National CSIRT-CY | National Computer Security Incident Response Team of Cyprus

Στις 10 Δεκεμβρίου η Microsoft έκδωσε την December 2024 Patch. Σε αυτήν συμπεριλαμβάνονται ενημερώσεις ασφάλειας για 71 ευπάθειες.

Hackers με το όνομα Romcom που συνδέονται με ρώσικα συμφέροντα, έχουν συνδεθεί με την εκμετάλλευση δύο κενών ασφαλείας. Το ένα στον Mozilla Firefox και το άλλο στα Microsoft Windows, στο πλαίσιο επιθέσεων που έχουν σχεδιαστεί για να εισάγουν backdoor στα συστήματα των θυμάτων.

Η ευπάθεια Type Confusion εντοπίστηκε στη μηχανή V8 της JavaScript της Google Chrome, σε εκδόσεις πριν την 131.0.6778.108.

The Digital Security Authority (DSA) wants to bring to your attention, a critical vulnerability (CVE-2024-30103) in Microsoft Outlook that allows attackers to execute malicious code simply by opening an email. This “zero-click” exploit doesn’t require user interaction and poses a serious threat.

The Digital Security Authority (DSA) wants to bring to your attention, a Remote Code Execution (RCE) chain vulnerability in the Progress Telerik Report Server that allows an attacker to bypass authentication controls and execute arbitrary code on the server.

The Digital Security Authority (DSA) wants to bring to your attention that a vulnerability has been identified in Apache OFBiz allows attackers to remotely execute code on vulnerable systems.

The Digital Security Authority (DSA) wants to bring to your attention, a High Severity vulnerability in the WordPress core, specifically within the Avatar block which could allow both authenticated and unauthenticated attackers to execute malicious scripts, potentially leading to full site control.

The Digital Security Authority (DSA) wants to bring to your attention, that IBM released Security updates to address an information disclosure vulnerability in QRadar SIEM.

The Digital Security Authority (DSA) wants to bring to your attention, a critical security vulnerability has been discovered in the xz data compression library, commonly used in Linux distributions.

The Digital Security Authority (DSA) wants to bring to your attention, that DinodasRAT, also known as XDealer, is a multi-platform backdoor actively targeting Linux systems worldwide.