Security
Headlines
HeadlinesLatestCVEs

Latest News

Azure Data Factory Bugs Expose Cloud Infrastructure

Three vulnerabilities in the service's Apache Airflow integration could have allowed attackers to take shadow administrative control over an enterprise cloud infrastructure, gain access to and exfiltrate data, and deploy malware.

DARKReading
#vulnerability#microsoft#cisco#apache#git#kubernetes#auth
Hackers Demand Ransom in Rhode Island Health System Data Breach

In a major cyberattack, the state of Rhode Island has fallen victim to a security breach potentially exposing the personal information of thousands of residents.

GHSA-5j33-cvvr-w245: Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

GHSA-653p-vg55-5652: Apache Tomcat Uncontrolled Resource Consumption vulnerability

Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue.

GHSA-hxr6-2p24-hf98: Traefik affected by CVE-2024-53259

There is a potential vulnerability in Traefik managing HTTP/3 connections. More details in the [CVE-2024-53259](https://nvd.nist.gov/vuln/detail/CVE-2024-53259). ## Patches - https://github.com/traefik/traefik/releases/tag/v2.11.15 - https://github.com/traefik/traefik/releases/tag/v3.2.2 ## Workarounds No workaround ## For more information If you have any questions or comments about this advisory, please [open an issue](https://github.com/traefik/traefik/issues).

GHSA-7gfc-8cq8-jh5f: Next.js authorization bypass vulnerability

### Impact If a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For example: * [Not affected] `https://example.com/` * [Affected] `https://example.com/foo` * [Not affected] `https://example.com/foo/bar` ### Patches This issue was patched in Next.js `14.2.15` and later. If your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version. ### Workarounds There are no official workarounds for this vulnerability. #### Credits We'd like to thank [tyage](http://github.com/tyage) (GMO CyberSecurity by IERAE) for responsible disclosure of this issue.

CompTIA Xpert Series Expands With SecurityX Professional Certification

Program designed to validate and sharpen cybersecurity skills for working professionals.

To Defeat Cybercriminals, Understand How They Think

Getting inside the mind of a threat actor can help security pros understand how they operate and what they're looking for — in essence, what makes a soft target.

RPC Management Has Come A Long Way In Two Short Years.  Here’s Why.

Explore RPC Management: Learn how modern decentralized RPC providers solve scalability & connectivity issues in Web3, ensuring secure,…

Wald.ai Launches Data Loss Protection for AI Platforms

The cybersecurity startup's data loss protection platform uses contextual redaction to help organizations safely use private business information across AI platforms.