Vulnerabilities

Google is focusing on improving web privacy by disabling third-party cookies on the Chrome browser. According to Anthony Chavez, VP for Privacy Sandbox, Google will test Tracking Protection, a new feature that limits cross-site tracking by restricting website access to third-party cookies by default. “We’ll roll this out to 1% …

Security researchers found that Apache RocketMQ services are being targeted by malicious activities. The vulnerabilities, known as CVE-2023-33246 and CVE-2023-37582, remain a serious threat even after the vendor released patches in May 2023. Vulnerability Overview: The CVE-2023-33246 affected different parts of RocketMQ, such as NameServer, Broker, and Controller. Rongtong Jin, …

CISA released three ICS advisories on January 4, 2024. These advisories give important information about security issues, vulnerabilities, and exploits concerning ICS. ICSA-24-004-01 Rockwell Automation FactoryTalk Activation: Vulnarability overview Rockwell Automation FactoryTalk Activation Manager and Studio 5000 Logix Designer uses the affected Wibu-Systems’ products which internally use a version of …

F5 releases security advisory for multiple vulnerabilities including K000132893: GRUB2 vulnerability CVE-2022-28733. This flaw allows an attacker to craft a malicious packet, triggering an integer underflow in grub code. Consequently, the memory allocation for handling the packet data may be smaller than the size needed. This issue causes an out-of-bands …

Google’s cybersecurity firm Mandiant get back its x (twitter) account after being taken over by someone sharing links to a cryptocurrency platform. On Wednesday afternoon around 3:30 pm EST, the scammar took the control over mandiant’s x account, renamed it as phantom and tweeted out links to a company called …

Around 11 million SSH servers are at risk from the Terrapin attack, which can compromise the security of certain SSH connections. This constitutes roughly 52% of all scanned samples in the IPv4 and IPv6 space monitored by Shadoserver. The Terrapin attack, created by researchers from Ruhr University Bochum in Germany, …

CISA added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog for January 2024 due to evidence of ongoing exploitation. They are the Google Chromium WebRTC Heap Buffer Overflow Vulnerability (CVE-2023-7024) and the Spreadsheet::ParseExcel Remote Code Execution Vulnerability (CVE-2023-7101). In December 2023, Google released an update to fix a vulnerability …

The European Central Bank (ECB) will test over 100 European banks on their ability to respond to and recover from cyber-attacks. The European Union’s central bank will perform its first cyber resilience stress test on 109 banks under its supervision in 2024. The test will evaluate the banks’ capacity to …

A PoC code has been released for the a serious vulnerability, CVE-2023-41974, on iOS and macOS. This vulnerability can be used to gain full control of a mobile device by exploiting a critical issue in the kernel, giving an application access to run any code with kernel privileges. This discovery …

A new security flaw was found in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. This flaw could be used to get around authentication protections. The vulnerability, CVE-2023-51467, is found in the login feature and is caused by a partial fix for another serious vulnerability (CVE-2023-49070, CVSS score: 9.8) …