On January 14, Nick Tait announced the discovery of six vulnerabilities in rsync, the popular file-synchronization tool. While software vulnerabilities are not uncommon, the most serious one he announced allows for remote code execution on servers that run rsyncd — and possibly other configurations. The bug itself is fairly simple, but this event provides a nice opportunity to dig into it, show why it is so serious, and consider ways the open-source community can prevent such mistakes in the future.
The vulnerabilities were found by two groups of researchers: Simon Scannell, Pedro Gallegos, and Jasiel Spelman from Google's Cloud Vulnerability Research identified five of them, including the most serious one. Aleksei Gorban, a security researcher at TikTok, discovered the sixth — a race condition in how rsync handles symbolic links.
ESET researchers have discovered a vulnerability that allows bypassing UEFI Secure Boot, affecting the majority of UEFI-based systems. This vulnerability, assigned CVE-2024-7344, was found in a UEFI application signed by Microsoft’s Microsoft Corporation UEFI CA 2011 third-party UEFI certificate. Exploitation of this vulnerability leads to the execution of untrusted code during system boot, enabling potential attackers to easily deploy malicious UEFI bootkits (such as Bootkitty or BlackLotus) even on systems with UEFI Secure Boot enabled, regardless of the installed operating system.
Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions.
#Apple #Computer #InfoSec #Integrity #Microsoft #Protection #SIP #Security #System #Vulnerability #macOS
Firmware in cellular routers, secure routers and network security appliances made by Moxa are vulnerable to a pair of high severity bugs.
SonicWall is emailing customers urging them to upgrade their firewall's SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is
A vulnerability in DigiEver DS-2105 Pro DVRs is being exploited to spread malware.
The Akamai Security Intelligence Research Team (SIRT) noticed this activity in their honeypots on November 18, 2024.
The vulnerability was originally discovered by Ta-Lun Yen and a CVE identifier has been requested by the Akamai SIRT.
The malware is a Mirai variant that has been modified to use improved encryption algorithms.
We have included a list of indicators of compromise (IoCs) in this blog post to assist in defense against this threat.
An analysis of CVE-2024-8534, a memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway.
TL;DR: zizmor would have caught the vulnerability that caused this…mostly. Read on for details.
CVE-2024-1212 is an unauthenticated command injection found in Progress Kemp LoadMaster load balancer's administrator web interface by Rhino Security Labs.
Our researchers discovered a previously unknown vulnerability on Windows Server 2012 and Server 2012 R2 that allows an attacker to bypass a ...
Attackers can use manipulated archives to try to inject malicious code into 7-Zip users. An update is available.
Exploit attempts for unpatched Citrix vulnerability, Author: Johannes Ullrich
A vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers the ability to steal data and worse.
Did you know there’s widespread exploitation of FortiNet products going on using a zero day, and that there’s no CVE? Now you do.
Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the former Soviet Union.
WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site.
A critical vulnerability in NVIDIA Container Toolkit impacts all AI applications in a cloud or on-premise environment that rely on it to access GPU resources.
Critical severity vulnerability CVE-2024-0132 affecting NVIDIA Container Toolkit and GPU Operator presents high risk to AI workloads and environments.
