Broadcom fixes critical RCE bug in VMware vCenter Server

Broadcom has fixed a critical VMware vCenter Server vulnerability that attackers can exploit to gain remote code execution on unpatched servers via a network packet. vCenter Server is the central management hub for VMware’s vSphere suite, helping administrators manage and monitor virtualized infrastructure. The vulnerability (CVE-2024-38812), reported by TZL security researchers during China’s 2024 Matrix Cup hacking contest, is […]

Construction firms breached in brute force attacks on accounting software

Hackers are brute-forcing passwords for highly privileged accounts on exposed Foundation accounting servers, widely used in the construction industry, to breach corporate networks. The malicious activity was first spotted by Huntress, whose researchers detected the attacks on September 14, 2024. Huntress has already seen active breaches through these attacks at plumbing, HVAC, concrete, and other […]

Cloudflare outage cuts off access to websites in some regions

A rolling Cloudflare outage is impacting access to web sites worldwide, including BleepingComputer, with sites working in some regions and not others. While Cloudflare says they are currently conducting scheduled maintenance in Sinagpore and Nashville, its status page does not indicate any problems. However, for many users worldwide, when attempting to access websites utilizing Cloudflare, […]

CISA warns of Windows flaw used in infostealer malware attacks

​CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the Void Banshee APT hacking group. The vulnerability (CVE-2024-43461) was disclosed during this month’s Patch Tuesday, and Microsoft initially classified it as not exploited in attacks. However, Microsoft updated the advisory on Friday to confirm that […]

Microsoft rolls out Office LTSC 2024 for Windows and Mac

​Microsoft has announced that Office LTSC (Long Term Servicing Channel) 2024, a volume-licensed and perpetual version of Office for Windows and macOS users, is now available for commercial and government customers. Office LTSC 2024 is designed for organizations with devices without internet connectivity and requiring long-term support, such as specialty systems like medical equipment. It has […]

US cracks down on spyware vendor Intellexa with more sanctions

Image: MidjourneyToday, the U.S. Department of the Treasury has sanctioned five executives and one entity linked to the Intellexa Consortium for developing and distributing Predator commercial spyware. Intellexa Consortium is a network of decentralized companies that developed and sold highly intrusive spyware products marketed under the “Predator” brand. Predator spyware has allowed Intellexa customers worldwide — […]

Windows vulnerability abused braille “spaces” in zero-day attacks

A recently fixed “Windows MSHTML spoofing vulnerability” tracked under CVE-2024-43461 is now marked as previously exploited after it was used in attacks by the Void Banshee APT hacking group. When first disclosed as part of the September 2024 Patch Tuesday, Microsoft had not marked the vulnerability as previously exploited. However, on Friday, Microsoft updated the CVE-2024-43461 advisory […]