SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Apple Patches Everything. July 2024 Edition
Published: 2024-07-30
Last Updated: 2024-07-30 17:01:22 UTC
by Johannes Ullrich (Version: 1)
Yesterday, Apple released patches across all of its operating systems. A standalone patch for Safari was released to address WebKit problems in older macOS versions. Apple does not provide CVSS scores or severity ratings. The ratings below are based on my reading of the impact. However, the information isn’t always sufficient to accurately assign a rating.
One vulnerability, CVE-2024-23296, which can be used to bypass kernel protections via RTKit, is already being exploited. Apple patched this issue for newer operating systems in March, but it now releasing the patch for older macOS and iOS versions.
According to my count, these updates address 64 different vulnerabilities.
Read the full entry:
https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
CrowdStrike Outage Themed Maldoc
Published: 2024-07-29
Last Updated: 2024-07-29 00:03:44 UTC
by Didier Stevens (Version: 1)
I found a malicious Word document with VBA code using the CrowdStrike outage for social engineering purposes. It's an .ASD file (AutoRecover file). My tool oledump.py can analyze it ...
Before I dive into the VBA code, I want to highlight the metadata of this document: ...
Read the full entry:
https://isc.sans.edu/diary/CrowdStrike+Outage+Themed+Maldoc/31116/
XWorm Hidden With Process Hollowing
Published: 2024-07-25
Last Updated: 2024-07-25 07:21:58 UTC
by Xavier Mertens (Version: 1)
XWorm is not a brand-new malware family. It's a common RAT (Remote Access Tool) re-use regularly in new campaigns. Yesterday, I found a sample that behaves like a dropper and runs the malware using the Process Hollowing technique. The sample is called ... . It's a .Net executable that is, strangely, not obfuscated. It's possible to disassemble it with ilspycmd ...
Read the full entry:
https://isc.sans.edu/diary/XWorm+Hidden+With+Process+Hollowing/31112/
Quickie: Password Cracking & Energy (2024.07.28)
https://isc.sans.edu/diary/Quickie+Password+Cracking+Energy/31122/
Create Your Own BSOD: NotMyFault (2024.07.27)
https://isc.sans.edu/diary/Create+Your+Own+BSOD+NotMyFault/31120/
ExelaStealer Delivered "From Russia With Love" (2024.07.26)
https://isc.sans.edu/diary/ExelaStealer+Delivered+From+Russia+With+Love/31118/
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
Product: Acronis Cyber Infrastructure
CVSS Score: 9.8
** KEV since 2024-07-29 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-45249
NVD References:
- https://security-advisory.acronis.com/advisories/SEC-6452
- https://www.securityweek.com/acronis-product-vulnerability-exploited-in-the-wild/
Product: VMware ESXi
CVSS Score: 0
** KEV since 2024-07-30 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37085
ISC Podcast: https://isc.sans.edu/podcastdetail/9076
Product: D-Link
CVSS Score: 0
** KEV since 2024-04-11 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3273
ISC Podcast: https://isc.sans.edu/podcastdetail/9066
Product: TOTOLINK A6000R
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41319
NVD References:
- https://gist.github.com/yanggao017/40efb889800ae2691c38086ebf80c037
- https://github.com/yanggao017/vuln/blob/main/TOTOLINK/A6000R/CI_7_webcmd/README.md
Product: GroupMe
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38164
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38164
Product: Progress Telerik Reporting
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6096
NVD References: https://docs.telerik.com/reporting/knowledge-base/unsafe-reflection-CVE-2024-6096
Product: Progress Telerik Report Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6327
NVD References: https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-6327
NVD References: https://www.telerik.com/report-server
Product: Aruba Networks EdgeConnect SD-WAN Orchestrator
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41914
NVD References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04672en_us&docLocale=en_US
Product: Stitionai DevikaCVSS Score: 9.1 AtRiskScore 30NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40422NVD References: - https://github.com/alpernae/CVE-2024-40422- https://github.com/stitionai/devika- https://github.com/stitionai/devika/pull/619CVE-2024-41110 - Docker Engine has a security vulnerability that could allow an attacker to bypass authorization plugins under specific circumstances, with a low likelihood of exploitation.Product: Docker EngineCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41110NVD References: - https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq- https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-pluginCVE-2024-41551 - CampCodes Supplier Management System v1.0 is vulnerable to SQL injection via Supply_Management_System/admin/view_order_items.php?id= .Product: CampCodes Supplier Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41551NVD References: https://github.com/Chencihai/Chencihai/blob/main/cve/supplier-management-system/SQLi-1.mdCVE-2024-41459 - Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the PPPOEPassword parameter at ip/goform/QuickIndex.Product: Tenda FH1201CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41459NVD References: https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/QuickIndex/QuickIndex.mdCVE-2024-41460 - Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the entrys parameter at ip/goform/RouteStatic.Product: Tenda FH1201CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41460NVD References: https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/RouteStatic/README.mdCVE-2024-41461 - Tenda FH1201 v1.2.0.14 was discovered to contain a stack-based buffer overflow vulnerability via the list1 parameter at ip/goform/DhcpListClient.Product: Tenda FH1201CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41461NVD References: https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/DhcpListClient/README.mdCVE-2024-7081 - Itsourchcode Tailoring Management System 1.0 is vulnerable to remote SQL injection via the title argument in the expcatadd.php file (VDB-272366).Product: Tailoring Management System Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7081NVD References: - https://github.com/zgg012/cve/issues/1- https://vuldb.com/?ctiid.272366- https://vuldb.com/?id.272366- https://vuldb.com/?submit.379675CVE-2024-37084 - Spring Cloud Data Flow versions prior to 2.11.4 allows a malicious user to write arbitrary files on the file system via a crafted upload request to the Skipper server api.Product: Spring Cloud Data Flow SkipperCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37084NVD References: https://spring.io/security/cve-2024-37084CVE-2024-24621 - Softaculous Webuzo is vulnerable to an authentication bypass flaw allowing remote attackers to gain root access by exploiting the password reset feature.Product: Softaculous WebuzoCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24621NVD References: https://blog.exodusintel.com/2024/07/25/softaculous-webuzo-authentication-bypass/CVE-2024-41112 - streamlit-geospatial is vulnerable to remote code execution due to user input being passed to the `eval()` function in `pages/1_📷_Timelapse.py` prior to commit c4f81d9616d40c60584e36abb15300853a66e489.Product: streamlit-geospatialCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41112NVD References: - https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L373-L376- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L380- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/CVE-2024-41113 - streamlit-geospatial prior to commit c4f81d9616d40c60584e36abb15300853a66e489 is vulnerable to remote code execution due to user input being passed to `eval()` function in `pages/1_📷_Timelapse.py`.Product: streamlit-geospatialCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41113NVD References: - https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L383-L388- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L390-L393- https://github.com/opengeos/streamlit-geospatial/blob/4b89495f3bdd481998aadf1fc74b10de0f71c237/pages/1_%F0%9F%93%B7_Timelapse.py#L395- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/CVE-2024-411…
Product: Docker Engine
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41110
NVD References:
- https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq
- https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin
Product: CampCodes Supplier Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41551
NVD References: https://github.com/Chencihai/Chencihai/blob/main/cve/supplier-management-system/SQLi-1.md
Product: Tenda FH1201
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41459
NVD References: https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/QuickIndex/QuickIndex.md
Product: Tenda FH1201
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41460
NVD References: https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/RouteStatic/README.md
Product: Tenda FH1201
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41461
NVD References: https://github.com/iotresearch/iot-vuln/blob/main/Tenda/FH1201/DhcpListClient/README.md
Product: Tailoring Management System Project
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7081
NVD References:
- https://github.com/zgg012/cve/issues/1
- https://vuldb.com/?ctiid.272366
Product: Spring Cloud Data Flow Skipper
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37084
NVD References: https://spring.io/security/cve-2024-37084
Product: Softaculous Webuzo
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24621
NVD References: https://blog.exodusintel.com/2024/07/25/softaculous-webuzo-authentication-bypass/
Product: streamlit-geospatial
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41112
NVD References:
- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489
- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/
Product: streamlit-geospatial
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41113
NVD References:
- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489
- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/
Product: streamlit streamlit-geospatial
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41114
NVD References:
- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489
- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/
Product: streamlit-geospatial
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41115
NVD References:
- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489
- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/
Product: streamlit-geospatial
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41116
NVD References:
- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489
- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/
Product: streamlit-geospatial
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41117
NVD References:
- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489
- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/
Product: streamlit-geospatial
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41119
NVD References:
- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489
- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/
Product: streamlit-geospatial
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41120
NVD References:
- https://github.com/opengeos/streamlit-geospatial/commit/c4f81d9616d40c60584e36abb15300853a66e489
- https://securitylab.github.com/advisories/GHSL-2024-100_GHSL-2024-108_streamlit-geospatial/
Product: Softnext Mail SQR Expert
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5670
NVD References:
Product: Simopro Technology WinMatrix3 Web package
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7201
NVD References:
Product: Simopro Technology WinMatrix3 Web package
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7202
NVD References:
Product: Admidio Application
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37906
NVD References:
- https://github.com/Admidio/admidio/commit/3ff02b0c64a6911ab3e81cd61077f392c0b25248
- https://github.com/Admidio/admidio/security/advisories/GHSA-69wx-xc6j-28v3
Product: Admidio Application
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38529
NVD References:
- https://github.com/Admidio/admidio/commit/3b1cc1cda05747edebe15f2825b79bc5a673d94c
- https://github.com/Admidio/admidio/security/advisories/GHSA-g872-jwwr-vggm
Product: SiberianCMS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41702
NVD References: https://www.gov.il/en/Departments/faq/cve_advisories
Product: ZTE ZXUN-ePDG
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22064
ISC Podcast: https://isc.sans.edu/podcastdetail/9076
Product: Multiple Apple products
CVSS Score: 7.8
** KEV since 2024-03-06 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23296
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: Apple iOS 17.5 and iPadOS 17.5, tvOS 17.5, Safari 17.5, watchOS 10.5, macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27834
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27804
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27816
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5.
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27841
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: iOS 17.5 and iPadOS 17.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27839
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27818
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: iOS 17.5 and iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27810
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: iOS 17.5 and iPadOS 17.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27852
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: iOS 17.5 and iPadOS 17.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27835
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: iOS 17.5 and iPadOS 17.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27803
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: iOS 17.5 and iPadOS 17.5, watchOS 10.5, macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27821
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27847
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27796
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: iOS 16.7.8 and iPadOS 16.7.8, macOS Monterey 12.7.5, macOS Ventura 13.6.7, macOS Sonoma 14.4
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27789
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27837
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27825
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27829
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23236
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27827
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27822
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27824
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27813
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27843
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27798
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: macOS Sonoma 14.5
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27842
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
Product: macOS Monterey 12.7.5, macOS Ventura 13.6.5, macOS Sonoma 14.4
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23229
ISC Diary: https://isc.sans.edu/diary/Apple+Patches+Everything+July+2024+Edition/31128/
How does a vulnerability management program benefit from combining comprehensive and timely vulnerability and exploit data – like exploit maturity, type classifications, and real-time exploitation evidence – with native intelligence on asset criticality and business context to determine risk? Read Sevco’s latest blog to learn how these drive more proactive vulnerability management and prioritization.
Webcast: SANS 2024 Multicloud Survey: Securing Multiple Clouds Amid Constant Changes | August 28, 11:00AM ET | Kenneth G. Hartman and Simon Vernon share crucial insights into securing multiple cloud environments, exploring the latest survey results, best practices, and impact of different architecture strategies on security implementation. Reserve your seat today:
Webcast: SANS 2024 Multicloud Survey: Securing Multiple Clouds Amid Constant Changes | August 28, 11:00AM ET | Kenneth G. Hartman and Simon Vernon share crucial insights into securing multiple cloud environments, exploring the latest survey results, best practices, and impact of different architecture strategies on security implementation. Reserve your seat today:
Webcast: SANS 2024 Multicloud Survey: Securing Multiple Clouds Amid Constant Changes | August 28, 11:00AM ET | Kenneth G. Hartman and Simon Vernon share crucial insights into securing multiple cloud environments, exploring the latest survey results, best practices, and impact of different architecture strategies on security implementation. Reserve your seat today: