Experimental News Clipping Site

Tag: Remote Code Execution

  • The Register: Apache issues patches for critical Struts 2 RCE bug

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/12/12/apache_struts_2_vuln/ Source: The Register Title: Apache issues patches for critical Struts 2 RCE bug Feedly Summary: More details released after devs allowed weeks to apply fixes We now know the remote code execution vulnerability in Apache Struts 2 disclosed back in November carries a near-maximum severity rating following the publication of the CVE.……

  • Krebs on Security: Patch Tuesday, December 2024 Edition

    by

    system automation
    in

    Source URL: https://krebsonsecurity.com/2024/12/patch-tuesday-december-2024-edition/ Source: Krebs on Security Title: Patch Tuesday, December 2024 Edition Feedly Summary: Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common……

  • Cisco Talos Blog: Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities

    by

    system automation
    in

    Source URL: https://blog.talosintelligence.com/december-patch-tuesday-release/ Source: Cisco Talos Blog Title: Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities Feedly Summary: The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”  AI Summary and Description: Yes **Summary:** The December 2024 Patch…

  • The Register: Fully patched Cleo products under renewed ‘zero-day-ish’ mass attack

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/12/10/cleo_vulnerability/ Source: The Register Title: Fully patched Cleo products under renewed ‘zero-day-ish’ mass attack Feedly Summary: Thousands of servers targeted while customers wait for patches Researchers at security shop Huntress are seeing mass exploitation of a vulnerability affecting three Cleo file management products, even on patched systems.… AI Summary and Description: Yes Summary:…

  • Hacker News: Buffer Overflow Risk in Curl_inet_ntop and Inet_ntop4

    by

    system automation
    in

    Source URL: https://hackerone.com/reports/2887487 Source: Hacker News Title: Buffer Overflow Risk in Curl_inet_ntop and Inet_ntop4 Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text addresses vulnerabilities in the Curl and inet_ntop functions relating to buffer overflow risks due to inadequate buffer size validation. This discussion is particularly relevant for professionals involved in software security,…

  • Embrace The Red: Terminal DiLLMa: LLM-powered Apps Can Hijack Your Terminal Via Prompt Injection

    by

    system automation
    in

    Source URL: https://embracethered.com/blog/posts/2024/terminal-dillmas-prompt-injection-ansi-sequences/ Source: Embrace The Red Title: Terminal DiLLMa: LLM-powered Apps Can Hijack Your Terminal Via Prompt Injection Feedly Summary: Last week Leon Derczynski described how LLMs can output ANSI escape codes. These codes, also known as control characters, are interpreted by terminal emulators and modify behavior. This discovery resonates with areas I had…

  • Cloud Blog: Bridging the Gap: Elevating Red Team Assessments with Application Security Testing

    by

    system automation
    in

    Source URL: https://cloud.google.com/blog/topics/threat-intelligence/red-team-application-security-testing/ Source: Cloud Blog Title: Bridging the Gap: Elevating Red Team Assessments with Application Security Testing Feedly Summary: Written by: Ilyass El Hadi, Louis Dion-Marcil, Charles Prevost Executive Summary Whether through a comprehensive Red Team engagement or a targeted external assessment, incorporating application security (AppSec) expertise enables organizations to better simulate the tactics and…

  • The Register: Interpol nabs thousands, seizes millions in global cybercrime-busting op

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/12/01/interpol_cybercrime_busting/ Source: The Register Title: Interpol nabs thousands, seizes millions in global cybercrime-busting op Feedly Summary: Also, script kiddies still a threat, Tornado Cash is back, UK firms lose billions to avoidable attacks, and more Infosec in brief Interpol and its financial supporters in the South Korean government are back with another round…

  • The Register: Salt Typhoon’s surge extends far beyond US telcos

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/27/salt_typhoons_us_telcos/ Source: The Register Title: Salt Typhoon’s surge extends far beyond US telcos Feedly Summary: Plus, a brand-new backdoor, GhostSpider, is linked to the cyber-spy crew’s operations The reach of the China-linked Salt Typhoon gang extends beyond American telecommunications giants, and its arsenal includes several backdoors, including a brand-new malware dubbed GhostSpider, according…

  • Hacker News: D-Link says it won’t patch 60k older modems

    by

    system automation
    in

    Source URL: https://www.techradar.com/pro/security/d-link-says-it-wont-patch-60-000-older-modems-as-theyre-not-worth-saving Source: Hacker News Title: D-Link says it won’t patch 60k older modems Feedly Summary: Comments AI Summary and Description: Yes Summary: Security researchers have identified critical vulnerabilities in D-Link modems that have reached end-of-life status, which the company will not patch. This situation highlights the importance of maintaining infrastructure security and the…