Vulnerabilities in Supermicro BMCs could allow for unkillable server rootkits
With the ability to manage huge fleets of servers, BMCs are ideal places to stash malware. Enlarge (credit: Getty Images) If your organization uses servers that are equipped with baseboard management controllers from Sup.....»»
Little Snitch visualization makes it easier to monitor Mac network traffic
The popular security utility Little Snitch, which monitors Mac network traffic for suspicious activity, has been updated to a much more modern interface, with a whole range of new features. Key among these is DNS encryption, which shields server n.....»»
GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985)
A critical, 10-out-of-10 vulnerability (CVE-2024-4985) allowing unrestricted access to vulnerable GitHub Enterprise Server (GHES) instances has been fixed by Microsoft-owned GitHub. Fortunately, there is a catch that may narrow down the pool of poten.....»»
A root-server at the Internet’s core lost touch with its peers. We still don’t know why.
For 4 days, the c-root server maintained by Cogent lost touch with its 12 peers. Enlarge For more than four days, a server at the very core of the Internet’s domain name system was out of sync with its 12 root server.....»»
DNS glitch that threatened Internet stability fixed; cause remains unclear
For 4 days, the c-root server maintained by Cogent lost touch with its 12 peers. Enlarge For more than four days, a server at the very core of the Internet’s domain name system was out of sync with its 12 root server.....»»
AU10TIX Risk Assessment Model identifies potential vulnerabilities
AU10TIX launched a free Risk Assessment Model that enables businesses to conduct an initial assessment of their exposure to operational, security and identity fraud risk. Drawing insights from billions of transactions processed globally and years of.....»»
Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849)
Veeam has patched four vulnerabilities in Backup Enterprise Manager (VBEM), one of which (CVE-2024-29849) may allow attackers to bypass authentication and log in to its web interface as any user. With no user interaction required for remote exploitat.....»»
Authelia: Open-source authentication and authorization server
Authelia is an open-source authentication and authorization server that offers 2FA and SSO for applications through a web portal. It works alongside reverse proxies to permit, deny, or redirect requests. Authelia connects directly to the reverse prox.....»»
XDefiant is nearly unplayable at launch due to server issues
XDefiant developers are working on server and online multiplayer issues that have popped up on the shooter's launch day......»»
15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130)
Researchers have found 15 vulnerabilities in QNAP’s network attached storage (NAS) devices, and have released a proof-of-concept for one: an unauthenticated stack overflow vulnerability (CVE-2024-27130) that may be leveraged for remote code exe.....»»
Observations investigate properties of nearby brown dwarf HD 33632 Ab
Using the Keck II telescope in Hawaii, astronomers have observed a nearby brown dwarf known as HD 33632 Ab. Results of the observational campaign, presented in a paper published May 14 on the pre-print server arXiv, provide more insights into the pro.....»»
Astronomers determine Mars may face more potentially hazardous asteroids than Earth
A team of astronomers at Nanjing University has found evidence that Mars likely has more potentially hazardous asteroids in its path than Earth. In their study, posted on the arXiv preprint server, the group investigated the number of potentially haz.....»»
Ebury botnet compromises 400,000+ Linux servers
ESET researchers released its deep-dive investigation into one of the most advanced server-side malware campaigns. It is still growing and has seen hundreds of thousands of compromised servers in its at least 15-year-long operation. The Ebury group a.....»»
OWASP dep-scan: Open-source security and risk audit tool
OWASP dep-scan is an open-source security and risk assessment tool that leverages information on vulnerabilities, advisories, and licensing restrictions for project dependencies. It supports local repositories and container images as input sources, m.....»»
May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040)
For May 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-30051, CVE-2024-30040) actively exploited by attackers. CVE-2024-30051 and CVE-2024-30040 CVE-2024-30051 is a heap-based b.....»»
Critical vulnerabilities take 4.5 months on average to remediate
Over a third of organizations had at least one known vulnerability in 2023, with nearly a quarter of those facing five or more, and 60% of vulnerabilities remained unaddressed past CISA’s deadlines, according to Bitsight. Organizations struggle.....»»
How AI affects vulnerability management in open-source software
In this Help Net Security video, Itamar Sher, CEO of Seal Security, discusses how AI affects the risk and operational aspects of managing vulnerabilities in open-source software. One of the core issues around open-source vulnerability patch managemen.....»»
Cybercriminals are getting faster at exploiting vulnerabilities
Cybercriminals are targeting the ever-increasing number of new vulnerabilities resulting from the exponential growth in the number and variety of connected devices and an explosion in new applications and online services, according to Fortinet. It’.....»»
F5 fixes BIG-IP Next Central Manager flaws with public PoCs (CVE-2024-21793, CVE-2024-26026)
Eclypsium researchers have published details and PoC exploits for two remotely exploitable injection vulnerabilities (CVE-2024-21793, CVE-2024-26026) affecting F5’s BIG-IP Next Central Manager. About the vulnerabilities BIG-IP Next is “a comp.....»»
Research investigates the environment of globular cluster NGC 6355
Using the Dark Energy Camera (DECam), Argentinian astronomers have investigated the environment of a galactic globular cluster known as NGC 6355. The study, presented in a paper published May 2 on the pre-print server arXiv, found that the cluster ha.....»»
Critical vulnerabilities in BIG-IP appliances leave big networks open to intrusion
Hackers can exploit them to gain full administrative control of internal devices. Enlarge (credit: Getty Images) Researchers on Wednesday reported critical vulnerabilities in a widely used networking appliance that leave.....»»