#mac

A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country. Google-owned Mandiant is tracking the activity cluster under a new moniker APT45, which overlaps with names such as Andariel, Nickel Hyatt,

Multi Store Inventory Management System version 1.0 suffers from an insecure direct object reference vulnerability.

Although there was a decrease in BEC engagements from last quarter, it was still a major threat for the second quarter in a row.

Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ) under specific circumstances. Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating maximum severity. "An attacker could exploit a bypass using an API request with Content-Length set

Gentoo Linux Security Advisory 202407-28 - A vulnerability has been discovered in Freenet, which can lead to deanonymization due to path folding. Versions greater than or equal to 0.7.5_p1497 are affected.

Gentoo Linux Security Advisory 202407-27 - Multiple vulnerabilities have been discovered in ExifTool, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 12.42 are affected.

SIM Wisuda version 1.0 suffers from an insecure direct object reference vulnerability.

Gentoo Linux Security Advisory 202407-26 - A vulnerability has been discovered in Dmidecode, which can lead to privilege escalation. Versions greater than or equal to 3.5 are affected.

Webdenim AppUI version 1.0 suffers from an insecure direct object reference vulnerability.

Red Hat Security Advisory 2024-4757-03 - An update for libvirt is now available for Red Hat Enterprise Linux 9. Issues addressed include a use-after-free vulnerability.