Category: Uncategorized
-

QNAP Patches New Flaws in QTS and QuTS hero Impacting NAS Appliances [email protected] (The Hacker News)
Taiwanese company QNAP has rolled out fixes for a set of medium-severity flaws impacting QTS and QuTS hero, some of which could be exploited to achieve code execution on its network-attached storage (NAS) appliances. The issues, which impact QTS 5.1.x and QuTS hero h5.1.x, are listed below – CVE-2024-21902 – An incorrect permission assignment for critical resourceRead More
-

Zoom Adopts NIST-Approved Post-Quantum End-to-End Encryption for Meetings [email protected] (The Hacker News)
Popular enterprise services provider Zoom has announced the rollout of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, with support for Zoom Phone and Zoom Rooms coming in the future. “As adversarial threats become more sophisticated, so does the need to safeguard user data,” the company said in a statement. “With the launch of post-quantum E2EE, we are…
-
NextGen Healthcare Mirth Connect RCE (CVE-2023-43208, CVE-2023-37679)
What is the vulnerability?NextGen Healthcare Mirth Connect is vulnerable to unauthenticated remote code execution (CVE-2023-43208) caused due to an incomplete patch of a Command Injection flaw (CVE-2023-37679). Mirth Connect is an open-source data integration platform widely used by healthcare companies. It enables the management of information using bi-directional sending of many types of messages. Attackers…
-

Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass [email protected] (The Hacker News)
Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections. Tracked as CVE-2024-29849 (CVSS score: 9.8), the vulnerability could allow an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface asRead More
-
AI Companies Make Fresh Safety Promise at Seoul Summit, Nations Agree to Align Work on Risks Associated Press
Leading artificial intelligence companies made pledge to develop AI safely, while world leaders agreed to build a network of publicly backed safety institutes to advance research and testing of the technology. The post AI Companies Make Fresh Safety Promise at Seoul Summit, Nations Agree to Align Work on Risks appeared first on SecurityWeek. Read More
-
5 Mitre ATT&CK framework use cases
Post ContentRead More
-

Critical GitHub Enterprise Server Flaw Allows Authentication Bypass [email protected] (The Hacker News)
GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections. Tracked as CVE-2024-4985 (CVSS score: 10.0), the issue could permit unauthorized access to an instance without requiring prior authentication. “On instances that use SAML single sign-on (SSO) authentication with theRead More
-
QNAP Rushes Patch for Code Execution Flaw in NAS Devices Ionut Arghire
QNAP rolls out patches for multiple vulnerabilities after proof-of-concept exploit published for a remote code execution vulnerability. The post QNAP Rushes Patch for Code Execution Flaw in NAS Devices appeared first on SecurityWeek. Read More
-

Malware Delivery via Cloud Services Exploits Unicode Trick to Deceive Users [email protected] (The Hacker News)
A new attack campaign dubbed CLOUD#REVERSER has been observed leveraging legitimate cloud storage services like Google Drive and Dropbox to stage malicious payloads. “The VBScript and PowerShell scripts in the CLOUD#REVERSER inherently involves command-and-control-like activities by using Google Drive and Dropbox as staging platforms to manage file uploads and downloads,” SecuronixRead More
-
cloud penetration testing
Post ContentRead More
