A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution

Read Time:26 Second

A vulnerability has been discovered in Google Chrome, which could allow for arbitrary code execution. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the logged on user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

USN-6770-1: Fossil regression

Read Time:14 Second

USN-6729-1 fixed vulnerabilities in Apache HTTP Server. The
update lead to the discovery of a regression in Fossil with
regards to the handling of POST requests that do not have a
Content-Length field set. This update fixes the problem.

We apologize for the inconvenience.

Read More

A Vulnerability in Apache OFBiz Could Allow for Remote Code Execution

Read Time:36 Second

A vulnerability has been discovered in the Apache OFBiz, which could allow for remote code execution. Apache OFBiz is an open-source product for the automation of enterprise processes. It includes framework components and business applications for ERP, CRM, E-Business/E-Commerce, Supply Chain Management and Manufacturing Resource Planning. Successful exploitation of this vulnerability could allow for remote code execution in the context of the affected service account. Depending on the privileges associated with the service account, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Services whose accounts are configured to have less rights on the system could be less impacted than those who operate with administrative user rights.

Read More

A Vulnerability in F5 BIG-IP Next Central Manager Could Allow for Remote Code Execution

Read Time:36 Second

A vulnerability has been discovered in F5 BIG-IP Next Central Manager that could allow for remote code execution. BIG-IP Next Central Manager is the management and application orchestration platform used to control BIG-IP Next instances. It can be installed on dedicated hardware or virtualized through VMware ESXi. Successful exploitation of this vulnerability could allow for Remote Code Execution in the context of the affected service account. Depending on the privileges associated with the service account, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Services accounts that are configured to have less rights on the system could be less impacted than those who operate with administrative user rights.

Read More

How Criminals Are Using Generative AI

Read Time:25 Second

There’s a new report on how criminals are using generative AI tools:

Key Takeaways:

Adoption rates of AI technologies among criminals lag behind the rates of their industry counterparts because of the evolving nature of cybercrime.
Compared to last year, criminals seem to have abandoned any attempt at training real criminal large language models (LLMs). Instead, they are jailbreaking existing ones.
We are finally seeing the emergence of actual criminal deepfake services, with some bypassing user verification used in financial services.

Read More

USN-6769-1: Spreadsheet::ParseXLSX vulnerabilities

Read Time:22 Second

Le Dinh Hai discovered that Spreadsheet::ParseXLSX did not properly manage
memory during cell merge operations. An attacker could possibly use this
issue to consume large amounts of memory, resulting in a denial of service
condition. (CVE-2024-22368)

An Pham discovered that Spreadsheet::ParseXLSX allowed the processing of
external entities in a default configuration. An attacker could possibly
use this vulnerability to execute an XML External Entity (XXE) injection
attack. (CVE-2024-23525)

Read More