Experimental News Clipping Site

Tag: CVE

  • Cisco Talos Blog: Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities

    by

    system automation
    in

    Source URL: https://blog.talosintelligence.com/december-patch-tuesday-release/ Source: Cisco Talos Blog Title: Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities Feedly Summary: The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”  AI Summary and Description: Yes **Summary:** The December 2024 Patch…

  • The Register: AMD secure VM tech undone by DRAM meddling

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/12/10/amd_secure_vm_tech_undone/ Source: The Register Title: AMD secure VM tech undone by DRAM meddling Feedly Summary: Boffins devise BadRAM attack to pilfer secrets from SEV-SNP encrypted memory Researchers have found that the security mechanism AMD uses to protect virtual machine memory can be bypassed with $10 of hardware – and perhaps not even that.……

  • The Register: Fully patched Cleo products under renewed ‘zero-day-ish’ mass attack

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/12/10/cleo_vulnerability/ Source: The Register Title: Fully patched Cleo products under renewed ‘zero-day-ish’ mass attack Feedly Summary: Thousands of servers targeted while customers wait for patches Researchers at security shop Huntress are seeing mass exploitation of a vulnerability affecting three Cleo file management products, even on patched systems.… AI Summary and Description: Yes Summary:…

  • Cisco Talos Blog: MC LR Router and GoCast unpatched vulnerabilities

    by

    system automation
    in

    Source URL: https://blog.talosintelligence.com/mc-lr-router-and-gocast-zero-day-vulnerabilities-2/ Source: Cisco Talos Blog Title: MC LR Router and GoCast unpatched vulnerabilities Feedly Summary: Cisco Talos’ Vulnerability Research team recently discovered two vulnerabilities in MC Technologies LR Router and three vulnerabilities in the GoCast service. These vulnerabilities have not been patched at time of this posting. For Snort coverage that can detect the exploitation…

  • The Register: OpenWrt orders router firmware updates after supply chain attack scare

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/12/09/openwrt_firmware_vulnerabilities/ Source: The Register Title: OpenWrt orders router firmware updates after supply chain attack scare Feedly Summary: A couple of bugs lead to a potentially bad time OpenWrt users should upgrade their images to the same version to protect themselves from a possible supply chain attack reported to the open source Wi-Fi router…

  • The Register: PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/12/06/mitel_micollab_0day/ Source: The Register Title: PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files Feedly Summary: Still unpatched 100+ days later, watchTowr says A zero-day arbitrary file read vulnerability in Mitel MiCollab can be chained with a now-patched critical bug in the same platform to give attackers access to sensitive…

  • Cloud Blog: Bridging the Gap: Elevating Red Team Assessments with Application Security Testing

    by

    system automation
    in

    Source URL: https://cloud.google.com/blog/topics/threat-intelligence/red-team-application-security-testing/ Source: Cloud Blog Title: Bridging the Gap: Elevating Red Team Assessments with Application Security Testing Feedly Summary: Written by: Ilyass El Hadi, Louis Dion-Marcil, Charles Prevost Executive Summary Whether through a comprehensive Red Team engagement or a targeted external assessment, incorporating application security (AppSec) expertise enables organizations to better simulate the tactics and…

  • Alerts: CISA Adds One Known Exploited Vulnerability to Catalog

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/12/04/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-51378 CyberPanel Incorrect Default Permissions Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks…

  • Hacker News: Discovery of CVE-2024-2550 (Palo Alto)

    by

    system automation
    in

    Source URL: https://www.ac3.com.au/resources/discovery-of-CVE-2024-2550/ Source: Hacker News Title: Discovery of CVE-2024-2550 (Palo Alto) Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a security incident involving a critical vulnerability in Palo Alto GlobalProtect VPN, traced back to a “nil pointer dereference” error after a firewall patch. The collaboration between AC3 and Palo Alto…

  • The Register: Zabbix urges upgrades after critical SQL injection bug disclosure

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/29/zabbix_urges_upgrades_after_critical/ Source: The Register Title: Zabbix urges upgrades after critical SQL injection bug disclosure Feedly Summary: US agencies blasted ‘unforgivable’ SQLi flaws earlier this year Open-source enterprise network and application monitoring provider Zabbix is warning customers of a new critical vulnerability that could lead to full system compromise.… AI Summary and Description: Yes…