Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

The CUPS Vulnerability- The 443 Podcast - Episode 308

Sep 30, 2024 By WatchGuard In WatchGuard
This week on the podcast, we cover the "9.9/10 severity vulnerability affecting most Linux systems" that a researcher disclosed last week and what it means for Linux systems administrators. We then discuss a research post into Kia's remote control systems that allowed one researcher to compromise any Kia in the last decade by just knowing their license plate number. We end with a new act that was just introduced into the US Senate with a goal to secure the healthcare industry.
View Video
sysdig

Detecting and Mitigating Remote Code Execution Exploits in CUPS

Sep 29, 2024 By Michael Clark In Sysdig
On September 26th, 2024, details were released about several vulnerabilities in the Common Unix Printing System (CUPS) package. A total of four CVE’s (CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177) have been released, affecting many Unix and Linux distributions. Three of the vulnerabilities are rated High, while one is rated Critical. If left unpatched, a remote attacker is able to execute arbitrary commands on the affected system.
Read Post
armo

CUPS: Unraveling a Critical Vulnerability Chain in Unix Printing Systems

Sep 28, 2024 By Amit Schendel In ARMO
A series of critical vulnerabilities has been uncovered in the Common Unix Printing System (CUPS), specifically in the cups-browsed component and related libraries. This vulnerability chain allows remote, unauthenticated attackers to potentially execute arbitrary code with root privileges on affected systems. The discovery highlights significant security risks in a widely-used open-source component and raises crucial questions about legacy system support and security in modern IT environments.
Read Post
cycognito

Emerging Security Issue: Progress Software WhatsUp Gold (CVE-2024-6670)

Sep 27, 2024 By Emma Zaballos In CyCognito
CVE-2024-6670 is a critical (CVSS v3 score: 9.8) SQL injection vulnerability. Threat researcher Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam) discovered that, if the application is configured with only one user, unauthenticated attackers can leverage this vulnerability to retrieve users’ encrypted passwords.
Read Post
Arctic Wolf

Multiple Vulnerabilities Disclosed in Linux-based CUPS Printing Service

Sep 27, 2024 By Stefan Hostetler In Arctic Wolf
On September 26, 2024, a security researcher disclosed several vulnerabilities affecting Common UNIX Printing System (CUPS) within GNU/Linux distributions. CUPS is an open-source printing system that allows Unix-like operating systems, including Linux and MacOS, to manage printers and print jobs across local and networked environments. The newly identified CUPS vulnerabilities identified are.
Read Post

Friday Flows episode 36: Using Tines Workbench for asset and vulnerability management

Sep 27, 2024 By Tines In Tines
Michael Tolan from Tines Labs returns with Cameron for another episode on Tines Workbench. In case you missed it, Workbench is a Tines-powered AI chat interface where you can take action and access proprietary data in real-time, privately and securely. This episode leverages Workbench to make a tedious process extremely simple to handle. For any teams spending a lot of time on asset and vulnerability management, this is a must-watch!
View Video
Snyk

Zero-day RCE vulnerability found in CUPS - Common UNIX Printing System

Sep 27, 2024 By Jim Armstrong In Snyk
On September 27, 2024, evilsocket.net (Simone Margaritelli) published information about several vulnerabilities in CUPS (Common UNIX Printing System), which can allow for arbitrary remote code execution (RCE). There are currently 4 CVEs associated with these findings, with potentially more on the way. There is also some debate about the severity of these vulnerabilities, however, one of the CVEs was initially given a CVSS score of 9.9. We will update this blog if new information becomes available.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.