Microsoft Outlook, Teams, Word, Excel, PowerPoint, and OneNote for macOS were impacted by eight security flaws, which could be utilized to evade available app permissions in the operating system even without further user verification.
Attacks exploiting a Windows Ancillary Function Driver for WinSock zero-day vulnerability, tracked as CVE-2024-38193, have been deployed by North Korean hacking collective Lazarus Group
CISA is warning that ongoing intrusions targeting SolarWinds Web Help Desk instances vulnerable to the critical Java deserialization flaw, tracked as CVE-2024-28986, could be leveraged to facilitate remote code execution.
Microsoft Entra ID, previously known as Azure Active Directory, has been impacted by a security vulnerability, which could be leveraged to evade authentication controls and freely access and impersonate synchronized users.
Websites using Oracle NetSuite could have personal information, including phone numbers and addresses, due to a misconfiguration in its SuiteCommerce offering that enables unauthorized record retrieval.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.