Experimental News Clipping Site

Tag: Exploitation

  • Alerts: CISA Adds Three Known Exploited Vulnerabilities to Catalog

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/10/08/cisa-adds-three-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Three Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-43047 Qualcomm Multiple Chipsets Use-After-Free Vulnerability CVE-2024-43572 Microsoft Windows Management Console Remote Code Execution Vulnerability CVE-2024-43573 Microsoft Windows MSHTML Platform Spoofing Vulnerability…

  • Schneier on Security: Weird Zimbra Vulnerability

    by

    system automation
    in

    Source URL: https://www.schneier.com/blog/archives/2024/10/weird-zimbra-vulnerability.html Source: Schneier on Security Title: Weird Zimbra Vulnerability Feedly Summary: Hackers can execute commands on a remote computer by sending malformed emails to a Zimbra mail server. It’s critical, but difficult to exploit. In an email sent Wednesday afternoon, Proofpoint researcher Greg Lesnewich seemed to largely concur that the attacks weren’t likely…

  • The Register: Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/10/02/cisa_optigo_switch_flaws/ Source: The Register Title: Two simple give-me-control security bugs found in Optigo network switches used in critical manufacturing Feedly Summary: Poor use of PHP include() strikes again Two trivial but critical security holes have been found in Optigo’s Spectra Aggregation Switch, and so far no patch is available.… AI Summary and Description:…

  • The Register: ‘Patch yesterday’: Zimbra mail servers under siege through RCE vuln

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/10/02/mass_exploitation_of_zimbra_rce/ Source: The Register Title: ‘Patch yesterday’: Zimbra mail servers under siege through RCE vuln Feedly Summary: Attacks began the day after public disclosure “Patch yesterday" is the advice from infosec researchers as the latest critical vulnerability affecting Zimbra mail servers is now being mass-exploited.… AI Summary and Description: Yes Summary: The text…

  • Schneier on Security: Hacking ChatGPT by Planting False Memories into Its Data

    by

    system automation
    in

    Source URL: https://www.schneier.com/blog/archives/2024/10/hacking-chatgpt-by-planting-false-memories-into-its-data.html Source: Schneier on Security Title: Hacking ChatGPT by Planting False Memories into Its Data Feedly Summary: This vulnerability hacks a feature that allows ChatGPT to have long-term memory, where it uses information from past conversations to inform future conversations with that same user. A researcher found that he could use that feature…

  • Alerts: Apple Releases Security Updates for Multiple Products

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/09/18/apple-releases-security-updates-multiple-products Source: Alerts Title: Apple Releases Security Updates for Multiple Products Feedly Summary: Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following advisories and apply…

  • The Register: Feeld dating app’s security too open-minded as private data swings into public view

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/09/13/feeld_dating_app_failures/ Source: The Register Title: Feeld dating app’s security too open-minded as private data swings into public view Feedly Summary: No love for months-long wait to fix this, either Security researchers have revealed a litany of failures in the Feeld dating app that could be abused to access all manner of private user…

  • Slashdot: Windows Update Zero-Day Being Exploited To Undo Security Fixes

    by

    system automation
    in

    Source URL: https://tech.slashdot.org/story/24/09/10/229252/windows-update-zero-day-being-exploited-to-undo-security-fixes?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Windows Update Zero-Day Being Exploited To Undo Security Fixes Feedly Summary: AI Summary and Description: Yes Summary: This text highlights a critical security vulnerability in Windows Update (CVE-2024-43491) that is currently being exploited in the wild. With a high CVSS score, the flaw allows attackers to reverse previously implemented…

  • Alerts: CISA Adds Three Known Exploited Vulnerabilities to Catalog

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/09/09/cisa-adds-three-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Three Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2016-3714 ImageMagick Improper Input Validation Vulnerability CVE-2017-1000253 Linux Kernel PIE Stack Buffer Corruption Vulnerability CVE-2024-40766 SonicWall SonicOS Improper Access Control Vulnerability These…

  • Hacker News: Exploiting CI / CD Pipelines for fun and profit

    by

    system automation
    in

    Source URL: https://blog.razzsecurity.com/2024/09/08/exploitation-research/exploiting-ci-cd-pipelines-for-fun-and-profit/ Source: Hacker News Title: Exploiting CI / CD Pipelines for fun and profit Feedly Summary: Comments AI Summary and Description: Yes Summary: The text outlines a significant security vulnerability originating from a publicly exposed .git directory, leading to an exploit chain resulting in full server takeover. It emphasizes the importance of proper…