A new report by the Office of the National Cyber Director (ONCD) highlighted that up to 70% of security vulnerabilities are due to memory safety issues in certain programming languages.
The vulnerabilities, CVE-2023-50358 and CVE-2023-47218, are command injection flaws in the QTS firmware, with potential for remote code execution, impacting a large number of devices globally.
A new version of the Raspberry Robin worm has been found exploiting two new one-day vulnerabilities to launch stealthy attacks. According to a report from Check Point, the attacks have been since October 2023, and have targeted organizations worldwide. Recently, Raspberry Robin made headlines for expanding its attacks to the financial and insurance sectors in […]
The group’s access to exploits for vulnerabilities, such as CVE-2023-36802 and CVE-2023-29360, suggests ties to sophisticated developers and the purchase of external 64-bit executables rather than in-house development.
CISA adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog Pierluigi Paganini February 07, 2024 U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium V8 Type Confusion bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Google Chromium V8 Type Confusion bug, tracked as […]
The vulnerabilities impact devices with default configurations and can lead to system configuration modifications, creation of privileged accounts, and denial of service conditions.
Orca has discovered three new vulnerabilities within various Azure HDInsight third-party services, including Apache Hadoop, Spark, and Kafka. These services are integral components of Azure HDInsight, a widely used managed service offered within the Azure ecosystem. Two of the vulnerabilities could have led to Privilege Escalation (PE) and one could have been used to cause […]
The FortiSIEM product from Fortinet has been found to have two new critical vulnerabilities, CVE-2024-23108 and CVE-2024-23109, which allow for remote code execution by unauthenticated attackers.
Feb 06, 2024NewsroomVulnerability / Cloud Security Three new security vulnerabilities have been discovered in Azure HDInsight’s Apache Hadoop, Kafka, and Spark services that could be exploited to achieve privilege escalation and a regular expression denial-of-service (ReDoS) condition. “The new vulnerabilities affect any authenticated user of Azure HDInsight services such as Apache Ambari and Apache Oozie,” […]