In today's episode, we dive into security vulnerabilities affecting Roundcube Webmail, Progress WhatsUp Gold, and Microsoft 365, discussing how flaws such as CVE-2024-42008, CVE-2024-4885, and a bypass method using CSS could allow attackers to steal sensitive information or execute remote code. We also explore the innovative Linux kernel exploitation technique "SLUBStick," which elevates limited heap vulnerabilities to arbitrary memory read-and-write capabilities, potentially leading to privilege escalation. Tune in to hear expert insights on how these vulnerabilities could be exploited and the recommended mitigations to safeguard your systems. Video Episode: https://youtu.be/47sS-AKK2qo 00:00 - Intro 01:14 - SLUBStick Linux Kernel 02:37 - Microsoft 365 Phishing Alert Bypassed with CSS 04:45 - Roundcube Webmail Vulnerabilities 05:49 - WhatsUp Gold RCE Flaw URLs: https://thehackernews.com/2024/08/roundcube-webmail-flaws-allow-hackers.html https://thehackernews.com/2024/08/new-linux-kernel-exploit-technique.html https://www.bleepingcomputer.com/news/security/critical-progress-whatsup-rce-flaw-now-under-active-exploitation/ https://www.bleepingcomputer.com/news/security/microsoft-365-anti-phishing-feature-can-be-bypassed-with-css/ Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: Roundcube, vulnerabilities, hackers, updates, SLUBStick, exploit, Linux kernel, WhatsUp Gold, CVE 2024 4885, RCE, exploitation, Microsoft 365, anti-phishing, CSS Search Phrases: What are today's top cybersecurity news stories? What are the major vulnerabilities found in Roundcube? How can hackers steal emails using Roundcube? What is SLUBStick and how does it exploit the Linux kernel? What updates have been released for Roundcube vulnerabilities? How can users protect their accounts from Roundcube vulnerabilities? What is CVE-2024-4885 in WhatsUp Gold? How can admins secure WhatsUp Gold servers against CVE-2024-4885? How to protect against phishing given the Microsoft 365 vulnerability? What are the latest cybersecurity updates for Microsoft 365?