July 19, 2024 at 07:01AM SolarWinds released security updates for Access Rights Manager, resolving 13 vulnerabilities, including eight critical-severity bugs. Six critical flaws could be exploited for remote code execution, while the remaining two could allow attackers to read and delete arbitrary files. Five high-severity issues were also addressed, impacting domain admin access and arbitrary … Read more
April 17, 2024 at 08:48AM Ivanti, an IT software company, released version 6.4.3 to fix 27 vulnerabilities in its Avalanche MDM product. These include critical-severity bugs allowing remote command execution without authentication. The patches also address high-severity flaws, medium-severity issues, and denial-of-service vulnerabilities. Ivanti recommends all customers update their Avalanche installations promptly to avoid potential … Read more
March 14, 2024 at 07:57AM Akamai issued a warning about a high-severity Kubernetes vulnerability, CVE-2023-5528, affecting default installations. The issue allows arbitrary code execution with System privileges on Windows endpoints when creating a pod with a local volume. Akamai provided a PoC exploit and advised upgrading to Kubernetes version 1.28.4, even for clusters without Windows … Read more
March 13, 2024 at 01:21PM A security bug in Kubernetes allows attackers to remotely execute code with System privileges on Windows endpoints, potentially leading to full takeover of all Windows nodes in a cluster. Tracked as CVE-2023-5528 with a CVSS score of 7.2, the vulnerability can be exploited by manipulating Kubernetes volumes. The flaw affects … Read more
March 1, 2024 at 08:57AM The US cybersecurity agency CISA added a high-severity elevation of privilege flaw in Microsoft Streaming Service to its Known Exploited Vulnerabilities catalog, warning of active exploitation. The flaw, tracked as CVE-2023-29360, could allow attackers to gain System privileges. CISA urges organizations to apply patches and has a deadline of March … Read more
December 22, 2023 at 03:14PM Attackers have exploited five vulnerabilities, including four zero-days, in a sensitive Windows kernel-level driver, exposing a systemic issue in Windows CLFS. The high-performance logging system, favored by hackers for low-level system privileges, suffers from design flaws, leading to a series of easily exploited bugs. Without redesign, it poses ongoing security … Read more