#web

SUMMARY Cybersecurity researchers at Group-IB have exposed an ongoing phishing operation that has been targeting employees and associates from…

Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution. The list of vulnerabilities is as follows - CVE-2024-11639 (CVSS score: 10.0) - An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote

The design of the gun police say they found on the alleged UnitedHealthcare CEO’s killer—the FMDA or “Free Men Don’t Ask”—was released by a libertarian group.

December Microsoft Patch Tuesday. 89 CVEs, of which 18 were added since November MSPT. 1 vulnerability with signs of exploitation in the wild: 🔻 EoP – Windows Common Log File System Driver (CVE-2024-49138). There are no details about this vulnerability yet. Strictly speaking, there was another vulnerability that was exploited in the wild: EoP – […]

Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the execution of arbitrary code on the victim's machine.

The threat actor group recently took credit for a similar attack on Blue Yonder that affected multiple organizations, including Starbucks.

Because the streaming service website offers no content restrictions, attackers are able to hijack and manipulate live streams.

The Nemesis and ShinyHunters attackers scanned millions of IP addresses to find exploitable cloud-based flaws, though their operation ironically was discovered due to a cloud misconfiguration of their own doing.

Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: LabVIEW Vulnerabilities: Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose information or execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following National Instruments products are affected: LabVIEW 2024: Versions Q3 (24.3f0) and prior LabVIEW 2023: All versions LabVIEW 2022: All versions LabVIEW 2021 (EOL) and below: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 OUT-OF-BOUNDS READ CWE-125 An out-of-bounds read exists in the HeapObjMapImpl function, which may allow an attacker to disclose information or execute arbitrary code. CVE-2024-10494 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-10494. A base score of 8.5 h...