Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries

Details have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification (MMS) protocol that, if successfully exploited, could have severe impacts in industrial environments. "The vulnerabilities could allow an attacker to crash an industrial device or in some cases, enable remote code execution," Claroty researchers Mashav Sapir and Vera

The Hacker News
Open in Source
#vulnerability#dos#git#intel#rce#buffer_overflow#auth#sap#The Hacker News
GHSA-586p-749j-fhwp: Buildah allows arbitrary directory mount

A vulnerability was found in Buildah. Cache mounts do not properly validate that user-specified paths for the cache are within our cache directory, allowing a `RUN` instruction in a Container file to mount an arbitrary directory from the host (read/write) into the container as long as those files can be accessed by the user running Buildah.

Building Cyber Resilience in SMBs ​With ​Limited Resources

​​​With careful planning, ongoing evaluation, and a commitment to treat cybersecurity as a core business function, SMBs can transform their vulnerabilities into strengths​​.

Red Hat Security Advisory 2024-7599-03

Red Hat Security Advisory 2024-7599-03 - Red Hat OpenShift Container Platform release 4.16.16 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution, denial of service, integer overflow, and out of bounds write vulnerabilities.

Microsoft: Creative Abuse of Cloud Files Bolsters BEC Attacks

Since April, attackers have increased their use of Dropbox, OneDrive, and SharePoint to steal the credentials of business users and conduct further malicious activity.

GHSA-jqfv-jrvq-95jm: Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability

Improper Restriction of XML External Entity Reference ('XXE') vulnerability in Apache XML Graphics FOP. This issue affects Apache XML Graphics FOP: 2.9. Users are recommended to upgrade to version 2.10, which fixes the issue.

Social Media Accounts: The Weak Link in Organizational SaaS Security

Social media accounts help shape a brand’s identity and reputation. These public forums engage directly with customers as they are a hub to connect, share content and answer questions. However, despite the high profile role these accounts have, many organizations overlook social media account security. Many lack the safeguards to prevent unauthorized access — a situation no organization wants as

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn't include the 25 additional flaws that the tech giant addressed in its Chromium-based

Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks

Microsoft is warning of cyber attack campaigns that abuse legitimate file hosting services such as SharePoint, OneDrive, and Dropbox that are widely used in enterprise environments as a defense evasion tactic. The end goal of the campaigns are broad and varied, allowing threat actors to compromise identities and devices and conduct business email compromise (BEC) attacks, which ultimately result

DumpForums Claim 10TB Data Breach at Russian Cybersecurity Firm Dr.Web

Pro-Ukrainian hacktivists from DumpForums claim to have breached Russian cybersecurity giant Dr.Web, stealing over 10 TB of sensitive…