Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk

A critical security flaw has been disclosed in the Kubernetes Image Builder that, if successfully exploited, could be abused to gain root access under certain circumstances. The vulnerability, tracked as CVE-2024-9486 (CVSS score: 9.8), has been addressed in version 0.1.38. The project maintainers acknowledged Nicolai Rybnikar for discovering and reporting the vulnerability. "A security issue

The Hacker News
Open in Source
#vulnerability#mac#microsoft#red_hat#apache#git#kubernetes#auth#The Hacker News
Hacker Charged With Seeking to Kill Using Cyberattacks on Hospitals

The US has accused two brothers of being part of the hacker group Anonymous Sudan, which allegedly went on a wild cyberattack spree that hit hundreds of targets—and, for one of the two men, even put lives at risk.

New Tool DVa Detects and Removes Android Malware

Discover DVa, a new tool that detects and removes malware exploiting accessibility features on Android devices. Learn how…

BYOB Unauthenticated Remote Code Execution

This Metasploit module exploits two vulnerabilities in the BYOB (Build Your Own Botnet) web GUI. It leverages an unauthenticated arbitrary file write that allows modification of the SQLite database, adding a new admin user. It also uses an authenticated command injection in the payload generation page. These vulnerabilities remain unpatched.

Red Hat Security Advisory 2024-8161-03

Red Hat Security Advisory 2024-8161-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

What Cybersecurity Leaders Can Learn From the Game of Golf

As in golf, security requires collaboration across the entire organization, from individual contributors in each department to the executive level and the board.

Sidewinder Casts Wide Geographic Net in Latest Attack Spree

The long-active, India-sponsored cyber-threat group targeted multiple entities across Asia, Africa, the Middle East, and even Europe in a recent attack wave that demonstrated the use of a previously unknown post-exploit tool called StealerBot.

GHSA-9224-ggvw-wh7v: VM images built with Image Builder and Proxmox provider use default credentials in github.com/kubernetes-sigs/image-builder

A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default credentials are enabled during the image build process. Virtual machine images built using the Proxmox provider do not disable these default credentials, and nodes using the resulting images may be accessible via these default credentials. The credentials can be used to gain root access. Kubernetes clusters are only affected if their nodes use VM images created via the Image Builder project with its Proxmox provider.

FHE Consortium Pushes for Quantum-Resilient Cryptography Standards

The FHE Technical Consortium for Hardware (FHETCH) brings together developers, hardware manufacturers and cloud providers to collaborate on technical standards necessary to develop commercial fully homomorphic encryption solutions and lower adoption barriers.

Cyberattackers Unleash Flood of Potentially Disruptive Election-Related Activity

Organizations should be on high alert until next month's US presidential election to ensure the integrity of the voting process, researchers warn.