#vulnerability

SUMMARY Veeam, a leading provider of backup, recovery, and data management solutions, has issued urgent security updates to…

In a letter to the Department of Defense, senators Ron Wyden and Eric Schmitt are calling for an investigation into fallout from the Salt Typhoon espionage campaign.

INC Ransom, a Russian-leanguage ransomware group has claimed responsibility for the ransomware attack on two NHS, hospitals.

Secure your cryptocurrency with key cybersecurity strategies. Safeguard your digital assets from hacks, scams, and vulnerabilities using hardware…

### Summary A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through `gh run download`. ### Details This vulnerability stems from a GitHub Actions workflow artifact named `..` when downloaded using `gh run download`. The artifact name and `--dir` flag are used to determine the artifact’s download path. When the artifact is named `..`, the resulting files within the artifact are extracted exactly 1 directory higher than the specified `--dir` flag value. In `2.63.1`, `gh run download` will not download artifacts named `..` and `.` and instead exit with the following error message: ``` error downloading ..: would result in path traversal ``` ### Impact Successful exploitation heightens the risk of local path traversal attack vectors exactly 1 directory higher than intended. ### Remediation and Mitigation 1. Upgrade `gh` to `2.63.1` 2. Implem...

Proposals from Google and Apple drastically reduce the life cycle of certificates, which should mean more oversight — and hopefully better control.

About Elevation of Privilege – Windows Task Scheduler (CVE-2024-49039) vulnerability. It was released on November Microsoft Patch Tuesday and showed signs of exploitation in the wild right away. To exploit the vulnerability, an authenticated attacker runs a specially crafted application on the target system. The attack can be performed from an AppContainer restricted environment. Using […]

The vulnerability was first identified in 2014.

Veeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances. The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was identified during internal testing. "From the VSPC management agent machine, under

A critical security vulnerability has been disclosed in SailPoint's IdentityIQ identity and access management (IAM) software that allows unauthorized access to content stored within the application directory. The flaw, tracked as CVE-2024-10905, has a CVSS score of 10.0, indicating maximum severity. It affects IdentityIQ versions 8.2. 8.3, 8.4, and other previous versions. IdentityIQ "allows