GitHub Authentication Bypass Opens Enterprise Server to Attackers

May 22, 2024 at 03:58PM A critical security bug (CVE-2024-4985, CVSS 10) in GitHub Enterprise Server affects SAML SSO implementations with encrypted assertions. Attackers can create fake SAML responses to obtain admin privileges. Versions before 3.13.0 are vulnerable, but emergency fixes are available in versions 3.9.15, 3.10.12, 3.11.10, and 3.12.4. Key takeaways from the meeting … Read more

Critical Rust flaw enables Windows command injection attacks

April 9, 2024 at 04:24PM A critical security vulnerability, tracked as CVE-2024-24576, allows threat actors to exploit Rust’s standard library to execute malicious commands on Windows systems. GitHub rates this flaw with a maximum CVSS base score of 10/10. The Rust security team faced challenges in resolving the issue, prompting an urge from the White … Read more

Warning: Unpatched Cisco Zero-Day Vulnerability Actively Targeted in the Wild

October 17, 2023 at 01:03AM Cisco has issued a warning about a critical security flaw in its IOS XE software that is being actively exploited. The vulnerability, assigned as CVE-2023-20198, allows remote attackers to create an account with high-level access and gain control of affected systems. The flaw only affects enterprise networking gear with the … Read more