ZDI-24-1149: Ivanti Avalanche deleteSkin Directory Traversal Arbitrary File Deletion Vulnerability
This vulnerability allows remote attackers to delete arbitrary files on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The ZDI...
ZDI-24-1150: Ivanti Avalanche decodeToMap XML External Entity Processing Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The ZDI...
ZDI-24-1151: Ivanti Avalanche WLAvalancheService Null Pointer Dereference Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The...
USN-6961-1: BusyBox vulnerabilities
It was discovered that BusyBox did not properly validate user input when performing certain arithmetic operations. If a user or automated system were tricked into...
USN-6951-2: Linux kernel (Azure) vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the...
Texas Sues GM for Collecting Driving Data without Consent
Texas is suing General Motors for collecting driver data without consent and then selling it to insurance companies: From CNN: In car models from 2015...
USN-6960-1: RMagick vulnerability
Nick Browning discovered that RMagick incorrectly handled memory under certain operations. An attacker could possibly use this issue to cause a denial of service through...
Upcoming Speaking Engagements
This is a current list of where and when I am scheduled to speak: I’m speaking at eCrime 2024 in Boston, Massachusetts, USA. The event...
Ransomware kingpin who called himself “J P Morgan” extradited to United States
An investigation dating back almost ten years has seen the extradition this week to the United States of a man suspected to be the head...
New Phishing Attack Uses Sophisticated Infostealer Malware
The phishing attack uses infostealer malware to target saved passwords, credit cards & Bitcoin info Read More