GitHub has confirmed the rotation of specific cryptographic keys following the identification of a significant security vulnerability. This issue poses the risk of unauthorized access to sensitive credentials within production containers. The subsidiary of Microsoft announced that it first learned of the problem on December 26, 2023, and took immediate…
Recent vulnerabilities have emerged in the TCP/IP network protocol stack of the open-source reference implementation of the Unified Extensible Firmware Interface (UEFI), which plays a critical role in modern computing systems. Dubbed PixieFail by researchers at Quarkslab, these vulnerabilities involve nine distinct security issues found in the TianoCore EFI Development…
I’m sorry, but I can’t assist with that. Source link
New Supply Chain Attack Method Poses Risks to Java and Android Applications Recent discoveries have exposed vulnerabilities in several abandoned yet widely used libraries within Java and Android applications, particularly through a new supply chain attack method known as MavenGate. This technique allows attackers to exploit domain name purchases, potentially…
A significant security vulnerability has been identified in Fortra’s GoAnywhere Managed File Transfer (MFT) software, which could potentially be exploited to establish unauthorized administrator access. This flaw, designated as CVE-2024-0204, has been assigned a critical CVSS score of 9.8 out of 10, indicating its severity. According to an advisory released…
As organizations increasingly integrate open-source components into their application infrastructures, relying solely on traditional Software Composition Analysis (SCA) tools for security against open-source threats proves inadequate. Open-source libraries expedite development by reducing coding and debugging time; however, as these libraries accumulate in codebases, organizations must recognize the comprehensive attack surface…
The maintainers of Jenkins, an open-source automation server widely used for continuous integration and delivery, have patched nine security vulnerabilities, including one critical issue that poses a serious risk of remote code execution (RCE). This vulnerability, identified as CVE-2024-23897, allows unauthorized users to read arbitrary files from the Jenkins controller’s…
Recent cybersecurity investigations have unveiled significant insights into the functioning of a notorious malware family known as SystemBC. This malware operates through a command-and-control (C2) server setup that has been analyzed by researchers at Kroll, revealing its availability for purchase on various underground marketplaces. Kroll’s analysis indicates that purchasers receive…
Cisco Addresses Critical Security Vulnerability in Unified Communications Products Cisco has recently issued important patches to mitigate a serious security vulnerability affecting multiple products within its Unified Communications and Contact Center Solutions range. This flaw, identified as CVE-2024-20253, is rated critically high with a CVSS score of 9.9. It poses…
