Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

IR Trends: Ransomware on the rise, while technology becomes most targeted sector

Although there was a decrease in BEC engagements from last quarter, it was still a major threat for the second quarter in a row.

TALOS
Open in Source
#sql#vulnerability#web#ios#mac#windows#microsoft#linux#cisco#dos#git#c++#perl#samba#auth#ssh
Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform

Cybersecurity researchers have disclosed a privilege escalation vulnerability impacting Google Cloud Platform's Cloud Functions service that an attacker could exploit to access other services and sensitive data in an unauthorized manner. Tenable has given the vulnerability the name ConfusedFunction. "An attacker could escalate their privileges to the Default Cloud Build Service Account and

CVE-2024-38103: Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to take additional actions prior to exploitation to prepare the target environment.

CVE-2024-39379: Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

**Why is this Adobe CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in Adobe Software which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. **How can I see the version of the browser?** 1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window 2. Click on **Help and Feedback** 3. Click on **About Microsoft Edge**

Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins

Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ) under specific circumstances. Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating maximum severity. "An attacker could exploit a bypass using an API request with Content-Length set

CISA Warns of Exploitable Vulnerabilities in Popular BIND 9 DNS Software

The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could be exploited to trigger a denial-of-service (DoS) condition. "A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition," the U.S. Cybersecurity and

Pro-Palestinian Actor Levels 6-Day DDoS Attack on UAE Bank

DDoS cyberattack campaign averaged 4.5 million requests per second, putting the bank under attack 70% of the time.

Small Businesses Need Default Security in Products Now

Small businesses are increasingly being targeted by cyberattackers. Why, then, are security features priced at a premium?

Fighting Third-Party Risk With Threat Intelligence

With every new third-party provider and partner, an organization's attack surface grows. How, then, do enterprises use threat intelligence to enhance their third-party risk management efforts?

GHSA-vprp-94p9-5jp8: Dolibarr ERP CRM vulnerable to remote code execution (RCE)

Dolibarr ERP CRM before 19.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the Computed field parameter under the Users Module Setup function.