Experimental News Clipping Site

Tag: Exploitation

  • Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/11/20/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack vectors…

  • The Register: D-Link tells users to trash old VPN routers over bug too dangerous to identify

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/20/dlink_rip_replace_router/ Source: The Register Title: D-Link tells users to trash old VPN routers over bug too dangerous to identify Feedly Summary: Vendor offers 20% discount on new model, but not patches Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a…

  • Hacker News: Microsoft will soon let you clone your voice for Teams meetings

    by

    system automation
    in

    Source URL: https://techcrunch.com/2024/11/19/soon-microsoft-will-let-teams-meeting-attendees-clone-their-voices/ Source: Hacker News Title: Microsoft will soon let you clone your voice for Teams meetings Feedly Summary: Comments AI Summary and Description: Yes Summary: Microsoft has announced a new feature called Interpreter for Teams, which will enable users to clone their voices for real-time interpretation in multiple languages, starting in early 2025.…

  • Wired: Inside the Booming ‘AI Pimping’ Industry

    by

    system automation
    in

    Source URL: https://www.wired.com/story/ai-pimping-industry-deepfakes-instagram/ Source: Wired Title: Inside the Booming ‘AI Pimping’ Industry Feedly Summary: AI-generated influencers based on stolen images of real-life adult content creators are flooding social media. AI Summary and Description: Yes Summary: The text highlights the emerging issue of AI-generated influencers on Instagram that are appropriating the likenesses of real creators, leading…

  • The Register: China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/19/china_brazenbamboo_fortinet_0day/ Source: The Register Title: China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer Feedly Summary: No word on when or if the issue will be fixed Chinese government-linked snoops are exploiting a zero-day bug in Fortinet’s Windows VPN client to steal credentials and other information, according to memory forensics outfit Volexity.… AI…

  • The Register: Palo Alto Networks tackles firewall-busting zero-days with critical patches

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/19/palo_alto_networks_patches/ Source: The Register Title: Palo Alto Networks tackles firewall-busting zero-days with critical patches Feedly Summary: Amazing that these two bugs got into a production appliance, say researchers Palo Alto Networks (PAN) finally released a CVE identifier and patch for the zero-day exploit that caused such a fuss last week.… AI Summary and…

  • The Register: Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/18/vmware_vcenter_rce_exploited/ Source: The Register Title: Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble Feedly Summary: If you didn’t fix this a month ago, your to-do list probably needs a reshuffle Two VMware vCenter server bugs, including a critical heap-overflow vulnerability that leads to remote code execution (RCE), have been exploited in…

  • Alerts: CISA Adds Three Known Exploited Vulnerabilities to Catalog

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/11/18/cisa-adds-three-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Three Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability CVE-2024-9474 Palo Alto Networks PAN-OS…

  • Rekt: Polter Finance

    by

    system automation
    in

    Source URL: https://www.rekt.news/polter-finance-rekt Source: Rekt Title: Polter Finance Feedly Summary: After losing roughly $8.7 million to a textbook case of oracle manipulation, Polter Finance is scrambling to clean up the mess. Their unaudited protocol left key vulnerabilities wide open, and now they’re facing the fallout. Another day, another lesson in DeFi’s recklessness. AI Summary and…

  • Schneier on Security: Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days

    by

    system automation
    in

    Source URL: https://www.schneier.com/blog/archives/2024/11/most-of-2023s-top-exploited-vulnerabilities-were-zero-days.html Source: Schneier on Security Title: Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days Feedly Summary: Zero-day vulnerabilities are more commonly used, according to the Five Eyes: Key Findings In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority…