Flaws

New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration – Go Health Pro

by
New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration – Go Health Pro

Nov 12, 2024Ravie LakshmananVirtualization / Vulnerability Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and … Read more

Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning – Go Health Pro

by
Critical Flaws in Ollama AI Framework Could Enable DoS, Model Theft, and Poisoning – Go Health Pro

Nov 04, 2024Ravie LakshmananVulnerability / Cyber Threat Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft. “Collectively, the vulnerabilities could allow an attacker to carry out a wide-range of malicious actions … Read more

AI bug bounty program yields 34 flaws in open-source tools – Go Health Pro

by
AI bug bounty program yields 34 flaws in open-source tools – Go Health Pro

Nearly three dozen flaws in open-source AI and machine learning (ML) tools were disclosed Tuesday as part of Protect AI’s huntr bug bounty program. The discoveries include three critical vulnerabilities: two in the Lunary AI developer toolkit and one in a graphical user interface (GUI) for ChatGPT called Chuanhu Chat. The October vulnerability report also … Read more

Socket lands a fresh $40M to scan software for security flaws – Go Health Pro

by
Socket lands a fresh M to scan software for security flaws – Go Health Pro

The software supply chain, which comprises the components and processes used to develop software, has become precarious. According to one recent survey, 88% of companies believe poor software supply chain security presents an “enterprise-wide risk” to their organizations. Open source supply chain components are especially fraught, thanks to the logistical hurdles in keeping each component well-maintained. … Read more

Researchers discover flaws in 5 end-to-end encrypted cloud services – Go Health Pro

by
Researchers discover flaws in 5 end-to-end encrypted cloud services – Go Health Pro

Several major end-to-end encrypted cloud storage services contain cryptographic flaws that could lead to loss of confidentiality, file tampering, file injection and more, researchers from ETH Zurich said in a paper published this month. The five cloud services studied offer end-to-end encryption (E2EE), intended to ensure files can not be read or edited by anyone … Read more

x