Users of the Argo continuous deployment (CD) tool for Kubernetes are being urged to push through updates after a zero-day vulnerability was found that could allow an attacker to extract sensitive information such as passwords and API keys. The flaw, tagged as CVE-2022-24348 (CVSS score: 7.7), affects all versions and has been addressed in versions 2.3.0, 2.2.4, and 2.1.9. Cloud … [Read more...] about New Argo CD Bug Could Let Hackers Steal Secret Info from Kubernetes Apps
bug
Patching the CentOS 8 Encryption Bug is Urgent – What Are Your Plans?
There are three things you can be sure of in life: death, taxes – and new CVEs. For organizations that rely on CentOS 8, the inevitable has now happened, and it didn't take long. Just two weeks after reaching the official end of life, something broke spectacularly, leaving CentOS 8 users at major risk of a severe attack – and with no support from CentOS. You'd think that this … [Read more...] about Patching the CentOS 8 Encryption Bug is Urgent – What Are Your Plans?
Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks
Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 (CVSS score: 5.3), the issue is an "input validation vulnerability that could allow attackers to build a query given some input … [Read more...] about Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks
New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking
A software bug introduced in Apple Safari 15's implementation of the IndexedDB API could be abused by a malicious website to track users' online activity in the web browser and worse, even reveal their identity. The vulnerability, dubbed IndexedDB Leaks, was disclosed by fraud protection software company FingerprintJS, which reported the issue to the iPhone maker on November … [Read more...] about New Unpatched Apple Safari Browser Bug Allows Cross-Site User Tracking
New KCodes NetUSB Bug Affect Millions of Routers from Different Vendors
Cybersecurity researchers have detailed a high severity flaw in KCodes NetUSB component that's integrated into millions of end-user router devices from Netgear, TP-Link, Tenda, EDiMAX, D-Link, and Western Digital, among others. KCodes NetUSB is a Linux kernel module that enables devices on a local network to provide USB-based services over IP. Printers, external hard drives, … [Read more...] about New KCodes NetUSB Bug Affect Millions of Routers from Different Vendors
Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security
Apple recently fixed a security vulnerability in the macOS operating system that could be potentially exploited by a threat actor to "trivially and reliably" bypass a "myriad of foundational macOS security mechanisms" and run arbitrary code. Security researcher Patrick Wardle detailed the discovery in a series of tweets on Thursday. Tracked as CVE-2021-30853 (CVSS score: 5.5), … [Read more...] about Expert Details macOS Bug That Could Let Malware Bypass Gatekeeper Security
Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models
Networking equipment company Netgear has released yet another round of patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. Tracked as CVE-2021-34991 (CVSS score: 8.8), the pre-authentication buffer overflow flaw in small office and home office … [Read more...] about Critical Root RCE Bug Affects Multiple Netgear SOHO Router Models
Squirrel Engine Bug Could Let Attackers Hack Games and Cloud Services
Researchers have disclosed an out-of-bounds read vulnerability in the Squirrel programming language that can be abused by attackers to break out of the sandbox restrictions and execute arbitrary code within a SquirrelVM, thus giving a malicious actor complete access to the underlying machine. Tracked as CVE-2021-41556, the issue occurs when a game library referred to as … [Read more...] about Squirrel Engine Bug Could Let Attackers Hack Games and Cloud Services
New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught
Cybersecurity researchers have disclosed an unpatched security vulnerability in the protocol used by Microsoft Azure Active Directory that potential adversaries could abuse to stage undetected brute-force attacks. "This flaw allows threat actors to perform single-factor brute-force attacks against Azure Active Directory (Azure AD) without generating sign-in events in the … [Read more...] about New Azure AD Bug Lets Hackers Brute-Force Passwords Without Getting Caught
Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials
An unpatched design flaw in the implementation of Microsoft Exchange's Autodiscover protocol has resulted in the leak of approximately 100,000 login names and passwords for Windows domains worldwide. "This is a severe security issue, since if an attacker can control such domains or has the ability to 'sniff' traffic in the same network, they can capture domain credentials in … [Read more...] about Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials