Skip to main content

Search

Items tagged with: Vulnerability

Very excited to have the SSID Confusion attack report that I authored with @vanhoefm included in today's Risky Biz newsletter by @campuscodi - if you aren't signed up already, get right on it, it's required daily reading imho https://news.risky.biz/risky-biz-news-feds-seize-breachforums-again/ #vpn #wifi #vulnerability #infosec #cybersecurity

Risky Biz News: Feds seize BreachForums again

In other news: The Netherlands criminalizes cyber-espionage; US arrests woman running laptop farm for DPRK IT workers; major hack at Australian healthcare org.
Catalin Cimpanu (Risky.Biz)
#infosec #cybersecurity #vpn #vulnerability #WiFi @Mathy Vanhoef @Catalin Cimpanu

Happy #PatchTuesday from Microsoft. 61 vulnerabilities, 3 zero days:

  • CVE-2024-30051 (7.8 high) Windows DWM Core Library Elevation of Privilege Vulnerability publicly disclosed and exploited
  • CVE-2024-30040 (8.8 high) Windows MSHTML Platform Security Feature Bypass Vulnerability exploited
  • CVE-2024-30046 (5.9 medium) Visual Studio Denial of Service Vulnerability publicly disclosed

cc: @campuscodi @briankrebs @mttaggart @deepthoughts10

#eitw #activeexploitation #Microsoft #vulnerability #zeroday #MSRC #CVE_2024_30040 #CVE_2024_30046 #CVE_2024_30051

Security Update Guide - Microsoft Security Response Center

msrc.microsoft.com
#microsoft #vulnerability #activeexploitation #eitw #zeroday #patchtuesday #msrc #cve_2024_30040 #cve_2024_30046 #cve_2024_30051 @BrianKrebs @Catalin Cimpanu @Brian Clark @Taggart :donor:

"There are no ways to prevent such attacks"

Well that's concerning...

"except when the user's VPN runs on Linux or Android"

Oh. Well then.

https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/

#VPN #Vulnerability #Security


Novel attack against virtually all VPN apps neuters their entire purpose

TunnelVision vulnerability has existed since 2002 and may already be known to attackers.
Ars Technica
#security #vpn #vulnerability

#Windows #vulnerability reported by the #NSA exploited to install Russian #malware


Source: https://arstechnica.com/security/2024/04/kremlin-backed-hackers-exploit-critical-windows-vulnerability-reported-by-the-nsa/

When Microsoft patched the vulnerability in October 2022β€”at least two years after it came under #attack by the Russian hackersβ€”the company made no mention that it was under active exploitation.


#patch #update #exploit #Russia #security #CyberSecurity #news #os #software #hack #hacker


Windows vulnerability reported by the NSA exploited to install Russian malware

Microsoft didn't disclose the in-the-wild exploits by Kremlin-backed group until now.
Ars Technica
#security #News #software #os #Russia #cybersecurity #attack #Windows #malware #hacker #NSA #hack #vulnerability #exploit #update #patch

#CVE-2024-20356: #Jailbreaking a #Cisco appliance to run #DOOM


In this adventure, the Cisco #C195 device family was jailbroken in order to run unintended code. This includes the discovery of a vulnerability in the #CIMC body management controller which affects a range of different devices, whereby an authenticated high privilege user can obtain underlying root access to the server’s #BMC (CVE-2024-20356) which in itself has high-level access to various other components in the system. The end goal was to run DOOM – if a smart fridge can do it, why not Cisco?


source: https://labs.nettitude.com/blog/cve-2024-20356-jailbreaking-a-cisco-appliance-to-run-doom/

#software #security #bug #network #game #news #vulnerability #exploit #hack #hacker


CVE-2024-20356: Jailbreaking a Cisco appliance to run DOOM - LRQA Nettitude Labs

Exploiting remote code execution in Cisco's CIMC management system and jailbreaking the device to run untrusted code
Aaron Thacker (LRQA Nettitude Labs)
#security #News #software #bug #hacker #hack #game #vulnerability #exploit #network #doom #cisco #CVE-2024-20356 #Jailbreaking #C195 #CIMC #BMC

⇧