September 17, 2024 at 10:21AM D-Link announced patches for critical vulnerabilities in wireless routers, including stack-based buffer overflow flaws and hardcoded credentials that could lead to remote code execution. The issues impact COVR-X1870, DIR-X5460, and DIR-X4860 models, with fixes released on September 13. D-Link urges researchers not to disclose vulnerabilities before patches are available. Meeting … Read more
September 11, 2024 at 05:15AM Google announced a new Chrome 128 update addressing five vulnerabilities, with four high-severity flaws reported by external researchers. The flaws include heap buffer overflow in Skia, use-after-free in Media Router, type confusion in V8 JavaScript engine, and use-after-free in Autofill. Google rewarded bug bounties for the first two security defects … Read more
August 22, 2024 at 08:45AM CISA warned about 2 critical authentication bypass vulnerabilities in Dahua products, affecting IP cameras, monitors, intercoms, and DVRs. Tracked as CVE-2021-33044 and CVE-2021-33045, they have a CVSS score of 9.8. Exploiting these could allow unauthorized access. CISA urges entities to address these concerns promptly following BOD 22-01 guidelines. From the … Read more
August 16, 2024 at 05:51PM GitHub Actions artifacts generated during CI/CD workflows may inadvertently expose tokens for third-party cloud services and GitHub, posing a risk to repositories and services. Palo Alto Networks warns of misconfigurations and security defects allowing threat actors to compromise repositories and steal secrets. Avital suggests proactive security measures to mitigate these … Read more
June 14, 2024 at 03:00AM A Protect AI report has revealed a dozen critical vulnerabilities in open-source AI/ML tools, including issues that could lead to information exposure, privilege escalation, and server takeover. The most severe is CVE-2024-22476 in Intel Neural Compressor, allowing remote privilege escalation. The report emphasizes timely reporting to maintainers for fixes. Various … Read more
April 3, 2024 at 07:12AM Google announced a new Chrome update addressing a high-severity CVE-2024-3159 bug, exploited at Pwn2Own 2024. The update also resolves two other vulnerabilities and follows last week’s update fixing CVE-2024-2886 and CVE-2024-2887 flaws. This latest iteration is now rolling out for Windows, macOS, and Linux, and users are advised to update … Read more
March 1, 2024 at 08:57AM The US cybersecurity agency CISA added a high-severity elevation of privilege flaw in Microsoft Streaming Service to its Known Exploited Vulnerabilities catalog, warning of active exploitation. The flaw, tracked as CVE-2023-29360, could allow attackers to gain System privileges. CISA urges organizations to apply patches and has a deadline of March … Read more
February 6, 2024 at 07:36AM Google announced patches for 46 Android vulnerabilities, including a critical bug (CVE-2024-0031) in the System component, enabling remote code execution. The 2024-02-01 security patch level fixed this flaw and 14 other high-severity defects. A subsequent update on 2024-02-05 addressed 31 high-severity issues in various components. Google also patched seven Pixel … Read more
January 23, 2024 at 01:48PM Three vulnerabilities in Lamassu Douro bitcoin ATMs allowed attackers with physical access to take over and steal user assets, as reported by IOActive. The vulnerabilities, tracked as CVE-2024-0175, CVE-2024-0176, and CVE-2024-0177, enabled attackers to execute an attack with the same level of access as regular customers. Lamassu fixed the bugs … Read more
January 16, 2024 at 09:12AM Quarkslab discovered multiple critical vulnerabilities in the EDK II network stack, posing a risk of remote code execution attacks. These vulnerabilities, known as PixieFAIL, affect the PXE implementation and are utilized by various vendors, including Microsoft. Quarkslab released proof-of-concept code for the vulnerabilities and anticipates the CERT Coordination Center to … Read more