Advisories
-
Metabase Information Disclosure Vulnerability (CVE-2021-41277)
What is the attack?FortiGuard Labs observes widespread attack attempts targeting a three-year-old Metabase vulnerability (CVE-2021-41277) detected by more than 30,000 sensors. Successful exploitation could lead to information disclosure including expose server files and environment variables to unauthorized users. The vulnerability occurs due to the use of user-supplied input without proper validation.Metabase is an open-source data…
-
USN-7072-2: Linux kernel (GKE) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: – Watchdog drivers; – Netfilter; – Network traffic control; (CVE-2024-38630, CVE-2024-27397, CVE-2024-45016) Read More
-
Severe Flaws Discovered in Major E2EE Cloud Storage Services
The cryptographic vulnerabilities were found in Sync, pCloud, Icedrive and Seafile by ETH Zurich Read More
-
Stolen Access Tokens Lead to New Internet Archive Breach
A threat actor claimed to get hold of an exposed GitLab configuration file containing Zendesk API access tokens Read More
-
50,000 Files Exposed in Nidec Ransomware Attack
The August ransomware attack stole 50,000+ documents from Nidec, leaked after ransom refusal Read More
-
Netskope Reports Possible Bumblebee Loader Resurgence
The malware loader taken down by Europol in May 2024 could be back with a vengeance Read More
-
USN-7062-2: libgsf vulnerabilities
USN-7062-1 fixed vulnerabilities in libgsf. This update provides the corresponding updates for Ubuntu 24.10. Original advisory details: It was discovered that libgsf incorrectly handled certain Compound Document Binary files. If a user or automated system were tricked into opening a specially crafted file, a remote attacker could possibly use this issue to execute arbitrary code.…
-
USN-7042-3: cups-browsed vulnerability
USN-7042-2 released an improved fix for cups-browsed. This update provides the corresponding update for Ubuntu 24.10. Original advisory details: Simone Margaritelli discovered that cups-browsed could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to…
-
Australia’s Privacy Watchdog Publishes Guidance on Commercial AI Products
Businesses in Australia must update their privacy policies with clear and transparent information about their use of AI, said the regulator Read More
-
AI and the SEC Whistleblower Program
Tax farming is the practice of licensing tax collection to private contractors. Used heavily in ancient Rome, it’s largely fallen out of practice because of the obvious conflict of interest between the state and the contractor. Because tax farmers are primarily interested in short-term revenue, they have no problem abusing taxpayers and making things worse…