Tag: exploits

Source URL: https://www.theregister.com/2024/11/25/infosec_news_in_brief/ Source: The Register Title: Russian spies may have moved in next door to target your network Feedly Summary: Plus: Microsoft seizes phishing domains; Helldown finds new targets; Illegal streaming with Jupyter, and more Infosec in brief Not to make you paranoid, but that business across the street could, under certain conditions, serve…

The Register: ‘Alarming’ bugs lay low in Ubuntu Server utility for 10 years

Nov 21, 2024

—

by

Source URL: https://www.theregister.com/2024/11/21/qualys_ubuntu_server_vulnerabilities/ Source: The Register Title: ‘Alarming’ bugs lay low in Ubuntu Server utility for 10 years Feedly Summary: Update now: Qualys says vulnerabilities give root and are ‘easily exploitable’ Researchers at Qualys refuse to release exploit code for five bugs in Ubuntu Server’s needrestart utility that allow unprivileged attackers to gain root access…

AWS News Blog: Introducing Amazon CloudFront VPC origins: Enhanced security and streamlined operations for your applications

—

by

Source URL: https://aws.amazon.com/blogs/aws/introducing-amazon-cloudfront-vpc-origins-enhanced-security-and-streamlined-operations-for-your-applications/ Source: AWS News Blog Title: Introducing Amazon CloudFront VPC origins: Enhanced security and streamlined operations for your applications Feedly Summary: Securely deliver high-performance web apps with CloudFront VPC origins; serve content directly from private subnets, eliminating undifferentiated work. AI Summary and Description: Yes Summary: The introduction of Amazon CloudFront Virtual Private Cloud…

Hacker News: Ghost Tap: New cash-out tactic with NFC Relay

—

by

Source URL: https://www.threatfabric.com/blogs/ghost-tap-new-cash-out-tactic-with-nfc-relay Source: Hacker News Title: Ghost Tap: New cash-out tactic with NFC Relay Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a new cash-out tactic used by fraudsters, termed “Ghost Tap,” which involves relaying NFC traffic to covertly cash out stolen credit card information linked to mobile payment systems…

Alerts: Apple Releases Security Updates for Multiple Products

—

by

Source URL: https://www.cisa.gov/news-events/alerts/2024/11/20/apple-releases-security-updates-multiple-products Source: Alerts Title: Apple Releases Security Updates for Multiple Products Feedly Summary: Apple released security updates to address vulnerabilities in multiple Apple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review the following advisories and apply…

Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog

—

by

Source URL: https://www.cisa.gov/news-events/alerts/2024/11/20/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack vectors…

The Register: D-Link tells users to trash old VPN routers over bug too dangerous to identify

—

by

Source URL: https://www.theregister.com/2024/11/20/dlink_rip_replace_router/ Source: The Register Title: D-Link tells users to trash old VPN routers over bug too dangerous to identify Feedly Summary: Vendor offers 20% discount on new model, but not patches Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a…

The Register: China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer

Nov 19, 2024

—

by

Source URL: https://www.theregister.com/2024/11/19/china_brazenbamboo_fortinet_0day/ Source: The Register Title: China-linked group abuses Fortinet 0-day with post-exploit VPN-credential stealer Feedly Summary: No word on when or if the issue will be fixed Chinese government-linked snoops are exploiting a zero-day bug in Fortinet’s Windows VPN client to steal credentials and other information, according to memory forensics outfit Volexity.… AI…

The Register: Palo Alto Networks tackles firewall-busting zero-days with critical patches

Nov 19, 2024

—

by