Patch/Configuration Management

Implementing security best practices for VMware ESXi environments is critical for defending against cyber threats. This article outlines ten essential strategies, including patch management, account isolation, and secure boot, to strengthen your ESXi infrastructure.

Attackers could exploit the issue — which affects SonicWall Firewall Gen 5 and Gen 6 devices, as well as Gen 7 firewalls with SonicOS 7.0.1-5035 and older iterations — to achieve "unauthorized resource access and in specific conditions, causing the firewall to crash."

Open-source GPS tracking server Traccar has been impacted with a high-severity path traversal vulnerability, tracked as CVE-2024-24809, and a critical unrestricted file upload flaw, tracked as CVE-2024-31214, which could be leveraged to facilitate remote code execution without authorization.

Information leaked by the database included names, addresses, phone numbers, email addresses, partial credit card details, and HIPAA patient consent forms from health providers, restaurant chains, schools, homeowners, religious entities, and casinos as early as 2012.

The vulnerability, tagged as CVE-2021-44228, was first reported in November 2021 and led to a global scramble to implement patches. Despite these efforts, the flaw remains a persistent threat due to complex software dependencies that hinder comprehensive patching.

Microsoft told Google about the Chrome bug on a Monday and Google released the patch two days later.

Miggo researchers said the AWS bug was caused by two factors: a missing token validation and a misconfigured security groups notification.

Information leaked by the misconfigured database included individuals' full names, emails, phone numbers, encrypted passwords, and verification tokens, as well as join dates and private chats.