Ongoing intrusions exploiting a pair of old remote code execution flaws in the widely used open-source web app framework ThinkPHP, tracked as CVE-2018-20062 and CVE-2019-9082, have been conducted by Chinese hackers since April, following a similar attack campaign launched in October, according to SecurityWeek.
Fixes have been issued by Taiwanese networking device manufacturer Zyxel to address five security vulnerabilities impacting its NAS326 and NAS542 network-attached storage devices that have not been supported since the end of 2023, including three critical flaws that could be exploited to facilitate remote code execution and command injection attacks, according to The Register.
Josh comes on the show to discuss all things related to vulnerability tracking and scoring, including the current issues with various systems and organizations including NIST, CVE, Mitre, CVSS, NVD, and more! Segment Resources: NVD blog post Josh wrote: https://anchore.com/blog/navigating-the-nvd-quagmire/, Josh's Latest post: https://opensourcesec...
Boyce Codd Normal Form, Azure, Roaring Kitty, Hugging Face, Okta, Linux, Oracle, Josh Marpet and more, are on this edition of the Security Weekly News.
BleepingComputer reports that Kaspersky has launched the new free KVRT tool that enables the scanning of malware, adware, malicious programs, and other security threats in Linux systems on 64-bit architecture.
The Cybersecurity and Infrastructure Security Agency has updated its Known Exploited Vulnerabilities catalog to include a use-after-free security issue impacting Linux kernel versions from 5.14 to 6.6, tracked as CVE-2024-1086, which could be leveraged to enable arbitrary code execution and privilege escalation, SecurityWeek reports.
Organizations in the financial industry around the world were warned by cyber threat intelligence expert Anis Haboubi regarding the persistent risk of attacks exploiting the years-old Apache Log4j2 vulnerability, tracked as CVE-2021-44832, as evidenced by the recent breaches at U.S. business intelligence software company Sisense and cloud storage provider Snowflake, which have systems widely used in the sector, reports Security Affairs.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.