July 4, 2024 at 06:37AM Microsoft has disclosed two security vulnerabilities in Rockwell Automation PanelView Plus, which could be exploited by remote attackers for remote code execution and denial-of-service (DoS) attacks. These flaws are tracked as CVE-2023-2071 and CVE-2023-29464, impacting FactoryTalk View Machine Edition and FactoryTalk Linx. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) … Read more
July 2, 2024 at 03:39AM CocoaPods, a widely used open-source dependency manager for Swift and Objective-C apps, was found to have left thousands of packages exposed to takeover for nearly a decade. Security researchers from EVA Information Security identified multiple vulnerabilities, including supply chain attack opportunities, and potential remote code execution. The CocoaPods team has … Read more
July 1, 2024 at 10:07AM Apple’s AI initiatives have significant implications for hardware security, with an emphasis on customer privacy and extensive private infrastructure control. This includes secure lockboxes for AI queries and embedded security features in device and server chips. In contrast, rivals face security complexities with their diverse cloud and chip partnerships, raising … Read more
June 29, 2024 at 11:24AM Hackers are exploiting a critical vulnerability (CVE-2024-0769) in D-Link DIR-859 WiFi routers to access sensitive data, including account information and passwords. Despite the router being end-of-life, D-Link has released a security advisory warning about the flaw in the “fatlady.php” file. This issue poses a significant security risk, and users are … Read more
June 28, 2024 at 10:43AM GitLab released updates addressing 14 security flaws, including a critical vulnerability allowing unauthorized execution of CI/CD pipelines. The most severe flaw, CVE-2024-5655 (CVSS score: 9.6), impacts versions 15.8 to 17.1, with 17.1.1, 17.0.3, and 16.11.5 providing fixes. While there’s no active exploitation, users are urged to apply patches. Key takeaways … Read more
June 27, 2024 at 04:34PM Personal data and documents of users from popular apps have been exposed to cybercriminals by AU10TIX, a Tel Aviv-based identity verification company. The leaked data includes sensitive personal information such as names, birth dates, nationalities, and images of ID documents. AU10TIX initially claimed to have resolved the issue, but the … Read more
June 27, 2024 at 10:04AM GitLab released security patches for GitLab Community Edition and Enterprise Edition, addressing 14 vulnerabilities, including critical and high-severity flaws. The critical issue, CVE-2024-5655, could allow unauthorized pipeline triggering. The updates also address various vulnerabilities, including cross-site scripting and improper authorization. Users are advised to update to versions 17.1.1, 17.0.3, or … Read more
June 26, 2024 at 01:04PM Fortra FileCatalyst Workflow has a critical SQL injection vulnerability (CVE-2024-5276) discovered by Tenable researchers. It allows remote unauthenticated attackers to create rogue admin users and manipulate data on the application database. Exploitation requires enabled anonymous access on the target instance. A public exploit is available, and fixes are provided in … Read more
June 26, 2024 at 09:06AM “Snowblind,” a new malware targeting Southeast Asian banking apps, exploits the Linux security feature “seccomp” to isolate applications from detecting tampering, thwarting existing anti-tampering measures. This forces developers and security experts to adapt and find new strategies to counter such attacks, as traditional defense mechanisms become less effective against this … Read more
June 25, 2024 at 05:59PM A critical security flaw in Progress Software’s MOVEit Transfer enables attackers to bypass authentication protocols and has been actively exploited shortly after being disclosed. The vulnerability, CVE-2024-5806 with CVSS 7.4, affects specific versions of MOVEit Transfer. Urgent patching is recommended due to the potential for cybercriminal exploitation and compromise of … Read more