers reduce customer risk by prioritizing security throughout the product development…

PravinKarthik October 29, 2024