News

GenAI: Security Teams Demand Expertise-Driven Solutions

December 17, 2024

Read Time:4 Second

76% of security leaders favor cybersecurity-focused GenAI tools over domain-agnostic tools

News

EU Sanctions Russian Cyber Actors for “Destabilizing Actions”

December 17, 2024

Read Time:6 Second

The EU announced sanctions against individuals and entities involved in cyber-attacks and disinformation campaigns on behalf of the Russian state

Advisories

USN-7164-1: ImageMagick vulnerability

December 17, 2024

Read Time:11 Second

It was discovered that ImageMagick incorrectly handled certain malformed
files. If a user or automated system were tricked into opening a specially
crafted file, an attacker could possibly exploit this to cause a denial of
service.

News

New APIs Discovered by Attackers in Just 29 Seconds

December 17, 2024

Read Time:4 Second

Wallarm honeypot research finds potentially exposed APIs are being discovered within half a minute

News

US Unveils New National Cyber Incident Response Plan

December 17, 2024

Read Time:6 Second

The draft plan is designed to help businesses understand how the government will support them during a cyber incident

News

All Major European Financial Firms Suffer Supplier Breaches

December 17, 2024

Read Time:6 Second

SecurityScorecard claims 100% of Europe’s top financial services companies have suffered a supply chain breach in the past year

Advisories

python-sql-1.5.2-3.fc41

December 17, 2024

Read Time:6 Second

FEDORA-2024-1a2f1733ad

Packages in this update:

python-sql-1.5.2-3.fc41

Update description:

update to 1.5.2

Advisories

ZDI-24-1694: Microsoft PC Manager MSPCManagerService Link Following Local Privilege Escalation Vulnerability

December 17, 2024

Read Time:14 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft PC Manager. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.8.

Advisories

ZDI-24-1695: Ivanti Avalanche FileStoreConfig Unrestricted File Upload Remote Code Execution Vulnerability

December 17, 2024

Read Time:12 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Avalanche. Authentication is required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.2. The following CVEs are assigned: CVE-2024-37373.

Advisories

[KIS-2024-07] GFI Kerio Control <= 9.4.5 Multiple HTTP Response Splitting Vulnerabilities

December 17, 2024

Read Time:15 Second

Posted by Egidio Romano on Dec 16

—————————————————————————
GFI Kerio Control <= 9.4.5 Multiple HTTP Response Splitting Vulnerabilities
—————————————————————————

[-] Software Links:

https://gfi.ai/products-and-solutions/network-security-solutions/keriocontrol
http://download.kerio.com

[-] Affected Versions:

All versions from 9.2.5 to 9.4.5.

[-] Vulnerabilities Description:…

Cyber Security News

Daily Archives: December 17, 2024

GenAI: Security Teams Demand Expertise-Driven Solutions

EU Sanctions Russian Cyber Actors for “Destabilizing Actions”

USN-7164-1: ImageMagick vulnerability

New APIs Discovered by Attackers in Just 29 Seconds

US Unveils New National Cyber Incident Response Plan

All Major European Financial Firms Suffer Supplier Breaches

python-sql-1.5.2-3.fc41

FEDORA-2024-1a2f1733ad

Packages in this update:

Update description:

ZDI-24-1694: Microsoft PC Manager MSPCManagerService Link Following Local Privilege Escalation Vulnerability

ZDI-24-1695: Ivanti Avalanche FileStoreConfig Unrestricted File Upload Remote Code Execution Vulnerability

[KIS-2024-07] GFI Kerio Control <= 9.4.5 Multiple HTTP Response Splitting Vulnerabilities

News, Advisories and much more