A newly disclosed vulnerability in Apache Solr, identified as CVE-2024-52012, has raised concerns among users of the search platform, particularly those running instances on Windows systems. The flaw, categorized as a Relative Path Traversal vulnerability, allows attackers to gain arbitrary…
Tag: Cyber Security News
Critical Intel Trust Domain Extensions Isolation Vulnerability Exposes Sensitive Data
A team of researchers from the Indian Institute of Technology Kharagpur and Intel Corporation has uncovered a significant vulnerability in Intel’s Trust Domain Extensions (TDX) technology, potentially compromising the security of sensitive data in cloud computing environments. Intel TDX, introduced…
Windows Charset Conversion Feature Exploited to Execute Remote Code
Security researchers have uncovered a critical vulnerability in Windows stemming from its “Best-Fit” character conversion feature, which has been exploited to execute remote code. This newly identified attack surface, dubbed “WorstFit,” leverages certain features of Windows’ internal character encoding system…
Critical Fleet Server Vulnerability Exposes Sensitive Information
A critical vulnerability (CVE-2024-52975) has been identified in Elastic’s Fleet Server, posing a severe risk of sensitive information exposure. The flaw, affecting Fleet Server versions 8.13.0 through 8.15.0, allows sensitive data to be logged at the INFO and ERROR log…
Hackers Using RID Hijacking Technique To Create Secret Windows Admin Account
The North Korean-linked Andariel hacking group has been identified using a sophisticated attack campaign that employs the Relative Identifier (RID) technique to covertly create hidden administrator accounts on Windows systems. This deceptive technique enables attackers to avoid traditional detection measures…
Hackers Tool 11 Days To Deploy LockBit Ransomware From Initial Compromise
Threat actors demonstrated a methodical approach in a recent cyberattack, taking 11 days from initial compromise to fully deploy LockBit ransomware across a victim’s network. The incident, detailed in a report by The DFIR Report, showcases the evolving tactics of…
GitLab Security Update – Patch for XSS Vulnerability in File Rendering
GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE), addressing several vulnerabilities, including a high-severity cross-site scripting (XSS) flaw. The patched versions, 17.8.1, 17.7.3, and 17.6.4, are now available, and GitLab strongly recommends all…
GitHub Vulnerability Let Malicious Repos To Leaks Users Credentials
Critical security vulnerabilities in Git-related projects, including GitHub Desktop, Git Credential Manager, Git LFS, and GitHub Codespaces, were recently uncovered and involved improper handling of text-based protocols, allowing attackers to potentially leak user credentials. This discovery highlights significant risks in…
Critical Vulnerability in Meta’s Llama Framework Exposes AI Systems to Remote Attacks
A critical security flaw, CVE-2024-50050, has been discovered in Meta’s Llama Stack framework, a widely used open-source tool for building and deploying generative AI (GenAI) applications. The vulnerability, caused by unsafe deserialization of Python objects via the pickle module, allows…
UnitedHealth Ransomware Attack Exposes 190 Million Users’ Personal & Healthcare Data
The U.S. healthcare system, UnitedHealth Group, has confirmed that a February 2024 ransomware attack on its subsidiary, Change Healthcare, compromised the personal and healthcare data of approximately 190 million individuals. This figure, nearly double the initial estimate of 100 million,…