Aggregator

Keep Your Organization Safe with Up-to-Date CVE Information   Cybersecurity vulnerability warnings from the National Institute of Standards and Technology (NIST) continue to identify critical concerns. If not promptly addressed, your organization is at risk. Recent high-severity vulnerabilities highlight the urgent need for timely patching and updates to defend against both existing and new threats. Don’t...

The post Cybersecurity Vulnerability News: October 2024 CVE Roundup appeared first on TrueFort.

The post Cybersecurity Vulnerability News: October 2024 CVE Roundup appeared first on Security Boulevard.

2024年8月13日，微软在“补丁星期二”更新中披露了一个严重漏洞CVE-2024-38063，这是在Windows内核中相当典型的一个漏洞，笔者尝试对其进行原理上的剖析，因时间有限，文章或有遗漏或缺失。

A vulnerability was found in Draytek Vigor 3900 1.5.1.3. It has been declared as critical. Affected by this vulnerability is the function restore of the file mainfunction.cgi. The manipulation leads to command injection. This vulnerability is known as CVE-2024-51252. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Yealink Meeting Server 26.0.0.66. It has been classified as problematic. Affected is an unknown function of the component Server Response Handler. The manipulation of the argument Enterprise ID leads to information disclosure. This vulnerability is traded as CVE-2024-48352. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Yealink Meeting Server 26.0.0.66 and classified as problematic. This issue affects some unknown processing. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-48353. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

The sophisticated Chinese cyberattacks of today rest on important groundwork laid during the pandemic and before.

New LightSpy spyware targets iPhones supporting destructive features that can block compromised devices from booting up. In May 2024, ThreatFabric researchers discovered a macOS version of LightSpy spyware that has been active in the wild since at least January 2024. ThreatFabric observed threat actors using two publicly available exploits (CVE-2018-4233, CVE-2018-4404) to deliver macOS implants. The […]

A vulnerability has been found in SiSMART 7.4.0 and classified as problematic. This vulnerability affects unknown code of the component Dashboard. The manipulation leads to improper control of resource identifiers. This vulnerability was named CVE-2024-48217. The attack needs to be initiated within the local network. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in IBM CICS TX Standard 11.1. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-41744. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Draytek Vigor 3900 1.5.1.3. This affects the function modifyrow of the file mainfunction.cgi. The manipulation leads to command injection. This vulnerability is uniquely identified as CVE-2024-51248. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical was found in Draytek Vigor 3900 1.5.1.3. Affected by this vulnerability is the function doPPPo of the file mainfunction.cgi. The manipulation leads to command injection. This vulnerability is known as CVE-2024-51247. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Apple tvOS up to 10.1. This affects an unknown part of the component Security. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2017-2485. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

The post Stop Supply Chain Invaders appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post Stop Supply Chain Invaders appeared first on Security Boulevard.

A vulnerability was found in Accellion Kiteworks up to <=7.5 and classified as critical. Affected by this issue is some unknown functionality of the file /opt/bin/cli. The manipulation leads to incorrect default permissions. This vulnerability is handled as CVE-2016-5662. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

What’s New in CJIS 5.9.5 as it Relates to Firmware Security? n the latest CJIS Security Policy, the FBI is now requiring that IT firmware be verified for integrity and monitored for unauthorized changes. Failure to comply with it can lead to denial of access to information in the CJIS system, as well as monetary […]

The post Getting the Gist of CJIS - 5.9.5 appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post Getting the Gist of CJIS – 5.9.5 appeared first on Security Boulevard.

以国产化终端筑牢数字世界安全防线，以网络安全保险为网安故障兜底

Misconfigurations, weak authentication, and logic flaws are among the main drivers of API security risks at many organizations.