Category: Good news

n/a–n/a  An issue was discovered in the IhisiServiceSmm module in Insyde InsydeH2O with kernel 5.2 before 05.28.42, 5.3 before 05.37.42, 5.4 before 05.45.39, 5.5 before 05.53.39, and 5.6 before 05.60.39 that could allow an attacker to modify UEFI variables. 2024-07-31 not yet calculated CVE-2023-28149cve@mitre.org  Apple–macOS  This issue was addressed with improved checks. This issue is…

Read More

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2018-0824 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant…

Read More

Update 9:00 a.m., EDT, July 31, 2024:  DigiCert has provided updated information and revocation timelines which can be found by visiting: https://status.digicert.com/ CISA encourages customers to contact DigiCert if unable to reissue/rekey certificates by the updated revocation deadline: 3:30 p.m., EDT, July 31, 2024. Initial Alert (7:00 p.m., EDT, July 30, 2024): DigiCert, a certificate…

Read More

CISA released nine Industrial Control Systems (ICS) advisories on August 1, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. Source link lol

Read More

Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Details of the vulnerabilities are as follows: Tactic: Execution (TA0002): Technique: Exploitation for Client Execution (T1203): An app with root privileges may be able to execute arbitrary code with kernel privileges. (CVE-2024-27878) An app may be…

Read More

Apple released security updates to address vulnerabilities in Safari, iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review the following advisories and apply necessary updates:  Source link lol

Read More

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog…

Read More

1Panel-dev–KubePi  KubePi is a K8s panel. Starting in version 1.6.3 and prior to version 1.8.0, there is a defect in the KubePi JWT token verification. The JWT key in the default configuration file is empty. Although a random 32-bit string will be generated to overwrite the key in the configuration file when the key is…

Read More

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-4879 ServiceNow Improper Input Validation Vulnerability CVE-2024-5217 ServiceNow Incomplete List of Disallowed Inputs Vulnerability CVE-2023-4249 Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant…

Read More

njuy67 njuy67 njuy68 njuy68 njuy69 njuy69 njuy70 njuy70 njuy71 njuy71 njuy72 njuy72 njuy73 njuy73 njuy74 njuy74 njuy75 njuy75 njuy76 njuy76 njuy77 njuy77 njuy78 njuy78 njuy79 njuy79 njuy80 njuy80 njuy81 njuy81 njuy82 njuy82 njuy83 njuy83 njuy84 njuy84 njuy85 njuy85 njuy86 njuy86 njuy87 njuy87 njuy88 njuy88 njuy89 njuy89 njuy90 njuy90 njuy91 njuy91 njuy92 njuy92 njuy93 njuy93 njuy94…

Read More