Security
Headlines
HeadlinesLatestCVEs

Tag

#sap

Red Hat Security Advisory 2024-4075-03

Red Hat Security Advisory 2024-4075-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

Packet Storm
Open in Source
#vulnerability#linux#red_hat#js#rpm#sap
Achieve Next-Level Security Awareness by Creating Secure Social Norms

By committing to build secure habits at work and in our personal lives, and to helping others do the same, our personal information will be much better protected.

War Crime Prosecutions Enter a New Digital Age

A custom platform developed by SITU Research aided the International Criminal Court’s prosecution in a war crimes trial for the first time. It could change how justice is enacted on an international scale.

New MOVEit Transfer Vulnerability Under Active Exploitation - Patch ASAP!

A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that impacts the following versions - From 2023.0.0 before 2023.0.11 From 2023.1.0 before 2023.1.6, and&

Federal Reserve “breached” data may actually belong to Evolve Bank

LockBit claimed to have breached Federal Reserve but in fact the data came from Evolve Bank & Trust

Neiman Marcus confirms breach. Is the customer data already for sale?

Almost immediately after Neiman Marcus began informing customers about a data breach, the alleged data was offered for sale.

The Julian Assange Saga Is Finally Over

WikiLeaks founder Julian Assange has agreed to plead guilty to one count of espionage in US court on Wednesday, ending a years-long legal battle between the US government and a controversial publisher.

Change Healthcare confirms the customer data stolen in ransomware attack

Change Healthcare has detailed the types of medical and patient data that was stolen in a recent ransomware attack.

GHSA-h26w-r4m5-8rrf: CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`

## Summary ZIP files uploaded to the server-side endpoint handling a `CodeChecker store` are not properly sanitized. An attacker can exercise a path traversal to make the `CodeChecker server` load and display files from an arbitrary location on the server machine. ## Details ### Target The vulnerable endpoint is `/<PRODUCT_URL>/v6.53/CodeCheckerService@massStoreRun`. ### Exploit overview The attack is made possible by improper sanitization at one point in the process. 1. When the ZIP file is uploaded by `CodeChecker store`, it is first unzipped to a temporary directory (safely). 2. When deciding which files to insert into CodeChecker's internal database, the decision is made based on the `content_hashes.json` in the ZIP. An attacker has control over the contents of this file. 3. After reading that file, the paths specified in the JSON are normalized by this code: https://github.com/Ericsson/codechecker/blob/fa41e4e5d9566b5a4f5a80a27bddec73a5146f5a/web/server/codechecker_server/a...

Multiple Threat Actors Deploying Open-Source Rafel RAT to Target Android Devices

Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called Rafel RAT to meet their operational objectives by masquerading it as Instagram, WhatsApp, and various e-commerce and antivirus apps. "It provides malicious actors with a powerful toolkit for remote administration and control, enabling a range of malicious activities