Vulnerabilities

Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware'

Posted on April 9, 2025April 9, 2025 by Admin

Image: nicescene/Adobe Stock Microsoft has detected a zero-day vulnerability in the Windows Common Log File System (CLFS) being exploited in the wild to deploy ransomware. Target industries include IT, real estate, finance, software, and retail, with companies based in the US, Spain, Venezuela, and Saudi Arabia. The vulnerability, tracked as CVE-2025-29824 and rated “important,” is present in the CLFS kernel driver. It allows an attacker who already has standard user access to a system to…

Apple Patches Critical Vulnerabilities in iOS 15 and 16

Posted on April 2, 2025April 2, 2025 by Admin

Image: ink drop/Adobe Stock On Monday, Apple issued critical security updates that retroactively address three actively exploited zero-day vulnerabilities affecting legacy versions of its operating systems. CVE-2025-24200 The first vulnerability, designated CVE-2025-24200, was patched in iOS 16.7.11, iPadOS 16.7.11, iOS 15.8.4, and iPadOS 15.8.4. CVE-2025-24200 allows a physical attacker to disable USB Restricted Mode on an Apple device. This is a security feature designed to block unauthorised data access through the USB port when the…

Update VMware Tools for Windows NOW: High-Severity Flaw Lets Hackers Bypass Authentication

Posted on March 26, 2025March 26, 2025 by Admin

Image: Ferran Rodenas/Flickr/Creative Commons If you use VMware Tools for Windows, it is critical to update to the latest version. Broadcom, which acquired VMware for $69 billion in 2023, has issued a patch for a high-severity vulnerability that is actively being exploited by cybercriminals. The vulnerability affects VMware Tools for Windows versions 11.x.x and 12.x.x, but has been patched in version 12.5.1. Broadcom confirmed that no workarounds are available, so affected users should update immediately….

Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters

Posted on March 19, 2025March 19, 2025 by Admin

Image: cynoclub/Envato Elements Apache Tomcat is under attack as cybercriminals actively exploit a recently disclosed vulnerability, enabling remote code execution (RCE). With simple HTTP requests, attackers can trigger the deserialisation of malicious data and gain control over affected systems. The vulnerability, CVE-2025-24813, was disclosed by Apache on March 10, with the first proof of concept being released on GitHub about 30 hours later, posted by user iSee857. Soon after, security firm Wallarm later saw that…

Update Your iPhone Now to Fix Safari Security Flaw

Posted on March 15, 2025March 15, 2025 by Admin

Image: Apple’s Official YouTube Page Apple has released iOS 18.3.2, an operating system update that fixes a vulnerability in WebKit, the browser engine used by Safari to render web pages. The flaw allowed malicious code running inside the Web Content sandbox, an isolated environment for web processes designed to limit security risks, to impact other parts of the device. Apple previously fixed this vulnerability, CVE-2025-24201, with the release of iOS 17.2 back in late 2023,…

Patch Tuesday: Microsoft’s January 2025 Security Update Patches Exploited Elevation of Privilege Attacks

Posted on January 15, 2025January 16, 2025 by Admin

Microsoft’s latest batch of security patches includes an expanded blacklist for certain Windows Kernel Vulnerable Drivers and fixes for several elevations of privilege vulnerabilities. The January 2025 Security Update addressed 159 vulnerabilities. Security patches should be applied to keep software up-to-date. However, early versions of patches may be unreliable and should be cautiously approached and deployed in test environments first. 1 Pipedrive CRM Employees per Company Size Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999),…

Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others

Posted on December 11, 2024December 12, 2024 by Admin

December brought a relatively mild Patch Tuesday, with one vulnerability having been actively exploited. Of all 70 vulnerabilities fixed, 16 were classified as critical. “This year, cybersecurity professionals must be on Santa’s nice list, or, at the very least, Microsoft’s,” Tyler Reguly, associate director of security R&D at cybersecurity software and services company Fortra, told TechRepublic in an email. Microsoft patches leaky CLFS CVE-2024-49138 is an elevation of privilege vulnerability in the Windows Common Log…

US Sanctions Chinese Cybersecurity Firm for Ransomware Attack

Posted on December 11, 2024December 11, 2024 by Admin

The U.S. has sanctioned Sichuan Silence, a Chinese cybersecurity firm involved in ransomware attacks targeting critical infrastructure in 2020. One of its employees, Guan Tianfeng, has also been charged individually. Guan, a security researcher, discovered a zero-day vulnerability in a firewall product developed by U.K.-based security firm Sophos. He exploited the vulnerability, designated CVE 2020-12271, using a SQL injection attack that retrieved and remotely executed a script from a malicious server. Guan and his co-conspirators…

Products Of The Year 2024: The Finalists

Posted on October 30, 2024November 2, 2024 by Admin

CRN staff compiled the top partner-friendly products that launched or were significantly updated over the last year. Now it’s up to solution providers to choose the winners. Application Performance and Observability As more applications run in hybrid-cloud and multi-cloud environments, maintaining application performance has becoming a more complex task. Application performance management and observability tools help IT organizations maintain the health, performance and user experience of business applications, according to market researcher Gartner. Such tools…

Three Quarters of Dependency Vulnerability Patches Lead to Breakages, Report Finds

Posted on September 12, 2024September 13, 2024 by Admin

Patches deployed for dependency vulnerabilities cause breakages 75% of the time, a new report has revealed. Minor updates were found to break clients 94% of the time, and for version upgrades this was 95%. Software dependencies — the external code or libraries that a project requires to function properly — are notoriously difficult to manage during application development. Remediating vulnerabilities in dependencies requires a major version update 24% of the time. “Seemingly the most straight-forward…

1 2 3 4 »

Vulnerabilities

Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware'

Apple Patches Critical Vulnerabilities in iOS 15 and 16

Update VMware Tools for Windows NOW: High-Severity Flaw Lets Hackers Bypass Authentication

Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters

Update Your iPhone Now to Fix Safari Security Flaw

Patch Tuesday: Microsoft’s January 2025 Security Update Patches Exploited Elevation of Privilege Attacks

Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others

US Sanctions Chinese Cybersecurity Firm for Ransomware Attack

Three Quarters of Dependency Vulnerability Patches Lead to Breakages, Report Finds

VMWARE

Helping Public Sector Organisations Define Cloud Strategy

How to change the VLAN ID of the Service Console in ESX from the command line/console

Cisco UCS and Vmware Interfaces (Vnics) HA Design Considerations

Troubleshooting network and TCP/UDP port connectivity issues on ESX/ESXi(2020669)

vSphere Client Parameters

Configuration Templates

CUE Licenses

Trouble shooting Unity Express with Call Manager Integeration & Operational Issues

CME Configuration Example: SIP Trunks to Viatalk and VoIP.ms

SIP Phone registration – CME Configuration

CUE Voicemail + VPIM networking (CUE to unity)