Cloud Security Alliance News Clipping Site

Tag: Exploitation

  • The Register: Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/18/vmware_vcenter_rce_exploited/ Source: The Register Title: Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble Feedly Summary: If you didn’t fix this a month ago, your to-do list probably needs a reshuffle Two VMware vCenter server bugs, including a critical heap-overflow vulnerability that leads to remote code execution (RCE), have been exploited in…

  • Alerts: CISA Adds Three Known Exploited Vulnerabilities to Catalog

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/11/18/cisa-adds-three-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Three Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability CVE-2024-9474 Palo Alto Networks PAN-OS…

  • Rekt: Polter Finance

    by

    system automation
    in

    Source URL: https://www.rekt.news/polter-finance-rekt Source: Rekt Title: Polter Finance Feedly Summary: After losing roughly $8.7 million to a textbook case of oracle manipulation, Polter Finance is scrambling to clean up the mess. Their unaudited protocol left key vulnerabilities wide open, and now they’re facing the fallout. Another day, another lesson in DeFi’s recklessness. AI Summary and…

  • Schneier on Security: Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days

    by

    system automation
    in

    Source URL: https://www.schneier.com/blog/archives/2024/11/most-of-2023s-top-exploited-vulnerabilities-were-zero-days.html Source: Schneier on Security Title: Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days Feedly Summary: Zero-day vulnerabilities are more commonly used, according to the Five Eyes: Key Findings In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority…

  • Hacker News: Nothing-up-my-sleeve number

    by

    system automation
    in

    Source URL: https://en.wikipedia.org/wiki/Nothing-up-my-sleeve_number Source: Hacker News Title: Nothing-up-my-sleeve number Feedly Summary: Comments AI Summary and Description: Yes Summary: The text provides an in-depth exploration of “nothing-up-my-sleeve” numbers in cryptography, examining their importance in ensuring the integrity and security of cryptographic algorithms. This analysis is particularly relevant for professionals in security and compliance, as it highlights…

  • Hacker News: Teen serial swatter-for-hire busted, pleads guilty, could face 20 years

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/18/teenage_serial_swatterforhire_busted/ Source: Hacker News Title: Teen serial swatter-for-hire busted, pleads guilty, could face 20 years Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses various significant incidents in cybersecurity, including a teenager convicted of swatting, critical vulnerabilities in software, an ongoing debate regarding protections for cybersecurity researchers in international law,…

  • Hacker News: Reverse Engineering iOS 18 Inactivity Reboot

    by

    system automation
    in

    Source URL: https://naehrdine.blogspot.com/2024/11/reverse-engineering-ios-18-inactivity.html Source: Hacker News Title: Reverse Engineering iOS 18 Inactivity Reboot Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the new inactivity reboot feature in iOS 18, which adds a significant layer of security by forcing a device reboot after three days of inactivity. This feature aims to protect…

  • Hacker News: A new vulnerability on IPv6 parsing in linux

    by

    system automation
    in

    Source URL: https://nvd.nist.gov/vuln/detail/CVE-2024-50252 Source: Hacker News Title: A new vulnerability on IPv6 parsing in linux Feedly Summary: Comments AI Summary and Description: Yes Summary: The text details a recently resolved memory leak vulnerability (CVE-2024-50252) in the Linux kernel associated with the `mlxsw` driver when handling remote IPv6 addresses. This vulnerability presents significant implications for IT…

  • The Register: Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/15/palo_alto_networks_firewall_zeroday/ Source: The Register Title: Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit Feedly Summary: Yank access to management interface, stat A critical zero-day vulnerability in Palo Alto Networks’ firewall management interface that can allow an unauthenticated attacker to remotely execute code is now officially under active exploitation.… AI Summary and…

  • Google Online Security Blog: Retrofitting Spatial Safety to hundreds of millions of lines of C++

    by

    system automation
    in

    Source URL: https://security.googleblog.com/2024/11/retrofitting-spatial-safety-to-hundreds.html Source: Google Online Security Blog Title: Retrofitting Spatial Safety to hundreds of millions of lines of C++ Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the exploitation of spatial memory safety vulnerabilities in C++ code, representing a significant security risk. Google’s initiative to enhance memory safety through the implementation…