Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws

Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity. This is aside from 26 flaws that the tech

The Hacker News
Open in Source
#vulnerability#web#android#mac#windows#google#microsoft#amazon#ubuntu#linux#debian#cisco#red_hat#git#oracle#intel#rce#vmware#lenovo#samsung#auth#ibm#dell#mongo#chrome#firefox#sap#The Hacker News
GHSA-f6v4-cf5j-vf3w: dset Prototype Pollution vulnerability

Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property __proto__, which is recursively assigned to all the objects in the program.

Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities

Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 critical vulnerabilities that could result in remote code execution. A brief description of the issues is as follows - CVE-2024-29847 (CVSS score: 10.0) - A deserialization of untrusted data vulnerability that allows a remote unauthenticated attacker to achieve code execution.

India Needs Better Cybersecurity for Space, Critical Infrastructure

As attacks on satellites rise with nation-state conflicts, the South Asian nation joins other space-capable countries in doubling down on cybersecurity.

Bug Left Some Windows PCs Dangerously Unpatched

Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks. Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year.

Microsoft Discloses 4 Zero-Days in September Update

This month's Patch Tuesday contains a total of 79 vulnerabilities — the fourth largest of the year.

How a Centuries-Old Company Reached Security Maturity

In this case study, a 180-year-old life and pension insurer brought its security infrastructure into the modern age.

GHSA-pw44-4h99-wqff: D-Tale vulnerable to Remote Code Execution through the Query input on Chart Builder

### Impact Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. ### Patches Users should upgrade to version 3.14.1 where the "Custom Filter" input is turned off by default. You can find out more information on how to turn it back on [here](https://github.com/man-group/dtale#custom-filter) ### Workarounds The only workaround for versions earlier than 3.14.1 is to only host D-Tale to trusted users. ### References See "Custom Filter" [documentation](https://github.com/man-group/dtale#custom-filter)