Featured Story
SolarWinds Urges Upgrade After Revealing Critical RCE Bug
IT management software provider SolarWinds has urged customers to immediately patch a critical vulnerability in its Web Help Desk platform.
CVE-2024-28986 is a Java deserialization remote code execution (RCE) bug discovered by Inmarsat Government researchers, according to an advisory published this week.
The vulnerability has been given a CVSS v3 score of 9.8, illustrating the criticality of patching the issue immediately. SolarWinds has published instructions on how to upgrade to WHD 12.8.3 and install the hotfix, as well as how to uninstall it if required.
With a CVSS v3 score of 9.8, this vulnerability presents a severe risk, enabling attackers to execute arbitrary code remotely. Immediate patching is essential to prevent potential exploitation.
Other Stories
Critical SAP flaw allows remote attackers to bypass authentication
SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the system.
The flaw, tracked as CVE-2024-41730 and rated 9.8 as per the CVSS v3.1 system, is a « missing authentication check » bug impacting SAP BusinessObjects Business Intelligence Platform. Also addressed is CVE-2024-29415, a server-side request forgery flaw in SAP Build Apps.
SAP’s August 2024 patch addresses two critical and several high-severity vulnerabilities. Immediate patching is essential to prevent exploitation and safeguard critical business data and operations.
Microsoft Warns of Six Windows Zero-Days Being Actively Exploited
Microsoft has issued warnings about six actively exploited Windows security defects, exposing users to remote code execution, privilege escalation, and security bypass vulnerabilities. These include flaws in RMCAST, TCP/IP, Windows Network Virtualization, and Azure Health Bot.
These zero-day vulnerabilities demand urgent attention from sysadmins. Immediate patching is essential to protect systems against exploitation and ensure operational integrity.
Beware: fake promotions and competitions are currently circulating
False emails and social media ads are circulating on behalf of Decathlon, promising a free tent in exchange for clicking a link. This is a phishing campaign aimed at stealing your personal data.
Never click on suspicious links or provide personal data in response to unexpected offers. Report phishing messages to Safeonweb and educate users about common scam techniques.
Contact the Approach Cyber SOC team for tailored support and training programs.