Search
Items tagged with: Vulnerability
Risky Biz News: Feds seize BreachForums again
In other news: The Netherlands criminalizes cyber-espionage; US arrests woman running laptop farm for DPRK IT workers; major hack at Australian healthcare org.Catalin Cimpanu (Risky.Biz)
Happy #PatchTuesday from Microsoft. 61 vulnerabilities, 3 zero days:
- CVE-2024-30051 (7.8 high) Windows DWM Core Library Elevation of Privilege Vulnerability publicly disclosed and exploited
- CVE-2024-30040 (8.8 high) Windows MSHTML Platform Security Feature Bypass Vulnerability exploited
- CVE-2024-30046 (5.9 medium) Visual Studio Denial of Service Vulnerability publicly disclosed
cc: @campuscodi @briankrebs @mttaggart @deepthoughts10
#eitw #activeexploitation #Microsoft #vulnerability #zeroday #MSRC #CVE_2024_30040 #CVE_2024_30046 #CVE_2024_30051
"There are no ways to prevent such attacks"
Well that's concerning...
"except when the user's VPN runs on Linux or Android"
Oh. Well then.
Novel attack against virtually all VPN apps neuters their entire purpose
TunnelVision vulnerability has existed since 2002 and may already be known to attackers.Ars Technica
#Windows #vulnerability reported by the #NSA exploited to install Russian #malware
When Microsoft patched the vulnerability in October 2022βat least two years after it came under #attack by the Russian hackersβthe company made no mention that it was under active exploitation.
#patch #update #exploit #Russia #security #CyberSecurity #news #os #software #hack #hacker
Windows vulnerability reported by the NSA exploited to install Russian malware
Microsoft didn't disclose the in-the-wild exploits by Kremlin-backed group until now.Ars Technica
#CVE-2024-20356: #Jailbreaking a #Cisco appliance to run #DOOM
In this adventure, the Cisco #C195 device family was jailbroken in order to run unintended code. This includes the discovery of a vulnerability in the #CIMC body management controller which affects a range of different devices, whereby an authenticated high privilege user can obtain underlying root access to the serverβs #BMC (CVE-2024-20356) which in itself has high-level access to various other components in the system. The end goal was to run DOOM β if a smart fridge can do it, why not Cisco?
source: https://labs.nettitude.com/blog/cve-2024-20356-jailbreaking-a-cisco-appliance-to-run-doom/
#software #security #bug #network #game #news #vulnerability #exploit #hack #hacker
CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM - LRQA Nettitude Labs
Exploiting remote code execution in Cisco's CIMC management system and jailbreaking the device to run untrusted codeAaron Thacker (LRQA Nettitude Labs)