January 17, 2024 at 09:57AM PAX Technology’s PoS terminals have high-severity vulnerabilities that could allow threat actors to execute arbitrary code. The STM Cyber R&D team discovered six flaws, including privilege escalation and local code execution, impacting various PAX devices. The vulnerabilities were responsibly disclosed to PAX, and patches were released in November 2023. Key … Read more
January 17, 2024 at 08:30AM GitHub rotated credentials and addressed a vulnerability impacting GitHub.com and GitHub Enterprise Server after receiving a vulnerability report. The security defect allowed access to credentials within a production container but had minimal impact. GitHub resolved the flaw and released patches for GitHub Enterprise Server, also rotating the private GitHub GPG … Read more
January 17, 2024 at 03:15AM GitHub has responded to a security vulnerability by rotating some keys, including the GitHub commit signing key, GitHub Actions, GitHub Codespaces, and Dependabot customer encryption keys. The vulnerability, CVE-2024-0200, has not been exploited in the wild, but GitHub has addressed it with patches. Another bug, CVE-2024-0507, has also been resolved … Read more
January 16, 2024 at 05:23PM GitHub resolved vulnerabilities enabling attackers to access credentials in production containers by patching CVE-2024-0200. The update applies to GitHub Enterprise Server versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. While potential exploitation requires an organization owner role, GitHub rotated exposed credentials and urges swift security update installation. Additionally, a command injection vulnerability … Read more
January 16, 2024 at 02:14PM Google has released security updates to address the first Chrome zero-day vulnerability (CVE-2024-0519) exploited since the beginning of the year. This high-severity flaw in the Chrome V8 JavaScript engine allows attackers to access sensitive data, trigger crashes, and potentially execute arbitrary code. Google also fixed two other vulnerabilities (CVE-2024-0517 and … Read more
January 16, 2024 at 10:23AM Atlassian Confluence Data Center and Server had a critical remote code execution vulnerability (CVE-2023-22527) impacting versions released before December 5, 2023. The flaw allowed unauthenticated attackers to perform remote code execution. Atlassian fixed the vulnerability in later versions and advises users to install the latest version to protect against potential … Read more
January 16, 2024 at 09:39AM Over 178,000 SonicWall firewalls are susceptible to two security vulnerabilities. These flaws could lead to denial-of-service conditions and remote code execution. While there’s no evidence of exploits, a proof-of-concept for one vulnerability has been released. The cybersecurity firm warns that bad actors could use these flaws to trigger repeated crashes … Read more
January 15, 2024 at 12:41PM GitLab admins must urgently apply the latest security patches due to a critical account-bypass vulnerability (CVE-2023-7028) impacting versions 16.1.0 to 16.7.1. Attackers can exploit it to send password reset emails and potentially take over accounts. Enabling 2FA is recommended as a stop-gap mitigation. Other vulnerabilities (CVE-2023-5356, CVE-2023-4812, CVE-2023-6955, and CVE-2023-2030) … Read more
January 14, 2024 at 04:51AM Forescout’s recent findings reveal that the cyber attacks on Denmark’s energy sector in 2023, involving Zyxel firewall vulnerability and Mirai botnet, were not linked to the Russia-based Sandworm group. The attacks consisted of two separate waves and targeted multiple entities across Europe and the U.S., posing ongoing threats to critical … Read more
January 12, 2024 at 05:43PM The Cybersecurity and Infrastructure Security Agency (CISA) added a critical privilege escalation vulnerability, CVE-2023-29357, affecting Microsoft SharePoint servers to its list of Known Exploited Vulnerabilities (KEV). This vulnerability, rated 9.8 out of 10, allows attackers to bypass authentication and gain administrative access. Despite a June patch, active exploitation continues, as … Read more