A Veeam report found that businesses are prioritizing NIS2 compliance, with 95% of applicable firms diverting funds from other areas of the business
Daily Archives: October 29, 2024
Suspicious Social Media Accounts Deployed Ahead of COP29
Global Witness uncovered a network of 71 suspicious accounts on X supporting the Azeri government
USN-7064-2: nano vulnerability
USN-7064-1 fixed a vulnerability in nano. This update provides the
corresponding update for Ubuntu 14.04 LTS.
Original advisory details:
It was discovered that nano allowed a possible privilege escalation
through an insecure temporary file. If nano was killed while editing, the
permissions granted to the emergency save file could be used by an
attacker to escalate privileges using a malicious symlink.
Law Enforcement Deanonymizes Tor Users
The German police have successfully deanonymized at least four Tor users. It appears they watch known Tor relays and known suspects, and use timing analysis to figure out who is using what relay.
Hacker News thread.
Five Eyes Agencies Launch Startup Security Initiative
The UK has joined forces with its Five Eyes peers to offer cybersecurity guidance to startups
ICO: 55% of UK Adults Have Had Data Lost or Stolen
The UK’s information commissioner claims most adults in the country have had their personal data exposed or compromised
SEC Consult SA-20241023-0 :: Authenticated Remote Code Execution in Multiple Xerox printers (CVE-2024-6333)
Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Oct 28
SEC Consult Vulnerability Lab Security Advisory < 20241023-0 >
=======================================================================
title: Authenticated Remote Code Execution
product: Multiple Xerox printers
(EC80xx, AltaLink, VersaLink, WorkCentre)
vulnerable version: see vulnerable versions below
fixed version: see solution section below
CVE number: CVE-2024-6333…
APPLE-SA-10-28-2024-8 visionOS 2.1
Posted by Apple Product Security via Fulldisclosure on Oct 28
APPLE-SA-10-28-2024-8 visionOS 2.1
visionOS 2.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121566.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
App Support
Available for: Apple Vision Pro
Impact: A malicious app may be able to run arbitrary shortcuts without
user consent…
APPLE-SA-10-28-2024-7 tvOS 18.1
Posted by Apple Product Security via Fulldisclosure on Oct 28
APPLE-SA-10-28-2024-7 tvOS 18.1
tvOS 18.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121569.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
App Support
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: A malicious app may be able to run arbitrary shortcuts without…
APPLE-SA-10-28-2024-6 watchOS 11.1
Posted by Apple Product Security via Fulldisclosure on Oct 28
APPLE-SA-10-28-2024-6 watchOS 11.1
watchOS 11.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/121565.
Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.
Accessibility
Available for: Apple Watch Series 6 and later
Impact: An attacker with physical access to a locked device may be able
to…