Monthly Security Bulletin – June 2024

This month’s security bulletin hot topics:

1.             New Latrodectus malware attacks use Microsoft, Cloudflare themes

2.             Android bug leaks DNS queries even when VPN kill switch is enabled  

3.             New attack leaks VPN traffic using rogue DHCP servers 

4.             Citrix warns admins to manually mitigate PuTTY SSH client bug 

5.             Dell API abused to steal 49 million customer records in data breach 

6.             New Attack on VPNs 

7.             QakBot attacks with Windows zero-day (CVE-2024-30051) 

8.             Veeam warns of critical Backup Enterprise Manager auth bypass bug 

9.             Microsoft’s new Windows 11 Recall is a privacy nightmare 

10.          High-severity GitLab flaw lets attackers take over accounts 

11.          Check Point releases emergency fix for VPN zero-day exploited in attacks 

12.          Okta warns of credential stuffing attacks targeting its CORS feature 

13.          Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges 

14.          CISA warns of actively exploited Linux privilege elevation flaw