Aug 24, 2024Ravie LakshmananVulnerability / Government Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation. The medium-severity vulnerability, tracked as CVE-2024-39717 (CVSS score: 6.6), is case of file upload bug impacting the “Change Favicon”…
Read MoreApply appropriate updates provided by SolarWinds to vulnerable systems immediately after appropriate testing. (M1051: Update Software) Safeguard 7.1 : Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard. Safeguard 7.2:…
Read MoreCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-39717 Versa Director Dangerous File Type Upload Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of…
Read MoreFriday Squid Blogging: Self-Healing Materials from Squid Teeth Making self-healing materials based on the teeth in squid suckers. Blog moderation policy. Tags: squid Posted on August 23, 2024 at 5:03 PM • Sidebar photo of Bruce Schneier by Joe MacInnis. Source link lol
Read MoreAlthough this attack requires that the crawler has been enabled (it is disabled by default) and used at least once to generate a hash, the researchers further discovered than an unprotected Ajax handler could be called to trigger hash generation. “This means all sites using LiteSpeed Cache — not just those with its crawler feature…
Read MoreThe attack demonstrates the sophistication of Velvet Ant’s tactics Based on evidence found by Sygnia on a Cisco Nexus switch compromised by Velvet Ant, the attackers first exploited the command injection flaw in order to create a file with base64-encoded content. They then issued commands to decode the contents and save it to a file…
Read MoreImage: Midjourney The American Radio Relay League (ARRL) confirmed it paid a $1 million ransom to obtain a decryptor to restore systems encrypted in a May ransomware attack. After discovering the incident, the National Association for Amateur Radio took impacted systems offline to contain the breach. One month later, it said its network was hacked…
Read MoreGoogle recruited Noam Shazeer in a funding and licensing deal. Google has named Noam Shazeer, the Character.AI CEO and co-founder recruited in a funding deal with the startup, as a technical lead on its Gemini artificial intelligence project, according to multiple media reports. The Mountain View, Calif.-based cloud and AI vendor will have Shazeer work…
Read MoreMicrosoft has provided a workaround to temporarily fix a known issue that is blocking Linux from booting on dual-boot systems with Secure Boot enabled. The company says this temporary fix can help Linux users revive unbootable systems displaying “Something has gone seriously wrong: SBAT self-check failed: Security Policy Violation” errors after installing the August 2024…
Read MoreMicrosoft has released a new Windows 10 22H2 beta (KB5041582) with memory leak and crash fixes for Insiders in the Beta and Release Preview channels. The company says the KB5041582 update fixes an issue causing some apps to stop because of a memory leak in a Bluetooth device and an Input Method Editor (IME) memory…
Read More