#redis

Authorities across 19 African countries also dismantled their infrastructure and networks, thanks to cooperation between global law enforcement and private firms.

The evolving regulatory environment presents both challenges and opportunities for businesses.

An implementation bug in the Kolide Agent (known as `launcher`) allows for local privilege escalation to the SYSTEM user on Windows 10 and 11. Impacted versions include versions >= 1.5.3 and the fix has been released in 1.12.3. The bug was introduced in version 1.5.3 when launcher started storing upgraded binaries in the ProgramData directory (#1510). This move to the new directory meant the launcher root directory inherited default permissions that are not as strict as the previous location. These incorrect default permissions in conjunction with an omitted SystemDrive environmental variable (when launcher starts osqueryd), allows a malicious actor with access to the local Windows device to successfully place an arbitrary DLL into the osqueryd process's search path. Under some circumstances, this DLL will be executed when osqueryd performs a WMI query. This combination of events could then allow the attacker to escalate their privileges to SYSTEM. This issue was found by Bryan Alex...

### Summary Note: i'm reporting this in this way purely because it's private and i don't want to broadcast vulnerabilities. > An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115. ### Details https://github.com/redis/lettuce/blob/main/pom.xml#L67C9-L67C53 The netty version pinned here is currently ``` <netty.version>4.1.113.Final</netty.version> ``` This version is vulnerable according to Snyk and is affecting one of our products:  Here is a [link](https://www.cve.org/CVERecord?id=CVE-2024-47535) to the CVE ### PoC _Complete instructions, including specific configuration details, to reproduce the vulnerability._ Not applicable ### Impact _What kind of vuln...

Red Hat Security Advisory 2024-9472-03 - An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.

Red Hat Security Advisory 2024-8847-03 - An update for grafana-pcp is now available for Red Hat Enterprise Linux 8.

IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities.

Red Hat Security Advisory 2024-8534-03 - An update is now available for Red Hat Ansible Automation Platform 2.5. Issues addressed include cross site scripting and memory exhaustion vulnerabilities.

IBM Security Verify Access versions 10.0.0 through 10.0.8 suffer from an OAUTH related open redirection vulnerability.

Discover DVa, a new tool that detects and removes malware exploiting accessibility features on Android devices. Learn how…