July 26, 2024 at 09:37AM Progress Software’s latest security advisory warns about a critical CVE-2024-6327 vulnerability in Telerik Report Server, with potential for remote code execution on versions prior to 10.1.24.709. There’s special concern due to previous successful attacks via a similar vulnerability. Another CVE-2024-6096 vulnerability in Telerik Reporting also poses a serious risk, requiring … Read more
July 15, 2024 at 11:10AM Microsoft released a patch to fix a zero-day exploit, CVE-2024-38112, in its proprietary browser engine for Internet Explorer, without crediting Trend Micro’s Zero Day Initiative (ZDI) which had reported the vulnerability to Redmond in May. ZDI contends that the flaw is a critical remote code execution issue, while Microsoft deems … Read more
July 8, 2024 at 04:37AM Four critical security flaws have been identified in the Gogs open-source Git service, allowing attackers to execute arbitrary commands, steal source code, and plant backdoors. The vulnerabilities, disclosed by SonarSource researchers, require authentication for exploitation. The project maintainers have not implemented fixes, and users are advised to take precautions while … Read more
July 5, 2024 at 07:52AM This week’s cybersecurity news roundup includes an Australian man charged for creating ‘evil twin’ Wi-Fi networks, dozens of vulnerabilities found in Sharp and Toshiba printers, a data breach at the Egyptian Health Department, and hacking of smart grills. Also covered are a Pakistan-linked Android spyware targeting gamers and weapons enthusiasts, … Read more
June 28, 2024 at 04:15PM Wireless providers prioritize uptime and lag time at the expense of security, leaving users vulnerable to attacks. At Black Hat 2024, Penn State researchers will reveal how hackers can exploit 5G to intercept Internet traffic, leading to spying and phishing. The researchers have reported vulnerabilities to 5G vendors, but a … Read more
June 21, 2024 at 03:44PM Cryptocurrency theft prompts Security Alliance, formed by industry giants, to address cyber resilience with initiatives like Seal 911 and Whitehat Legal Defense Fund. The latter offers legal aid to ethical researchers facing expenses, emphasizing good-faith hacking and public safety commitment. Accused bad-faith actor complicates the issue for Kraken. From the … Read more
June 17, 2024 at 09:07PM Chinese cybersecurity experts have dramatically improved over the past decade, growing from hesitant participants to dominant players in global hack competitions and bug bounty programs. The Chinese government leverages its civilian hackers to strengthen its cyber-offensive capabilities. China’s cyber pipeline, focusing on practical cybersecurity and vulnerability disclosure, has significantly benefited … Read more
June 14, 2024 at 03:00AM YesWeHack, a French bug bounty and vulnerability disclosure policy company, has raised €26 million in a Series C funding round, bringing its total raised to over $52 million. The investment was led by Wendel, with additional capital from other partners. YesWeHack plans to use the funds to invest in AI, … Read more
June 6, 2024 at 08:18AM Kiuwan, a code security firm owned by US-based Idera, took almost two years to patch critical vulnerabilities in its SAST and Local Analyzer products. Discovered by SEC Consult, the flaws included XSS, XXE injection, privilege escalation, and IDOR issues, posing significant security risks to users. Despite extensive coordination, Kiuwan’s response … Read more
June 3, 2024 at 02:01PM Researchers have demonstrated a chained remote code execution vulnerability on Progress Telerik Report Servers. The exploit, developed by Sina Kheirkha with assistance from Soroush Dalili, involves an authentication bypass and deserialization issue. Urgent updates (Telerik Report Server 2024 Q2 10.1.24.514 or later) are recommended. Progress Software’s history warrants prompt action … Read more