Information Security newsfeeds from around the world in English and French. Find it all in one place since 2004. You'll find online the last 5 years.
By Waqas Dubbed Looney Tunables; the vulnerability has existed since its introduction in April 2021, putting a significant number of systems at risk. This is a post from HackRead.com Read the original post: Linux Vulnerability Exposes Millions of Systems to Attack
Continue ReadingBy Waqas Dubbed ShellTorch by researchers; these PyTorch vulnerabilities are troubling for the artificial intelligence (AI) and machine learning (ML) community. This is a post from HackRead.com Read the original post: ShellTorch Attack Exposes Millions of PyTorch Systems to RCE Vulnerabilities
Continue ReadingA critical Zip Slip vulnerability was discovered in the open-source data cleaning and transformation tool ‘OpenRefine’, which allowed attackers to import malicious code and execute arbitrary code. OpenRefine is a strong Java-based, free, open-source tool for handling messy data. This includes cleaning it, converting it into a different format, and expanding it with web services and external data. According to SonarCloud, […]
Continue ReadingIn this Help Net Security video, Ilkka Turunen, Field CTO at Sonatype, discusses how generative AI influences and impacts software engineers’ work and the software development lifecycle. According to a recent Sonatype survey of 800 developers (DevOps) and application security (SecOps) leaders, 97% are using the technology today, with 74% reporting pressure to use it […]
Continue ReadingProgress Software, the company behind the recently hacked MOVEit file-sharing tool, has recently fixed two critical vulnerabilities (CVE-2023-40044, CVE-2023-42657) in WS_FTP Server, another popular secure file transfer solution. Proof-of-concept code for CVE-2023-40044 has been available since Friday, and Rapid7 researchers have observed multiple instances of WS_FTP exploitation in the wild, with two different attack chains. […]
Continue ReadingMultiple vulnerabilities have been discovered in Progress’s WS_FTP, which include .NET deserialization, directory traversal, reflected cross-site scripting (XSS), SQL injection, stored cross-site scripting, cross-site request forgery, and unauthenticated user enumeration vulnerability. These vulnerabilities’ severities range from 5.3 (Medium) to 10.0 (Critical). However, Progress has released patches for fixing these vulnerabilities in the WS_FTP server. Moreover, […]
Continue ReadingZYXEL has been discovered with a Buffer Overflow vulnerability on their ZYXEL-PMG2005-T20B device, which can result in a denial-of-service condition. This condition exists due to improper sanitization of user-supplied input on their HTTP request. Zyxel is a Taiwanese multinational company that manufactures several networking products like Routers, DSL CPE, WiFi Systems, 5G NR/4G LTE CPE, […]
Continue ReadingCisco, a prominent player in the world of networking and cybersecurity, has issued a critical security advisory concerning multiple vulnerabilities in their Catalyst SD-WAN Manager, formerly known as Cisco SD-WAN vManage. These vulnerabilities could potentially open doors for cyber attackers to access affected systems or cause a significant denial of service (DoS) situation. First and […]
Continue ReadingGoogle has recently deployed updates to mitigate a newly discovered zero-day vulnerability in their Chrome browser, which is currently being actively exploited. Google has acknowledged its awareness of an exploit currently available for CVE-2023-5217, which has been observed to be actively exploited in real-world scenarios. The latest version of Google Chrome, namely 117.0.5938.132, has been […]
Continue ReadingApple previously reported three zero-day vulnerabilities exploited in the wild by threat actors, which Apple fixed as part of an Emergency patch update. However, a new security advisory has been released by Apple, which mentions all the security patches and vulnerabilities that Apple has fixed. In the advisory, a list of Apple products was provided […]
Continue Reading