Search cyberveille.decio.ch

Found 63 bookmarks

Custom sorting

Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS

I found a zero-click vulnerability in macOS Calendar, which allows an attacker to add or delete arbitrary files inside the Calendar sandbox environment. This could lead to many bad things including malicious code execution which can be combined with security protection evasion with Photos to compromise users’ sensitive Photos iCloud Photos data. Apple has fixed all of the vulnerabilities between October 2022 and September 2023.

#mikko-kenttala #EN #2024 #Critical #zero-click #macos #vulnerability

·mikko-kenttala.medium.com·Sep 14, 2024

Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS

Progress LoadMaster vulnerable to 10/10 severity RCE flaw

Progress Software has issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allows attackers to remotely execute commands on the device.

#bleepingcomputer #EN #2024 #LoadMaster #Progress-Software #RCE #Remote-Command-Execution #Vulnerability

·bleepingcomputer.com·Sep 8, 2024

Progress LoadMaster vulnerable to 10/10 severity RCE flaw

D-Link says it is not fixing four RCE flaws in DIR-846W routers

D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported.

#bleepingcomputer #EN #2024 #D-Link #End-of-Life #End-of-Service #Hardware #RCE #Remote-Code-Execution #Vulnerability #DIR-846W

·bleepingcomputer.com·Sep 7, 2024

D-Link says it is not fixing four RCE flaws in DIR-846W routers

Recent SonicWall Firewall Vulnerability Potentially Exploited in the Wild

SonicWall is warning customers that the recently patched critical vulnerability CVE-2024-40766 may be exploited in the wild.

#securityweek #EN #2024 #Vulnerability #CVE-2024-40766 #exploited

·securityweek.com·Sep 6, 2024

Recent SonicWall Firewall Vulnerability Potentially Exploited in the Wild

Veeam warns of critical RCE flaw in Backup & Replication software

Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One.

#bleepingcomputer #EN #2024 #RCE #Remote-Code-Execution #Veeam #Veeam-Backup-&-Replication #Veeam-ONE #Vulnerability

·bleepingcomputer.com·Sep 6, 2024

Veeam warns of critical RCE flaw in Backup & Replication software

Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day

The Akamai Security Intelligence and Response Team (SIRT) has observed a botnet campaign that is abusing several previously exploited vulnerabilities, as well as a zero-day vulnerability discovered by the SIRT. CVE-2024-7029 (discovered by Aline Eliovich) is a command injection vulnerability found in the brightness function of AVTECH closed-circuit television (CCTV) cameras that allows for remote code execution (RCE). Once injected, the botnet spreads a Mirai variant with string names that reference the COVID-19 virus that has been seen since at least 2020. * We have included a list of indicators of compromise (IOCs) to assist in defense against this threat.

#akamai #EN #2024 #botnet #Mirai #AVTECH #zero-day #vulnerability #CCTV #CVE-2024-7029

·akamai.com·Aug 29, 2024

Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S.…

#krebsonsecurity #EN #2024 #Versa-Director #zero-day #vulnerability #Volt-Typhoon

·krebsonsecurity.com·Aug 27, 2024

New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

The gift that keeps on giving: A new opportunistic Log4j campaign

In this post, we analyze a new opportunistic exploitation campaign based on the Log4j vulnerability.

#datadoghq #EN #2024 #Log4j #campaign #vulnerability #CVE-2021-44228

·securitylabs.datadoghq.com·Aug 26, 2024

The gift that keeps on giving: A new opportunistic Log4j campaign

Microsoft Copilot Studio Vulnerability Led to Information Disclosure

A vulnerability in Microsoft Copilot Studio could be exploited to access sensitive information on the internal infrastructure used by the service, Tenable reports. The flaw, tracked as CVE-2024-38206 (CVSS score of 8.5) and described as a ‘critical’ information disclosure bug, has been fully mitigated, Microsoft said in an August 6 advisory.

#securityweek #EN #2024 #Microsoft #Copilot #Studio #Vulnerability #information #disclosure #bug #CVE-2024-38206

·securityweek.com·Aug 24, 2024

Microsoft Copilot Studio Vulnerability Led to Information Disclosure

Data Exfiltration from Slack AI via indirect prompt injection

This vulnerability can allow attackers to steal anything a user puts in a private Slack channel by manipulating the language model used for content generation. This was responsibly disclosed to Slack (more details in Responsible Disclosure section at the end).

#promptarmor #EN #2024 #Slack #prompt-injection #LLM #vulnerability #steal #indirect-prompt #injection

·promptarmor.substack.com·Aug 20, 2024

Data Exfiltration from Slack AI via indirect prompt injection

Windows driver zero-day exploited by Lazarus hackers to install rootkit

The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. #BYOVD #Bring #CVE-2024-38193 #Driver #Group #Lazarus #Microsoft #Own #Vulnerability #Your #Zero-Day

#bleepingcomputer #EN #2024 #Your #Lazarus #Own #BYOVD #Driver #Zero-Day #Vulnerability #Bring #CVE-2024-38193 #Group #Microsoft

·bleepingcomputer.com·Aug 20, 2024

Windows driver zero-day exploited by Lazarus hackers to install rootkit

SolarWinds fixes critical RCE bug affecting all Web Help Desk versions

A critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a security advisory today.

#bleepingcomputer #EN #2024 #Hotfix #Remote-Command-Execution #SolarWinds #Vulnerability #Web-Help-Desk

·bleepingcomputer.com·Aug 16, 2024

SolarWinds fixes critical RCE bug affecting all Web Help Desk versions

Critical SAP flaw allows remote attackers to bypass authentication

SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the system.

#bleepingcomputer #EN #2024 #Authentication-Bypass #SAP #SSRF #Vulnerability #CVE-2024-41730

·bleepingcomputer.com·Aug 13, 2024

Critical SAP flaw allows remote attackers to bypass authentication

Compromising Microsoft's AI Healthcare Chatbot Service

Tenable finds privilege-escalation issues in Azure Health Bot via an SSRF, which allowed access to cross-tenant resources.

#tenable #en #2024 #azure #azure-health-bot #tenable-research #ssrf #vulnerability #cross-tenant-access #artificial-intelligence #ai-security

·tenable.com·Aug 13, 2024

Compromising Microsoft's AI Healthcare Chatbot Service

‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections

Researchers warn that a bug in AMD’s chips would allow attackers to root into some of the most privileged portions of a computer—and that it has persisted in the company’s processors for decades.

#wired #EN #2024 #Sinkclose #AMD #CPU #Vulnerability #TClose

·wired.com·Aug 9, 2024

‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections

Telegram zero-day allowed sending malicious Android APKs as videos

A Telegram for Android zero-day vulnerability dubbed 'EvilVideo' allowed attackers to send malicious Android APK payloads disguised as video files.

#bleepingcomputer #EN #2024 #0-day #Computer #APK #EvilVideo #Telegram #Mobile #Zero-Day #InfoSec #Android #Vulnerability

·bleepingcomputer.com·Jul 23, 2024

Telegram zero-day allowed sending malicious Android APKs as videos

Critical Exim bug bypasses security filters on 1.5 million mail servers

Censys warns that over 1.5 million Exim mail transfer agent (MTA) instances are unpatched against a critical vulnerability that lets threat actors bypass security filters.

#bleepingcomputer #EN #2024 #Bypass #Email #Exim #Mail #Security-Bypass #Vulnerability

·bleepingcomputer.com·Jul 12, 2024

Critical Exim bug bypasses security filters on 1.5 million mail servers

Patch or Peril: A Veeam vulnerability incident

Delaying security updates and neglecting regular reviews created vulnerabilities that were exploited by attackers, resulting in severe ransomware consequences. Initial access via FortiGate Firewall SSL VPN using a dormant account Deployed persistent backdoor (“svchost.exe”) on the failover server, and conducted lateral movement via RDP. Exploitation attempts of CVE-2023-27532 was followed by activation of xp_cmdshell and rogue user account creation. Threat actors made use of NetScan, AdFind, and various tools provided by NirSoft to conduct network discovery, enumeration, and credential harvesting. * Windows Defender was permanently disabled using DC.exe, followed by ransomware deployment and execution with PsExec.exe.

#group-ib #EN #2024 #Veeam #vulnerability #incident #ransomware #FortiGate #NirSoft

·group-ib.com·Jul 12, 2024

Patch or Peril: A Veeam vulnerability incident

New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere

Ubiquitous RADIUS scheme uses homegrown authentication based on MD5. Yup, you heard right.

#arstechnica #EN #2024 #blastradius #RADIUS #vulnerability

·arstechnica.com·Jul 10, 2024

New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere

BLAST RADIUS

Blast-RADIUS is a vulnerability that affects the RADIUS protocol. RADIUS is a very common protocol used for authentication, authorization, and accounting (AAA) for networked devices on enterprise and telecommunication networks.

#blastradius #EN #2024 #RADIUS #vulnerability #protocol

·blastradius.fail·Jul 10, 2024

BLAST RADIUS

CVE-2024-38021: Moniker RCE Vulnerability Uncovered in Microsoft Outlook

Morphisec researchers have discovered an important Microsoft Outlook vulnerability. Read on for CVE-2024- 38021 details and technical impact.

#morphisec #EN #2024 #CVE-2024-38021Microsoft #Outlook #vulnerability #July2024-PatchTuesday

·blog.morphisec.com·Jul 10, 2024

CVE-2024-38021: Moniker RCE Vulnerability Uncovered in Microsoft Outlook

New Intel CPU Vulnerability 'Indirector' Exposes Sensitive Data

Discover how the 'Indirector' attack threatens Intel CPUs and learn about the 'TIKTAG' vulnerability in Arm processors.

#thehackernews #EN #2024 #Indicator #Intel #CPU #Vulnerability

·thehackernews.com·Jul 7, 2024

New Intel CPU Vulnerability 'Indirector' Exposes Sensitive Data

RoguePuppet – A Critical Puppet Forge Supply Chain Vulnerability

What if there was a supply chain attack that could provide an attacker with direct access to core infrastructure within thousands of companies worldwide. What if that attack required no social engi…

#adnanthekhan #EN #2024 #Critical #Puppet #Forge #Vulnerability #Supply-Chain-Attack

·adnanthekhan.com·Jul 5, 2024

RoguePuppet – A Critical Puppet Forge Supply Chain Vulnerability

Critical GitLab bug lets attackers run pipelines as any user

A critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines as any user.

#bleepingcomputer #EN #2024 #GitLab #Pipeline #Security-Advisory #Vulnerability

·bleepingcomputer.com·Jun 27, 2024

Critical GitLab bug lets attackers run pipelines as any user

Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application

Critical security flaw in Fortra FileCatalyst Workflow allows database tampering. Patch available.

#thehackernews #EN #2024 #Critical #SQLi #Vulnerability #Fortra #FileCatalyst #Workflow #Application #CVE-2024-5276

·thehackernews.com·Jun 27, 2024

Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application

UEFIcanhazbufferoverflow: Widespread Impact from Vulnerability in Popular PC and Server Firmware

Summary Eclypsium Automata, our automated binary analysis system, has identified a high impact vulnerability (CVE-2024-0762 with a reported CVSS of 7.5) in the Phoenix SecureCore UEFI firmware that runs on multiple families of Intel Core desktop and mobile processors. The issue involves an unsafe variable in the Trusted Platform Module (TPM) configuration that could lead […]

#eclypsium.com #EN #2024 #UEFIcanhazbufferoverflow #Vulnerability #Phoenix #CVE-2024-0762 #SecureCore #UEFI

·eclypsium.com·Jun 26, 2024

UEFIcanhazbufferoverflow: Widespread Impact from Vulnerability in Popular PC and Server Firmware

Facebook PrestaShop module exploited to steal credit cards

Hackers are exploiting a flaw in a premium Facebook module for PrestaShop named pkfacebook to deploy a card skimmer on vulnerable e-commerce sites and steal people's payment credit card details.

#bleepingcomputer #EN #2024 #E-Commerce #Prestashop #SQL-Injection #Vulnerability #Website

·bleepingcomputer.com·Jun 24, 2024

Facebook PrestaShop module exploited to steal credit cards

Zero-Click Critical Microsoft Outlook Vulnerability. What You Need to Know.

Critical Microsoft Outlook vulnerability, CVE-2024-30103, and step-by-step instructions to force an update to all your end points.

#ironscales #EN #2024 #CVE-2024-30103 #Microsoft #Outlook #vulnerability

·ironscales.com·Jun 19, 2024

Zero-Click Critical Microsoft Outlook Vulnerability. What You Need to Know.

Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers

Arm discloses a critical vulnerability (CVE-2024-4610) in Mali GPU Kernel Drivers. This flaw, actively exploited, affects versions from r34p0 to r40p0

#thehackernews #EN #2024 #ARM #CVE-2024-4610 #Mali #GPU #Kernel #Drivers #ero-Day #Vulnerability

·thehackernews.com·Jun 15, 2024

Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers

Black Basta ransomware gang linked to Windows zero-day attacks

The Cardinal cybercrime group (Storm-1811, UNC4394), who are the main operators of the Black Basta ransomware, is suspected of exploiting a Windows privilege escalation vulnerability, CVE-2024-26169, before a fix was made available.

#bleepingcomputer #en #2024 #Actively-Exploited #Black-Basta #Ransomware #Vulnerability #Zero-Day #CVE-2024-26169

·bleepingcomputer.com·Jun 15, 2024

Black Basta ransomware gang linked to Windows zero-day attacks