February Patch Tuesday delivers 57 packages
After January’s deluge, a calmer update volume returns
Similar Posts
CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List
Bys sThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The list of vulnerabilities is as follows – CVE-2024-57968 – An unrestricted file upload vulnerability in Advantive…
LangSmith Bug Could Expose OpenAI Keys and User Data via Malicious Agents
Bys sCybersecurity researchers have disclosed a now-patched security flaw in LangChain’s LangSmith platform that could be exploited to capture sensitive data, including API keys and user prompts. The vulnerability, which carries a CVSS score of 8.8 out of a maximum of 10.0, has been codenamed AgentSmith by Noma Security. LangSmith is an observability and evaluation platform…
Eurofiber admits crooks swiped data from French unit after cyberattack
Bys sConnor Jones reports: French telco Eurofiber says cybercriminals swiped company data during an attack last week that also affected some internal systems. The B2B wholesale telco confirmed that only its French business was affected by the November 13 attack, including its cloud division and regional brands Eurafibre, FullSave, Netiwan, and Avelia. In a disclosure published on Sunday,……
Teens arrested by Dutch police reportedly suspected of spying for Russia
Bys sHow much money enticed these teens to do something that may have just wrecked their future? Did they see it as just quick and easy money and no big deal? Alexander Martin reports: Two teenagers have been arrested in the Netherlands on suspicion of espionage, reportedly on behalf of pro-Russian hackers. The boys, both aged……
Annual Report to Congress on Breaches of Unsecured Protected Health Information
Bys sThe Department of Health and Human Services’ Office for Civil Rights provided a report to Congress on health information breaches from September 2009 through 2010, as required under the HITECH Act. Nearly 7.9 million Americans were affected by almost 30,800 health information breaches, according to the report.
LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers
A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE-2024-49112 (