vulnerabilities

Software Security

Issued by: SecurityWeek

The critical bug, tracked as CVE-2024-31320, impacts Android versions 12 and 12L and allows an attacker to escalate privileges on a vulnerable device. “The most severe of these issues is a critical security vulnerability in the Framework component that could lead to local escalation of privilege with no additional execution privileges needed,” Google explains in…

Vulnerabilities

Issued by: DataBreach Today

Vulnerabilities in internet-connected temperature monitoring devices mainly used in hospitals, and their accompanying desktop application, could allow hackers to gain administrator privileges to the technology. Researchers at Nozomi Networks uncovered four vulnerabilities in Sensor Net Connect and three flaws in the Thermoscan IP desktop application, both made by a division of French firm Proges Plus….

Application Security

Issued by: Dark Reading

Application security (AppSec) programs are difficult to use and filled with vulnerabilities. Overloaded staff face an inadequate budget. Communication with developers is challenging. These sayings are so true, so ubiquitous, that they’ve become tropes. This is why meeting a team of two who managed to resolve 70,000 security vulnerabilities in three months made me gasp….

Vulnerabilities

Issued by: DataBreach Today

A ransomware operation with a history of exploiting widespread internet vulnerabilities lost little time in making use of a critical-severity vulnerability in Window installations of web-scripting language PHP. Imperva Threat Research in a Monday report said TellYouThePass ransomware operators began exploiting the PHP bug, tracked as CVE-2024-4577, hours after researchers released a proof of concept…

Vulnerabilities

Issued by: CSO Online

Microsoft released its monthly batch of security fixes on Tuesday, which included patches for three vulnerabilities that already had exploits available. Two of those vulnerabilities are being actively exploited, with one being used by multiple groups to deliver malware, including the QakBot trojan. Microsoft’s updates addressed 61 vulnerabilities across its products, but only one was…

Vulnerabilities

Issued by: SecurityWeek

The first of the high-severity bugs, CVE-2024-20321, exists because External Border Gateway Protocol (eBGP) traffic “is mapped to a shared hardware rate-limiter queue”, allowing an unauthenticated, remote attacker to send large amounts of traffic and cause a denial-of-service (DoS) condition. According to Cisco, under certain conditions, the security defect impacts Nexus 3600 series switches and…

Malware & Threats

Issued by: Dark Reading

A dangerous vulnerability in Apple Shortcuts has surfaced, which could give attackers access to sensitive data across the device without the user being asked to grant permissions. Apple’s Shortcuts application, designed for macOS and iOS, is aimed at automating tasks. For businesses, it allows users to create macros for executing specific tasks on their devices,…

Vulnerabilities

Issued by: CSO Online

Microsoft released its batch of monthly security updates this month covering 73 vulnerabilities, including two zero-day flaws exploited in the wild. While organizations should prioritize all critical and high-risk issues, there is one critical vulnerability in Outlook that researchers claim could open the door to trivial attacks that result in remote code execution. Dubbed MonikerLink…

Vulnerabilities

Issued by: Dark Reading

The United States Cybersecurity and Infrastructure Security Agency (CISA) has given Federal Civilian Executive Branch agencies 48 hours to rip out all Ivanti appliances in use on federal networks, over concerns that multiple threat actors are actively exploiting multiple security flaws in these systems. The order is part of the supplemental direction accompanying last week’s…