Trend Detects NVIDIA AI Toolkit Vulnerability

September 27, 2024 at 03:56PM NVIDIA released an update to fix a critical vulnerability in its NVIDIA Container Toolkit, affecting versions up to v1.16.1. The CVE-2024-0132 vulnerability, with a CVSS v3.1 rating of 9.0, could lead to various threats if exploited. Trend Vision Oneā„¢ offers proactive protection and scanning for this vulnerability to prevent attacks. … Read more

Hello? Are you talking on a Cisco SPA300 or SPA500 IP phone? Now’s the time to junk ’em

August 8, 2024 at 08:35PM A BAE boffin discovered 3 critical flaws in Cisco’s Small Business SPA300 and SPA500 IP phones, none of which will be fixed. The flaws allow unauthenticated remote attackers to gain root privileges. Cisco won’t release updates as the products have entered the end-of-life process. No known exploits exist at this … Read more

Sophisticated Android Spyware Targets Users in Russia

August 5, 2024 at 04:32PM An unknown state-sponsored threat actor has been using the new mobile spyware tool LianSpy to spy on Android smartphone users for at least three years, with a focus on Russia. The attackers exploit vulnerabilities to root devices or gain physical access. LianSpy silently monitors user activity, exfiltrating data via public … Read more

Palo Alto Updates Remediation for Max-Critical Firewall Bug

April 26, 2024 at 04:05PM Palo Alto Networks shares important update on a critical vulnerability (CVE-2024-3400) with a severity score of 10/10. Exploitable on PAN-OS 10.2, 11.0, and 11.1, the flaw allows unauthenticated threat actors to execute arbitrary code. PAN recommends upgrading to fixed PAN-OS versions and taking specific actions based on suspected activity for … Read more

Zero-day exploited right now in Palo Alto Networks’ GlobalProtect gateways

April 12, 2024 at 06:52PM Palo Alto Networks has issued a critical alert for a command-injection flaw in PAN-OS software, affecting firewall and VPN products. The flaw, with a top CVSS severity score, may allow unauthorized code execution. Updates to fix the vulnerability will arrive by April 14. Exploitation by threat actors has been observed, … Read more

About the security content of GarageBand 10.4.9 – Apple Support

December 8, 2023 at 12:33PM Summary: Apple ID HT214042, released on 2023-11-06, addresses CVE-2023-42867 by improving process entitlement and Team ID validation. The issue could allow an app to gain root privileges in GarageBand. Updates are available for macOS Ventura and macOS Sonoma. Based on the meeting notes: Issue: CVE-2023-42867 Description: Improved validation of process … Read more

Kinsing Cyberattackers Debut ‘Looney Tunables’ Cloud Exploits

November 6, 2023 at 06:02PM Researchers are warning about an exploit for the “Looney Tunables” vulnerability that is being used by the Kinsing cybercrime group to gain root privileges on Linux systems. This represents a change in tactics for the group, as they typically focus on automated attacks for cryptojacking. The exploit allows the attackers … Read more