Aggregator

As AWS continues to evolve, new services and permissions are frequently introduced to enhance functionality and security. This blog provides a comprehensive recap of new sensitive permissions and services added in October 2024. Our intention in sharing this is to flag the most important releases to keep your eye on and update your permissions and […]

The post October Recap: New AWS Sensitive Permissions and Services appeared first on Security Boulevard.

OWASP has released guidance materials addressing how to respond to deepfakes, AI security best practices, and how to secure open source and commercial generative AI applications.

Keep Your Organization Safe with Up-to-Date CVE Information   Cybersecurity vulnerability warnings from the National Institute of Standards and Technology (NIST) continue to identify critical concerns. If not promptly addressed, your organization is at risk. Recent high-severity vulnerabilities highlight the urgent need for timely patching and updates to defend against both existing and new threats. Don’t...

The post Cybersecurity Vulnerability News: October 2024 CVE Roundup appeared first on TrueFort.

The post Cybersecurity Vulnerability News: October 2024 CVE Roundup appeared first on Security Boulevard.

2024年8月13日，微软在“补丁星期二”更新中披露了一个严重漏洞CVE-2024-38063，这是在Windows内核中相当典型的一个漏洞，笔者尝试对其进行原理上的剖析，因时间有限，文章或有遗漏或缺失。

A vulnerability was found in Draytek Vigor 3900 1.5.1.3. It has been declared as critical. Affected by this vulnerability is the function restore of the file mainfunction.cgi. The manipulation leads to command injection. This vulnerability is known as CVE-2024-51252. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Yealink Meeting Server 26.0.0.66. It has been classified as problematic. Affected is an unknown function of the component Server Response Handler. The manipulation of the argument Enterprise ID leads to information disclosure. This vulnerability is traded as CVE-2024-48352. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Yealink Meeting Server 26.0.0.66 and classified as problematic. This issue affects some unknown processing. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-48353. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

The sophisticated Chinese cyberattacks of today rest on important groundwork laid during the pandemic and before.

New LightSpy spyware targets iPhones supporting destructive features that can block compromised devices from booting up. In May 2024, ThreatFabric researchers discovered a macOS version of LightSpy spyware that has been active in the wild since at least January 2024. ThreatFabric observed threat actors using two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver macOS implants. The […]

A vulnerability has been found in SiSMART 7.4.0 and classified as problematic. This vulnerability affects unknown code of the component Dashboard. The manipulation leads to improper control of resource identifiers. This vulnerability was named CVE-2024-48217. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in IBM CICS TX Standard 11.1. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-41744. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Draytek Vigor 3900 1.5.1.3. This affects the function modifyrow of the file mainfunction.cgi. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2024-51248. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Draytek Vigor 3900 1.5.1.3. Affected by this vulnerability is the function doPPPo of the file mainfunction.cgi. The manipulation leads to command injection. This vulnerability is known as CVE-2024-51247. The attack can be launched remotely. There is no exploit available.