exposes
-
HPE Aruba Networking has issued a security advisory warning of multiple critical vulnerabilities affecting Access Points running Instant AOS-8 and AOS-10. The company has released patches addressing these vulnerabilities, which, if exploited, could lead to remote code execution (RCE), unauthorized access, and even full system compromise.
-
Rockwell Automation has recently disclosed multiple critical vulnerabilities in its FactoryTalk ThinManager software, a key component used in industrial control systems.
-
A newly identified security vulnerability in ZoneMinder, a popular open-source video surveillance platform, could allow attackers to gain control over SQL databases, compromising data confidentiality and system integrity. This flaw, tracked as CVE-2024-51482, has been rated with the maximum CVSS score of 10, emphasizing its critical nature. The issue arises from a Boolean-based SQL injection…
-
In a newly released report titled “Pacific Rim,” Sophos X-Ops uncovers a five-year campaign by China-based threat groups targeting high-value infrastructure and government organizations across the Indo-Pacific. These operations involve advanced tactics, including bespoke malware, stealthy persistence mechanisms, and sophisticated operational security. Working alongside other cybersecurity firms, law enforcement, and government agencies, Sophos has linked…
-
Nov 01, 2024Ravie LakshmananVulnerability / Cloud Security
-
The Sysdig Threat Research Team (TRT) has uncovered a global operation, EMERALDWHALE, that has led to the theft of over 15,000 cloud credentials by exploiting exposed Git configuration files. The report highlights an alarming trend in misconfigured web servers that leak credentials, impacting thousands of private repositories and potentially costing victims hundreds of dollars per…
-
Developers using Apache Lucene.NET are urged to update their systems immediately following the discovery of a serious security flaw that could allow attackers to remotely execute malicious code.
-
In a recent in-depth analysis, Christophe Tafani-Dereeper, a prominent Cloud Security Researcher at DATADOG, highlights critical vulnerabilities within Google Cloud’s default service accounts that put cloud environments at risk. Tafani-Dereeper’s findings emphasize how easily these accounts can inadvertently grant overly permissive access, opening doors for attackers to exploit cloud resources.
-
Hackers exploited an RCE flaw to target over 22,000 CyberPanel servers with PSAUX ransomware. Nearly all CyberPanel instances went offline as a result.
-
A significant security vulnerability, CVE-2023-32197, has been identified in RKE2, Rancher’s Kubernetes distribution geared toward high-security environments, including the U.S. Federal Government. The vulnerability, rated with a high severity score of 9.1 on the CVSS scale, affects RKE2 deployments on Windows nodes by allowing unauthorized access to sensitive files through insecure Access Control Lists (ACLs),…
-
WhatsUp Gold, a popular network monitoring software, has identified a significant security vulnerability that could potentially expose numerous organizations to cyber attacks.
-
The SUSE Rancher Security team has recently issued a high-severity advisory, CVE-2022-45157, warning users of a critical vulnerability affecting Rancher’s handling of vSphere’s Cloud Provider Interface (CPI) and Container Storage Interface (CSI) credentials. This flaw, which carries a CVSS score of 9.1, could enable unauthorized access to sensitive credentials in certain Rancher configurations.
-
Grayscale Investments, a prominent crypto asset manager, has reportedly suffered a data breach affecting 693,635 user records.
-
Governance & Risk Management , Patch Management , Vulnerability Assessment & Penetration Testing (VA/PT)
-
Organizations using Open Policy Agent (OPA) for Windows should consider updating to v0.68.0 or later to protect against an authentication hash leakage vulnerability identified in all earlier versions of the open source policy enforcement engine.
-
A critical elevation of privilege (EoP) vulnerability, identified as CVE-2024-43532, has been discovered in the Windows Remote Registry client. This vulnerability potentially allows attackers to relay NTLM authentication and gain unauthorized access to Windows systems. It carries a high CVSS score of 8.8 and affects all unpatched Windows versions. Akamai researcher Stiv Kupchik uncovered the…
-
A newly disclosed vulnerability in multiple SICK products, tracked as CVE-2024-10025, has raised significant cybersecurity concerns across industries relying on the company’s automation and sensor technologies. The vulnerability, classified as critical with a CVSS score of 9.1, could allow remote attackers to gain unauthorized access and compromise the affected devices’ integrity and availability.
-
A new Spectre bypass exploit has exposed vulnerabilities in recent Intel processors and older AMD microarchitectures running Linux, with severe ramifications for ongoing efforts to combat speculative execution attacks.
-
Bitdefender Total Security has been found vulnerable to Man-in-the-Middle (MITM) attacks due to improper certificate validation in its HTTPS scanning functionality.