April 11, 2024 at 04:24PM The Rust Project issued an update for its standard library due to a Windows batch-processing vulnerability, allowing for code injection. While known for memory safety, this incident highlights the language’s susceptibility to logic bugs. The group quickly addressed the issue, yet experts advise broader testing to address logical bugs and … Read more
April 9, 2024 at 12:40PM A critical flaw in several end-of-life models of D-Link NAS devices, tracked as CVE-2024-3273, allows attackers to backdoor the devices, potentially accessing sensitive information and enabling other nefarious activities. D-Link advises retiring and replacing affected devices as they will no longer receive updates or support. Use unique passwords and enable … Read more
April 9, 2024 at 09:45AM LG webOS smart TVs were found to have multiple security vulnerabilities, allowing unauthorized access and root access to the devices. The flaws, discovered by Bitdefender, included bypassing authorization and gaining elevated permissions. LG released updates to fix the issues impacting various webOS versions. Over 91,000 devices globally were exposed to … Read more
April 8, 2024 at 10:54AM Researchers at the Shadowserver Foundation discovered thousands of internet-exposed Ivanti VPN appliances vulnerable to a recently disclosed CVE-2024-21894, enabling remote code execution. Ivanti released updates for this and other vulnerabilities, urging users to update instances. ShadowServer found over 16,000 affected Ivanti VPN instances, mostly in the US and Japan, with … Read more
April 6, 2024 at 12:04PM A threat researcher disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) models, impacting their security. The flaw allows remote execution of arbitrary commands and affects over 92,000 vulnerable devices. D-Link has confirmed the end of support for these devices and … Read more
April 5, 2024 at 01:47PM Approximately 16,500 Ivanti Connect Secure and Poly Secure gateways are vulnerable to remote code execution flaw CVE-2024-21894, exposing them to potential denial of service and unauthenticated user exploitation. This high-severity vulnerability has seen significant exposure worldwide, including state-sponsored threat actors and widespread exploitation, making it crucial for system administrators to … Read more
April 5, 2024 at 11:54AM Cisco issued a warning about a cross-site scripting (XSS) vulnerability in end-of-life RV series small business routers, impacting discontinued models RV016, RV042, RV042G, RV082, RV320, and RV325. The flaw, CVE-2024-20362, is remotely exploitable and lacks a workaround. Cisco also announced other vulnerability patches, including a high-severity defect in Nexus Dashboard … Read more
April 4, 2024 at 11:46AM A researcher was awarded a $5,500 bug bounty for identifying a vulnerability (CVE-2024-2879) in LayerSlider, a widely used plug-in with over a million active installations. The meeting notes indicate that a researcher received a $5,500 bug bounty for discovering a vulnerability (CVE-2024-2879) in LayerSlider, a plug-in with more than a … Read more
April 4, 2024 at 07:30AM Researcher Bartek Nowotarski has unveiled a new denial-of-service (DoS) attack method named HTTP/2 Continuation Flood, potentially posing a greater threat than the previous Rapid Reset vulnerability. The attack exploits a flaw in the handling of HTTP/2 frames and has affected various implementations. Patches and mitigations are being issued, and the … Read more
April 4, 2024 at 12:57AM Ivanti has released security updates to fix four flaws affecting Connect Secure and Policy Secure Gateways. These flaws could lead to code execution and denial-of-service attacks. The vulnerabilities include heap overflow, null pointer dereference, and XML entity expansion issues. Ivanti has been addressing security flaws and is working on improving … Read more