Dec 27, 2024Ravie LakshmananVulnerability / Software Security The Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific conditions. Tracked as CVE-2024-52046, the vulnerability carries a CVSS score of 10.0. It affects versions 2.0.X, 2.1.X, and … Read more
Security researchers have identified a vulnerability in AMD processors that they have dubbed badRAM and which could allow threat actors with physical access to cloud computing environments to bypass encryption protections, reports The Record, a news site by cybersecurity firm Recorded Future. The flaw circumvents AMD’s Secure Encrypted Virtualization, which encrypts virtual machine memory to … Read more
Nov 27, 2024Ravie LakshmananVulnerability / Software Security A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023 , was not officially made available until … Read more
Nov 26, 2024Ravie LakshmananVulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched critical security flaw impacting Array Networks AG and vxAG secure access gateways to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild. The vulnerability, tracked as CVE-2023-28461 (CVSS score: 9.8), … Read more
Microsoft Threat Intelligence on Oct. 17 warned security teams that Microsoft Defender for Endpoint detected that Adload malware exploited a previously patched macOS vulnerability. Referred to as the HM Surf vulnerability, the flaw — CVE-2024-44133 — lets attackers bypass the transparency, consent, and control (TCC) protections for the Safari browser directory, giving attackers unlimited access … Read more
