Websites using Oracle NetSuite could have personal information, including phone numbers and addresses, due to a misconfiguration in its SuiteCommerce offering that enables unauthorized record retrieval.
SolarWinds has issued a hotfix for a critical Java serialization vulnerability in its Web Help Desk solution, which could be leveraged to facilitate remote code execution.
Windows 11 devices could be downgraded to be reintroduced to vulnerabilities in older versions without being detected through the novel Windows Downdate attack technique.
MSPs should watch for four security vulnerabilities in OpenVPN, at least three of which could be chained together to facilitate local privilege escalation and remote code execution attacks.
The AMD flaw could be leveraged to deactivate memory protections, allow privilege escalation to the firmware level and facilitate total firmware hijacking.
