Vulnerabilities Archives - Cyber Security Minute

A critical flaw in Cisco SSM On-Prem allows attackers to change any user’s password

Issued by: Security Affairs

Cisco has addressed a critical vulnerability, tracked as CVE-2024-20419 (CVSS score of 10.0), in Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers that allows attackers to change any user’s password. The issue is due to an improper implementation in the password-change process. Threat actors can trigger the vulnerability by sending specially crafted HTTP…

Vulnerabilities

Cisco Patches an Exploited Zero-Day Vulnerability

Issued by: DataBreach Today

Cisco on Monday patched a zero-day vulnerability discovered months ago that allowed a China-nexus hacker to execute arbitrary commands as root on the compromised devices. The threat group, dubbed Velvet Ant, remotely connected to Cisco’s NX-OS software used in switches and executed malicious code. The networking giant in an advisory attributes the discovery to cybersecurity…

Vulnerabilities

AI agents can find and exploit known vulnerabilities, study shows

Issued by: CSO Online

Researchers at the University of Illinois gave a team of autonomous AI agents a CVE description of a vulnerability and the agents were able to autonomously find and exploit the vulnerability in a test environment in April. Two months later, the same researchers showed that those teams can now find and exploit previously unknown vulnerabilities….

Vulnerabilities

Juniper Rushes Out Emergency Patch for Critical Smart Router Flaw

Issued by: Dark Reading

Juniper Networks has released an emergency patch for a critical authentication bypass vulnerability that has been assigned the highest possible CVSS score of 10. The vulnerability, tracked under CVE-2024-2973, affects the Juniper Networks Session Smart Router, Session Smart Conductor, and WAN Assurance Router, and could allow a threat actor to take full control of an…

Vulnerabilities

No Patches for Hospital Temperature Monitors’ Critical Flaws

Issued by: DataBreach Today

Vulnerabilities in internet-connected temperature monitoring devices mainly used in hospitals, and their accompanying desktop application, could allow hackers to gain administrator privileges to the technology. Researchers at Nozomi Networks uncovered four vulnerabilities in Sensor Net Connect and three flaws in the Thermoscan IP desktop application, both made by a division of French firm Proges Plus….

Vulnerabilities

Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs

Issued by: The Hacker News

Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects multiple families of Intel Core desktop and mobile processors. Tracked as CVE-2024-0762 (CVSS score: 7.5), the “UEFIcanhazbufferoverflow” vulnerability has been described as a case of a buffer overflow stemming from the use of an unsafe variable in the…

Vulnerabilities

Google Chrome 126 update addresses multiple high-severity flaws

Issued by: Security Affairs

Google has issued a Chrome 126 security update, addressing six vulnerabilities, including a flaw, tracked as CVE-2024-6100 which was demonstrated during the SSD Secure Disclosure’s TyphoonPWN 2024. TyphoonPWN is a live hacking competition held annually at TyphoonCon, an Offensive Security Conference in Seoul, South Korea. The vulnerability is a high-severity type confusion issue in the…

Vulnerabilities

Microsoft, Late to the Game on Dangerous DNSSEC Zero-Day Flaw

Issued by: Dark Reading

Among the more dangerous of the flaws for which Microsoft released a patch this week on Patch Tuesday is a denial-of-service (DoS) vulnerability publicly disclosed back in February in the Domain Name System Security Extensions (DNSSEC) protocol. The vulnerability, identified as CVE-2023-50868 exists in a third-party DNSSEC mechanism called Next Secure Hash 3 (NSEC3) for…

Vulnerabilities

Ransomware Gang TellYouThePass Exploits PHP Vulnerability

Issued by: DataBreach Today

A ransomware operation with a history of exploiting widespread internet vulnerabilities lost little time in making use of a critical-severity vulnerability in Window installations of web-scripting language PHP. Imperva Threat Research in a Monday report said TellYouThePass ransomware operators began exploiting the PHP bug, tracked as CVE-2024-4577, hours after researchers released a proof of concept…

Vulnerabilities

Arm Warns of Exploited Kernel Driver Vulnerability

Issued by: SecurityWeek

Tracked as CVE-2024-4610, the bug is described as a use-after-free issue that could be exploited by local users to make improper GPU memory processing operations. Successful exploitation of the flaw allows a non-privileged attacker to access previously freed memory, Arm explains in an advisory. “Arm is aware of reports of this vulnerability being exploited in…