Monthly Security Bulletin – June 2024
This month’s security bulletin hot topics:
1. New Latrodectus malware attacks use Microsoft, Cloudflare themes
2. Android bug leaks DNS queries even when VPN kill switch is enabled
3. New attack leaks VPN traffic using rogue DHCP servers
4. Citrix warns admins to manually mitigate PuTTY SSH client bug
5. Dell API abused to steal 49 million customer records in data breach
6. New Attack on VPNs
7. QakBot attacks with Windows zero-day (CVE-2024-30051)
8. Veeam warns of critical Backup Enterprise Manager auth bypass bug
9. Microsoft’s new Windows 11 Recall is a privacy nightmare
10. High-severity GitLab flaw lets attackers take over accounts
11. Check Point releases emergency fix for VPN zero-day exploited in attacks
12. Okta warns of credential stuffing attacks targeting its CORS feature
13. Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges
14. CISA warns of actively exploited Linux privilege elevation flaw