vulnerability

Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform

by

July 25, 2024 at 06:10AM Researchers have identified a privilege escalation vulnerability, named ConfusedFunction, in Google Cloud Platform’s Cloud Functions service, enabling unauthorized access to other services and sensitive data. The issue with Cloud Build service account permissions, exposed by Tenable, has been addressed by Google, although existing instances remain unaffected. Other cloud providers have … Read more

CISA Warns of Exploitable Vulnerabilities in Popular BIND 9 DNS Software

by

July 25, 2024 at 03:40AM The Internet Systems Consortium (ISC) has released patches for multiple security vulnerabilities in BIND 9 DNS software, which could be exploited for denial-of-service attacks. The list of four vulnerabilities includes logic errors, excessive CPU load, crafting large numbers of resource record types, and malicious DNS client queries. The flaws have … Read more

Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins

by

July 25, 2024 at 01:57AM Docker warns of a critical vulnerability (CVE-2024-41110) in certain versions of Docker Engine, allowing attackers to bypass authorization plugins with maximum severity. It was regressed since 2018 but resolved in versions 23.0.14 and 27.1.0. Docker Desktop up to 4.32.0 is affected, with a fix expected in the next release. Users … Read more

CISA Adds Twilio Authy and IE Flaws to Exploited Vulnerabilities List

by

July 24, 2024 at 03:04AM The U.S. CISA has added two security flaws to its Known Exploited Vulnerabilities catalog, including a decade-old use-after-free vulnerability in Internet Explorer and an information disclosure bug in Twilio Authy. CISA advised FCEB agencies to remediate the vulnerabilities by August 13, 2024, to protect against active threats. From the meeting … Read more

Telegram Zero-Day Enabled Malware Delivery

by

July 23, 2024 at 08:15AM ESET has warned of a zero-day exploit affecting Telegram for Android, allowing threat actors to distribute malicious files disguised as videos. The vulnerability, dubbed EvilVideo, auto-downloads payloads containing APK files presented as multimedia previews. Users are advised to update their app to version 10.14.5 to address this issue. Based on … Read more

Recent Splunk Enterprise Vulnerability Easy to Exploit: Security Firm

by

July 19, 2024 at 11:06AM SonicWall warns that a recently patched Splunk Enterprise vulnerability, CVE-2024-36991, is more severe than initially considered. The vulnerability, with a CVSS score of 7.5, allows for path traversal on the /modules/messaging/ endpoint, potentially granting access to sensitive files. SonicWall urges users to update or disable Splunk Web to mitigate the … Read more

SolarWinds Patches 11 Critical Flaws in Access Rights Manager Software

by

July 19, 2024 at 04:33AM SolarWinds has addressed critical security flaws in its Access Rights Manager (ARM) software, including 11 vulnerabilities and their severity ratings. These flaws could allow attackers to access sensitive information and execute code with elevated privileges. The vulnerabilities have been fixed in version 2024.3 after responsible disclosure by the Trend Micro … Read more

High-Severity Cisco Bug Grants Attackers Password Access

by

July 18, 2024 at 03:30PM Cisco has issued a patch for a critical vulnerability, CVE-2024-20419, enabling unauthorized password changes. The CVSS rating of 10 underlines the severity, with low attack complexity and high product impact. SSM On-Prem and SSM Satellite are affected, and no workarounds exist. Users in sensitive sectors are urged to promptly apply … Read more

Recent Adobe Commerce Vulnerability Exploited in Wild

by

July 18, 2024 at 11:03AM CISA and Adobe issued warnings about an actively exploited vulnerability in Adobe Commerce, allowing attackers to execute arbitrary code. Adobe released patches for affected versions and an isolated patch for the vulnerability. CISA included the vulnerability in its Known Exploited Vulnerabilities catalog, and federal agencies have until August 7 to … Read more

Apache HugeGraph Vulnerability Exploited in Wild

by

July 17, 2024 at 07:06AM A CVE-2024-27348-affected Apache HugeGraph-Server vulnerability is being exploited in attacks, as reported by SecurityWeek. Based on the meeting notes, it appears that a recently patched Apache HugeGraph-Server vulnerability, identified as CVE-2024-27348, is being targeted in attacks. Additionally, there are reports of the vulnerability being exploited in the wild as indicated … Read more