Vulnerabilities

Broadcom has fixed a serious VMware vCenter Server vulnerability that allows attackers to execute remote code on unpatched servers through network packets. vCenter Server is the main management hub for VMware’s vSphere suite, enabling administrators to oversee and monitor virtualized infrastructure. The vulnerability (CVE-2024-38812) identified by TZL security researchers at …

Ransomware groups like BianLian and Rhysida use Microsoft’s Azure Storage Explorer and AzCopy to steal data from hacked networks and store it in Azure Blob storage. Storage Explorer is a GUI tool for managing Microsoft Azure, while AzCopy is a command-line tool for large data transfers to and from Azure …

Apple has released iOS 18, the latest update for iPhones and iPads. Along with new features, it mainly focuses on fixing security vulnerabilities. Apple’s iOS 18 has addressed 33 major security vulnerabilities that could have endangered millions of iPhone users. Without these fixes, hackers could have accessed personal data, controlled …

Tenable Research found and fixed a remote code execution (RCE) vulnerability, called CloudImposer, in Google Cloud Platform (GCP). This flaw could have let attackers hijack a pre-installed software dependency in Google Cloud Composer. Additionally, Tenable identified concerning guidance in GCP documentation that customers should note. The Hacker News reported, quoted …

Ivanti warned that a recently fixed security flaw in its Cloud Service Appliance (CSA) is being actively exploited. CVE-2024-8190 is a high-severity vulnerability (CVSS score: 7.2) that can enable remote code execution in specific situations. “An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and …

Intel announced over 20 vulnerabilities in its processors and products in security advisories released on Tuesday. The chip giant has released four new advisories, including one that addresses 11 vulnerabilities in UEFI firmware for various processors, such as Atom, Xeon, Pentium, Celeron, and Core series. Over half of the security …

GitLab released security updates on Wednesday to fix 17 vulnerabilities, including a critical issue that lets attackers run pipeline jobs as any user. CVE-2024-6678 is a critical vulnerability with a CVSS score of 9.9 out of 10.0 “An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior …

Indian Computer Emergency Response Team (CERT-In) issued a high-severity alert for android devices on September 11, 2024 highlighting the vulnerabilities that affect Android versions 12, 12L, 13, and 14. The advisory said, bad attacker could potentially exploit these vulnerabilities to gain access the sensitive information stored in the devices, even …

Microsoft patched September 2024 Tuesday addressing 79 vulnerabilities, including four actively exploited zero-days which covers critical flaws in Windows Installer, MoTW, Publisher, and Windows Update. Those flaw are mentioned in September 2024 patch Tuesday are rated as critical, most of which were either remote code execution (RCE) or elevation of …

The CTO of Razz Security, Mukesh, recently exploited CI/CD pipelines to gain full server access which has its origins in the presence of an exposed .git directory on a publicly available web server. For this flaw, anyone could read and download the entire version control. It is examined that, this …