Vulnerability

Rackspace Breach Linked to Zero-Day Vulnerability in ScienceLogic SL1's Third-Party Utility

Oct 4, 2024 By Andres Ramos In Arctic Wolf

On September 24, 2024, Rackspace, a managed cloud computing company providing cloud hosting, dedicated servers, and multi-cloud solutions, reported an issue with their Rackspace Monitoring product in the ScienceLogic EM7 (ScienceLogic SL1) Portal. Rackspace utilizes the ScienceLogic application as a third-party tool for monitoring certain internal services.

Read Post

Arctic Wolf

Read more about Rackspace Breach Linked to Zero-Day Vulnerability in ScienceLogic SL1's Third-Party Utility

It's Here! The New Nucleus Security User Interface

Oct 4, 2024 By Scott Kuffer In Nucleus

At Nucleus Security, our goal has always been to deliver an intuitive and scalable vulnerability management platform. A critical part of this mission is ensuring that its user interface (UI) evolves to meet our customers’ needs. I’m pleased to announce that we recently rolled out an updated UI—an important first step in a series of planned improvements aimed at enhancing our users’ experience with the Nucleus platform.

Read Post

Nucleus

Read more about It's Here! The New Nucleus Security User Interface

Novel Exploit Chain Enables Windows UAC Bypass: Understanding CVE-2024-6769

Oct 4, 2024 By Foresiet In Foresiet

Researchers have uncovered a new vulnerability, tracked as CVE-2024-6769, which enables attackers to bypass Windows User Access Control (UAC) and elevate their privileges to gain full system control without triggering any alerts. This exploit, affecting Microsoft’s Windows platform, has sparked debate about whether UAC truly acts as a security boundary. While Microsoft does not classify this as a vulnerability, security experts warn organizations to be vigilant about the risks involved.

Read Post

Foresiet

Read more about Novel Exploit Chain Enables Windows UAC Bypass: Understanding CVE-2024-6769

I Was Smarter than the AI

Oct 4, 2024 By Snyk In Snyk

Watch the full video for more...

View Video

Snyk

Read more about I Was Smarter than the AI

Linux Kernel effected by CVE-2023-2163

Oct 4, 2024 By Kondukto Security Team In Kondukto

CVE-2023-2163 is a critical vulnerability in the Linux Kernel, specifically affecting kernel versions 5.4 and above (excluding 6.3). This vulnerability arises from incorrect verifier pruning in the Berkeley Packet Filter (BPF), leading to unsafe code paths being incorrectly marked as safe. The vulnerability has a CVSS v3.1 Base Score of 8.8, indicating its high severity. The consequences are arbitrary read/write in kernel memory, lateral privilege escalation and container escape.

Read Post

Kondukto

Read more about Linux Kernel effected by CVE-2023-2163

Vulnerability Assessment VS Penetration Testing: What's the difference?

Oct 4, 2024 By Obrela In Obrela

In cybersecurity, vulnerability assessment and penetration testing are often discussed together, but they serve distinct purposes in securing a network. Organizations looking to strengthen their cybersecurity defenses must understand the differences between the two, as well as when and how to use each. This blog explores the difference between vulnerability assessment and penetration testing, and why a combined approach can be essential in achieving the most robust security strategy.

Read Post

Obrela

Read more about Vulnerability Assessment VS Penetration Testing: What's the difference?

Securing QR Codes: Protect Against Cyber Threats

Oct 4, 2024 By SecuritySenses In SecuritySenses

QR codes have become part of daily life, enabling quick access to websites and services with a single scan. However, this convenience also makes them a major target for cybercriminals who exploit their popularity. The hidden nature of QR data can easily redirect users to malicious content or phishing sites without their knowledge. With the growing risks tied to this technology, businesses need to implement more advanced security measures. Simple practices like regularly checking code destinations and verifying source authenticity can help reduce vulnerabilities.

Read Post

SecuritySenses

Read more about Securing QR Codes: Protect Against Cyber Threats

My CUPS Runneth Over (with CVEs)

Oct 3, 2024 By Splunk Threat Research Team In Splunk

The Common Unix Printing System (CUPS), a standard component in nearly every Unix-like and Linux system, has recently come under scrutiny due to a series of critical vulnerabilities discovered by security researcher Simone Margaritelli. These issues, collectively known as the CUPS vulnerability, expose Linux and Unix environments to potential remote code execution and information disclosure risks.

Read Post

Splunk

Read more about My CUPS Runneth Over (with CVEs)

Migrating from VS Code to Cursor AI

Oct 3, 2024 By Snyk In Snyk

Watch the full video for more...

View Video

Snyk

Read more about Migrating from VS Code to Cursor AI

Millions of Kia Vehicles Exposed to Remote Hacks via License Plate: The Growing Risk of Automotive API Vulnerabilities

Oct 3, 2024 By Foresiet In Foresiet

In an increasingly connected world, the lines between digital security and physical safety are rapidly blurring. The automotive industry, now more reliant on connectivity than ever before, faces a new wave of cybersecurity threats. Millions of Kia vehicles, ranging from the 2013 model year to 2025, were recently found to be vulnerable to remote hacking via license plate information.

Read Post