Most serious of the resolved vulnerabilities was the critical OS command injection issue, tracked as CVE-2024-9463, which could be exploited to expose firewalls' usernames, cleartext passwords, API keys, and configurations.
While Microsoft noted Windows systems being targeted with RCE using the flaw, no indicators of compromise or telemetry information regarding the issue have been provided.
Most serious of the newly discovered bugs were a pair of high-severity issues, the first of which, tracked as CVE-2024-9380, is an operating system command injection flaw that could enable remote code execution, while the second, tracked as CVE-2024-9381, is a path traversal vulnerability allowing restriction evasion among threat actors with admin privileges.
Aaron was already a skilled bug hunter and working at HackerOne as a triage analyst at the time. What he discovered can't even be described as a software bug or a vulnerability. This type of finding has probably resulted in more security incidents and breaches than any other category: the unintentional misconfiguration.
There's a lot of conversati...
Security pros say teams should install the macOS 15.0.1 patch and first run it in a production environment with their security tools to ensure compatibility.
Perfctl, Warm Cookie, Pig Butchering, Ivanti, Zimbra, BabyLockerKZ, AI gone Wild, Aaran Leyland, and More, on this edition of the Security Weekly News.