A critical security flaw CVE-2025-24813, has been discovered in Apache Tomcat, a widely used web server and servlet container.
https://nvd.nist.gov/vuln/detail/CVE-2025-24813
#cybersecurity #vulnerability #apache #tomcat #rce #cve #update #patch
83r71n
"When you look at the dark side, careful you must be. For the dark side looks back."
--Yoda
Always learning ...and sharing knowledge to make the world a safest place.
Researchers Miguel Tarascó Acuña and Antonio Vázquez Blanco from Tarlogic Security discovered a hidden "backdoor" in the ESP32 chip, a microcontroller widely used in over a billion devices. This chip enables Bluetooth and Wi-Fi connections in gadgets like smart home devices, medical equipment, and more.
https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/
#cybersecurity #vulnerability #bluetooth #esp32 #backdoor #wifi #RootedCON2025 #tarlogicsecurity
Elastic, the company behind Kibana, has announced critical security updates to address a serious vulnerability in their software. This issue, labeled CVE-2025-25015, is rated 9.9 out of 10 on the severity scale, signaling an extremely high risk.
https://discuss.elastic.co/t/kibana-8-17-3-security-update-esa-2025-06/375441
A newly discovered security vulnerability in the Vim text editor, identified as CVE-2025-27423, poses a serious risk for users. This flaw, found in Vim’s (tar.vim plugin), could allow attackers to gain control of a user’s computer if a malicious TAR file is opened.
Vim’s tar.vim plugin is designed to help users view and edit TAR files (a type of compressed archive) directly in the text editor. Unfortunately, a recent update introduced an issue where filenames within these TAR files were not adequately checked or "sanitized." Cybercriminals can exploit this by crafting a specially designed TAR file to execute harmful commands on a victim's computer once the file is opened in Vim.
https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3
#cybersecurity #vulnerability #vim #tar #plugin #cve #code_execution #Ry0taK
VMware recently addressed several serious security flaws in their products, including ESXi, Workstation, and Fusion.
CVE-2025-22224: This critical flaw allows attackers to send malicious data to the system, causing it to behave unpredictably.
CVE-2025-22225: This vulnerability lets attackers write data into restricted areas of the system. By doing so, they can escape the virtual machine's sandbox (a protective barrier) and gain unauthorized access to the host system.
CVE-2025-22226: This flaw allows attackers to read sensitive information from the system's memory.
https://blogs.vmware.com/security/
#cybersecurity #vulnerability #cve #vmware #esxi #workstation #pro #player #fusion #cloud #heap_overflow
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a serious security flaw in some Cisco Small Business routers. These routers are used by small businesses to connect to the internet. The flaw, known as CVE-2023-20118, allows hackers to take control of the router and potentially access sensitive information on the network.
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
#cybersecurity #vulnerability #cisco #router #cisa #cve #RV016 #RV042 #RV042G #RV082 #RV320 #RV325
QR codes, those black-and-white squares you scan with your phone, are becoming a new tool for scammers. This type of scam is called "quishing," a mix of QR codes and phishing. Scammers use fake QR codes to trick people into giving away personal information or downloading harmful software.
Quishing works by placing fake QR codes in public places like parking meters, restaurants, or even on delivery packages. When someone scans the fake code, they are directed to a malicious website that looks real. This website might ask for personal details, like passwords or credit card numbers, or it might download malware onto the user's device.
One common scenario involves scammers putting fake QR codes on parking meters. When people scan these codes to pay for parking, they are redirected to a fake payment site that steals their payment information. Another example is scammers posing as utility companies or government agencies, sending fake QR codes in emails or text messages. Scanning these codes can lead to identity theft or financial loss.
Quishing is effective because people are often less cautious when scanning QR codes compared to clicking on suspicious links. To protect yourself, treat scanning a QR code like clicking on an unknown link.
https://hackread.com/rise-of-qr-phishing-how-scammers-exploit-qr-codes/
#cybersecurity #qr #qr_codes #quishing #phishing #scam #identity_theft
A new linux malware, called Auto-Color, was discovered by cybersecurity researchers at Palo Alto Networks' Unit 42, a team specializing in analyzing and uncovering cyber threats. This malware (backdoor) is a tool used by hackers to secretly gain access to computers running the Linux operating system, allowing them to carry out harmful activities while staying hidden.
Auto-Color is designed to be extremely stealthy. For example, it camouflages itself within the system and alters activity logs to make everything appear normal. It’s like an invisible burglar who not only sneaks into your digital “house” but also covers their tracks so you don’t notice their presence. This makes it difficult for security tools to detect and block its actions.
https://unit42.paloaltonetworks.com/new-linux-backdoor-auto-color/
#cybersecurity #malware #linux #backdoor #autocolor #paloaltonetworks #unit42
Imagine someone having access to every message you send, every photo you take, and knowing exactly where you are at all times. This isn't science fiction - it's happening right now to thousands of people
#cybersecurity #spyware #spyzie #stalkerware #android #iphone #app #techcrunch
Two cybersecurity researchers recently uncovered a significant vulnerability in the FlyCASS system, which manages the Known Crewmember (KCM) and Cockpit Access Security System (CASS) programs for airlines. This flaw could potentially allow unauthorized individuals to gain access to sensitive areas of airports and even fly in aircraft cockpits.
The researchers discovered that the FlyCASS login page was susceptible to a simple SQL injection attack. By inserting malicious SQL code into the username field, they were able to bypass the login system and gain administrative access to the database.
Once inside, they found they could add any name to the list of approved pilots and crew members without any additional checks. This meant anyone with basic knowledge of SQL injection could potentially log in and add themselves to the KCM and CASS lists.
https://www.theregister.com/2024/08/30/sql_injection_known_crewmember/
#cybersecurity #vulnerabiity #sql #sql_injection #attack #flycass #login #kcm #cass #airlines
Oligo Security's research team has identified a significant vulnerability named "0.0.0.0 Day" that affects all major web browsers, allowing malicious websites to interact with local network services. This vulnerability arises from inconsistent security implementations across browsers and the lack of standardization in the browser industry. The IP address 0.0.0.0, typically used to denote all available network interfaces on a device, can be exploited by attackers to gain unauthorized access and execute code on local services, including those for development, operating systems, and internal networks. This issue has wide-ranging implications for both individuals and organizations, with active exploitation campaigns like ShadowRay highlighting the urgency of resolving this vulnerability.
https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser
#cybersecurity #0000day #vulnerability #browser #http #rfc #chrome #safari #firefox #fingerprinting #edge #ssl #https #pna #shadowray
A cybersecurity researcher named Jeremiah Fowler discovered that 4.6 million voter and election documents were exposed online due to a technology contractor's oversight. The documents, including voter records, ballots, and various lists, were found in 13 non-password-protected databases. An additional 15 databases were identified but were password-protected. These databases were linked to counties that had contracts with Platinum Technology Resource, a company offering services like ballot printing, election management, and voter registration software. The exposure poses significant risks, such as the possibility of cybercriminals launching brute force attacks or disrupting access during elections through denial of service attacks.
https://www.vpnmentor.com/news/report-election-records-breach/
#cybersecurity #database #csv #election2024 #dataprotection #platinumtechnologyresource #jeremiahfowler
The US Cybersecurity & Infrastructure Security Agency (CISA) has issued a warning about a serious vulnerability in Avtech Security's cameras, known as CVE-2024-7029. This flaw allows attackers to inject commands into the cameras over the network without needing any password or authentication. The vulnerability affects Avtech AVM1203 IP cameras running certain firmware versions, and potentially other devices from the company. Despite CISA's efforts to get Avtech to fix the issue, there hasn't been a response from the company, suggesting the problem remains unresolved. There are no reported instances of this vulnerability being exploited publicly, but given its severity and the fact that it's already being used in the wild, it's important for users to be aware and take precautions.
https://www.cisa.gov/news-events/ics-advisories/icsa-24-214-07
#cybersecurity #avtech #vulnerability #cve #avm1203 #ip #camera #cisa
Microsoft researchers have discovered a serious vulnerability in ESXi hypervisors, which are targeted by ransomware attackers to gain full administrative control over domain-joined ESXi hypervisors. When attackers gain full control, they can encrypt the entire system, disrupting operations and potentially stealing data.
The vulnerability, known as CVE-2024-37085, allows attackers to exploit a default setting that grants full administrative rights to any member of a certain domain group without proper checks. This means that attackers can easily take over ESXi hypervisors, leading to widespread encryption and potential data loss.
Microsoft worked closely with VMware, the company behind ESXi, to disclose this vulnerability and release a security update. It's crucial for ESXi server administrators to apply these updates to protect against such attacks. Additional measures recommended by Microsoft include validating the existence of the "ESX Admins" group, manually denying access to this group, and improving overall security practices like enforcing multi-factor authentication and regularly updating software.
#cybersecurity #esxi #vmware #vulnerability #microsoft #hypervisor #ransomware #update #security #encryption
The 2024 Olympics have raised concerns among cybersecurity experts due to potential cyber threats. With the increasing reliance on digital technologies, especially during global events like the Olympics, there's a heightened risk of cyberattacks targeting sensitive information such as athletes' personal data, competition results, and even the broadcasting infrastructure.
Cybersecurity teams are preparing by enhancing monitoring systems and implementing advanced security measures to protect against various types of attacks, including Distributed Denial of Service (DDoS) attacks that could disrupt the event's online presence. They're also focusing on protecting the Internet of Things (IoT) devices used throughout the venues, which can be vulnerable entry points for hackers.
In addition to these internal preparations, international cooperation is crucial. Cybersecurity agencies worldwide are sharing intelligence and best practices to counteract any potential threats effectively.
https://www.csoonline.com/article/3477719/2024-olympics-put-cybersecurity-teams-on-high-alert.html
#cybersecurity #paris2024 #olympics #cyberthreats #cyberattack #ddos #iot #cybersec
A network known as "Stargazers Ghost Network" has been exploiting GitHub to spread malware through approximately 3,000 fake accounts. This operation involves creating repositories that mimic legitimate ones to trick users into downloading malicious content. The malware is often hidden in links within these repositories, which unsuspecting users may click, leading to their devices becoming infected. Researchers have identified over 2,200 such repositories involved in distributing various types of malware, including those designed to steal user credentials and cryptocurrency wallets. The network appears to automate its activities across different social media platforms, targeting users interested in gaming, social media, and cryptocurrencies.
https://research.checkpoint.com/2024/stargazers-ghost-network/
#cybersecurity #github #StargazersGhost #network #malware #daas #checkpoint #research
A recent security vulnerability, identified as CVE-2024-6922, affects Automation Anywhere's Automation 360, a popular Robotic Process Automation suite. This vulnerability allows for Server-Side Request Forgery (SSRF), enabling an attacker with unauthenticated access to the Automation 360 Control Room HTTPS service (port 443) or HTTP service (port 80) to trigger arbitrary web requests from the server.
The discovery of this issue was made by Ryan Emmons, a Lead Security Researcher at Rapid7, who worked closely with Automation Anywhere to address and mitigate the vulnerability. The timeline of events began with Rapid7 contacting Automation Anywhere on June 17, 2024, and culminated in the public disclosure of the vulnerability on July 26, 2024. It's noteworthy that Automation Anywhere had already addressed this issue in version 33 of their product, released on June 17, 2024, prior to receiving the report from Rapid7.
Customers using InsightVM and Nexpose products from Rapid7 can assess their exposure to CVE-2024-6922 through a vulnerability check included in their content release on July 26, 2024. To protect against this vulnerability, Automation Anywhere advises upgrading to Automation 360 v.33, where the issue has been resolved according to their release notes.
#cybersecurity #automation360 #vulnerability #automationanywhere #ssrf #serversiderequestforgery #devsecops #networksecurity #https #http #infosec #rapid7
Cybersecurity experts have uncovered a significant vulnerability named ConfusedFunction in Google Cloud Platform's Cloud Functions service. This issue allows attackers to elevate their privileges, potentially accessing various services and sensitive data without authorization. When a Cloud Function is created or updated, a Cloud Build service account is automatically generated and linked to a Cloud Build instance. This service account possesses extensive permissions, which, if misused, can lead to unauthorized access to Cloud Storage, Artifact Registry, and Container Registry among others. Google has addressed this by changing the default behavior to use the Compute Engine default service account instead, though this does not retroactively apply to existing instances. Despite this fix, the deployment of a Cloud Function still necessitates assigning certain permissions to the Cloud Build service account, highlighting ongoing concerns about software complexity and inter-service communication in cloud environments.
#cybersecurity #google #googlecloud #vulnerability #privilege_escalation #confusedfunction #cloudfunction #cloudstorage #cloudbuild #cloud #tenable
Nvidia recently released patches for high-severity vulnerabilities found in various artificial intelligence (AI) and networking products. These products include Jetson devices, Mellanox OS, OnyX, Skyway, and MetroX. The vulnerabilities could potentially allow attackers to execute code, escalate privileges, deny service, disclose information, and tamper with data. Specifically, one vulnerability affects Jetson products used for robotics and AI applications, while others target the Mellanox OS switch operating system for data centers, the OnyX successor, the Skyway InfiniBand-to-Ethernet gateway, and the MetroX long-haul system.
https://www.nvidia.com/en-us/security/
#cybersecurity #nvidia #vulnerability #ai #jetson #mellanoxOS #onyx #skyway #metrox #robotics #datacenter #security
A critical flaw in Docker Engine, tracked as CVE-2024-41110, allows attackers to bypass authorization plugins under specific conditions. This vulnerability, with a CVSS score of 10.0, indicates maximum severity. It involves exploiting an API request with a Content-Length set to 0, tricking the Docker daemon into forwarding the request without the body to the AuthZ plugin, potentially leading to incorrect approval of the request. This issue was initially discovered in 2018 and fixed in Docker Engine v18.09.1 in January 2019, but it wasn't applied to subsequent versions until recently. Versions affected include those up to v19.03.15, v20.10.27, v23.0.14, v24.0.9, v25.0.5, v26.0.2, v26.1.4, v27.0.3, and v27.1.0, assuming AuthZ is used for access control decisions. Users relying on AuthZ plugins are at risk unless they update to versions 23.0.14 and 27.1.0 released on July 23, 2024. Docker Desktop versions up to 4.32.0 are also affected, though the chance of exploitation is low due to the need for local access to the host and the absence of AuthZ plugins in default configurations. Docker advises updating to the latest version to mitigate potential threats.
https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
#cybersecurity #docker #vulnerability #cve #authz #dockerengine #dockerdesktop #api #plugins #threat #update
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst