1-Click Takeover Bug in AWS Apache Airflow Reveals Larger Risk

March 21, 2024 at 01:33PM A bug in an AWS workflow management service led to cookie tossing, revealing a broader issue affecting major cloud services. Based on the meeting notes, it seems that a bug has affected users of an AWS workflow management service, potentially exposing them to cookie tossing. However, this incident has also … Read more

ExpressVPN User Data Exposed Due to Bug

February 12, 2024 at 09:03AM ExpressVPN disabled split tunneling on Windows due to improperly directed DNS requests, which led to user data exposure. This issue was highlighted in a post on SecurityWeek. Based on the given meeting notes, it appears that ExpressVPN disabled split tunneling on Windows due to DNS requests not being properly directed. … Read more

Adobe Acrobat Reader Vuln Now Under Attack

October 11, 2023 at 02:20PM The Cybersecurity Infrastructure & Security Agency (CISA) has added an Adobe Acrobat Reader bug to its list of exploited vulnerabilities. The bug (CVE-2023-21608) exists in multiple versions of Adobe Acrobat and Reader and allows remote execution of malicious code. CISA advises users to update their software, which was patched in … Read more

Critical SOCKS5 Vulnerability in cURL Puts Enterprise Systems at Risk

October 11, 2023 at 12:06PM Patches have been released for a critical memory corruption vulnerability in the cURL data transfer project. The flaw, tracked as CVE-2023-38545, affects the SOCKS5 proxy handshake process in cURL, allowing remote exploitation in certain configurations. The bug can lead to heap buffer overflow, and affected versions are 7.69.0 to 8.3.0. … Read more

Microsoft Patch Tuesday Haunted by Zero-Days, Wormable Bug

October 10, 2023 at 06:06PM Microsoft’s October Patch Tuesday update addressed two zero-day vulnerabilities that were actively being attacked, affecting Microsoft WordPad and Skype for Business. A critical-rated bug in Message Queuing was also patched. The update included a total of 103 CVEs, with 13 critical-rated vulnerabilities and 20% of the fixes related to Microsoft … Read more

October 10, 2023 at 03:06AM – libcue Library Flaw Opens GNOME Linux Systems Vulnerable to RCE Attacks

October 10, 2023 at 03:06AM A security flaw in the libcue library affects GNOME Linux systems, allowing remote code execution (RCE) when a user downloads a malicious .cue file. The vulnerability (CVE-2023-43641) is caused by memory corruption in libcue versions 2.2.1 and earlier. Detailed technical information has been withheld to give users time to update. … Read more