#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
DevSecOps

software update | Breaking Cybersecurity News | The Hacker News

Category — software update
Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool

Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool

Jan 15, 2025 Vulnerability / Software Update
As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a client. "Attackers can take control of a malicious server and read/write arbitrary files of any connected client," the CERT Coordination Center (CERT/CC) said in an advisory. "Sensitive data, such as SSH keys, can be extracted, and malicious code can be executed by overwriting files such as ~/.bashrc or ~/.popt." The shortcomings, which comprise heap-buffer overflow, information disclosure, file leak, external directory file-write, and symbolic-link race condition, are listed below - CVE-2024-12084 (CVSS score: 9.8) - Heap-buffer overflow in Rsync due to improper checksum length handling CVE-2024-12085 (CVSS score: 7.5) - Information leak via uninitialized stack contents CVE-2024-12086 (CVSS score: 6.1) - Rsync server leaks arbitrary client files CVE-2024-12087 (CVSS ...
Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers

Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers

Jan 09, 2025 Vulnerability / Endpoint Security
Palo Alto Networks has released software patches to address several security flaws in its Expedition migration tool, including a high-severity bug that an authenticated attacker could exploit to access sensitive data. "Multiple vulnerabilities in the Palo Alto Networks Expedition migration tool enable an attacker to read Expedition database contents and arbitrary files, as well as create and delete arbitrary files on the Expedition system," the company said in an advisory. "These files include information such as usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software." Expedition, a free tool offered by Palo Alto Networks to facilitate migration from other firewall vendors to its own platform, reached end-of-life (EoL) as of December 31, 2024. The list of flaws is as follows - CVE-2025-0103 (CVSS score: 7.8) - An SQL injection vulnerability that enables an authenticated attacker to reveal Expedition...
Watch Out For These 8 Cloud Security Shifts in 2025

Watch Out For These 8 Cloud Security Shifts in 2025

Feb 04, 2025Threat Detection / Cloud Security
As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let's take a look… #1: Increased Threat Landscape Encourages Market Consolidation Cyberattacks targeting cloud environments are becoming more sophisticated, emphasizing the need for security solutions that go beyond detection. Organizations will need proactive defense mechanisms to prevent risks from reaching production. Because of this need, the market will favor vendors offering comprehensive, end-to-end security platforms that streamline risk mitigation and enhance operational efficiency. #2: Cloud Security Unifies with SOC Priorities Security operations centers (SOC) and cloud security functions are c...
Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days

Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days

Aug 14, 2024 Windows Security / Vulnerability
Microsoft on Tuesday shipped fixes to address a total of 90 security flaws , including 10 zero-days, of which six have come under active exploitation in the wild. Of the 90 bugs, nine are rated Critical, 80 are rated Important, and one is rated Moderate in severity. This is also in addition to 36 vulnerabilities that the tech giant resolved in its Edge browser since last month. The Patch Tuesday updates are notable for addressing six actively exploited zero-days - CVE-2024-38189 (CVSS score: 8.8) - Microsoft Project Remote Code Execution Vulnerability CVE-2024-38178 (CVSS score: 7.5) - Windows Scripting Engine Memory Corruption Vulnerability CVE-2024-38193 (CVSS score: 7.8) - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2024-38106 (CVSS score: 7.0) - Windows Kernel Elevation of Privilege Vulnerability CVE-2024-38107 (CVSS score: 7.8) - Windows Power Dependency Coordinator Elevation of Privilege Vulnerability CVE-2024-38213 (CVS...
cyber security

Webinar: 5 Ways New AI Agents Can Automate Identity Attacks | Register Now

websitePush SecurityAI Agents / Identity Security
Watch how Computer-Using Agents can be used by attackers to automate account takeover and exploitation.
Critical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin Access

Critical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin Access

Aug 14, 2024 Vulnerability / Network Security
Ivanti has rolled out security updates for a critical flaw in Virtual Traffic Manager (vTM) that could be exploited to achieve an authentication bypass and create rogue administrative users. The vulnerability, tracked as CVE-2024-7593, has a CVSS score of 9.8 out of a maximum of 10.0. "Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel," the company said in an advisory. It impacts the following versions of vTM - 22.2 (fixed in version 22.2R1) 22.3 (fixed in version 22.3R3, available week of August 19, 2024) 22.3R2 (fixed in version 22.3R3, available week of August 19, 2024) 22.5R1 (fixed in version 22.5R2, available week of August 19, 2024) 22.6R1 (fixed in version 22.6R2, available week of August 19, 2024) 22.7R1 (fixed in version 22.7R2) As temporary mitigation, Ivanti is recommending customers to limit admin access to th...
New Chrome Feature Scans Password-Protected Files for Malicious Content

New Chrome Feature Scans Password-Protected Files for Malicious Content

Jul 25, 2024 Browser Security / Data Protection
Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser. "We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions," Jasika Bawa, Lily Chen, and Daniel Rubery from the Chrome Security team said . To that end, the search giant is introducing a two-tier download warning taxonomy based on verdicts provided by Google Safe Browsing: Suspicious files and Dangerous files. Each category comes with its own iconography, color, and text to distinguish them from one another and help users make an informed choice. Google is also adding what's called automatic deep scans for users who have opted-in to the Enhanced Protection mode of Safe Browsing in Chrome so that they don't have to be prompted each time to send the files to Safe Browsing for deep scanning before opening them. In...
CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices

CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices

Jul 24, 2024 Software Update / IT Outage
Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week. "On Friday, July 19, 2024 at 04:09 UTC, as part of regular operations, CrowdStrike released a content configuration update for the Windows sensor to gather telemetry on possible novel threat techniques," the company said in its Preliminary Post Incident Review (PIR). "These updates are a regular part of the dynamic protection mechanisms of the Falcon platform. The problematic Rapid Response Content configuration update resulted in a Windows system crash." The incident impacted Windows hosts running sensor version 7.11 and above that was online between July 19, 2024, 04:09 UTC and 05:27 UTC and received the update. Apple macOS and Linux systems were not affected. CrowdStrike said it delivers security content configuration updates in two ways, one via Sensor Content that's shippe...
Faulty CrowdStrike Update Crashes Windows Systems, Impacting Businesses Worldwide

Faulty CrowdStrike Update Crashes Windows Systems, Impacting Businesses Worldwide

Jul 19, 2024
Businesses across the world have been hit by widespread disruptions to their Windows workstations stemming from a faulty update pushed out by cybersecurity company CrowdStrike. "CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts," the company's CEO George Kurtz said in a statement . "Mac and Linux hosts are not impacted. This is not a security incident or cyber attack." The company, which acknowledged "reports of [ Blue Screens of Death ] on Windows hosts," further said it has identified the issue and a fix has been deployed for its Falcon Sensor product, urging customers to refer to the support portal for the latest updates. For systems that have been already impacted by the problem, the mitigation instructions are listed below - Boot Windows in Safe Mode or Windows Recovery Environment Navigate to the C:\Windows\System32\drivers\CrowdStrike directory Find the file named ...
SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software

SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software

Jul 19, 2024 Vulnerability / Enterprise Security
SolarWinds has addressed a set of critical security flaws impacting its Access Rights Manager (ARM) software that could be exploited to access sensitive information or execute arbitrary code. Of the 13 vulnerabilities, eight are rated Critical in severity and carry a CVSS score of 9.6 out of 10.0. The remaining five weaknesses have been rated High in severity, with four of them having a CVSS score of 7.6 and one scoring 8.3. The most severe of the flaws are listed below - CVE-2024-23472 - SolarWinds ARM Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability CVE-2024-28074 - SolarWinds ARM Internal Deserialization Remote Code Execution Vulnerability CVE-2024-23469 - Solarwinds ARM Exposed Dangerous Method Remote Code Execution Vulnerability CVE-2024-23475 - Solarwinds ARM Traversal and Information Disclosure Vulnerability CVE-2024-23467 - Solarwinds ARM Traversal Remote Code Execution Vulnerability CVE-2024-23466 - Solarwinds ARM Directory ...
ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models

ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models

Jun 17, 2024 Router Security / Vulnerability
ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080 , the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0. "Certain ASUS router models have authentication bypass vulnerability, allowing unauthenticated remote attackers to log in the device," according to a description of the flaw shared by the Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC). Also patched by the Taiwanese company is a high-severity buffer overflow flaw tracked as CVE-2024-3079 (CVSS score: 7.2) that could be weaponized by remote attackers with administrative privileges to execute arbitrary commands on the device. In a hypothetical attack scenario, a bad actor could fashion CVE-2024-3080 and CVE-2024-3079 into an exploit chain in order to sidestep authentication and execute malicious code on susceptible devices. Both the shor...
Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover

Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover

Mar 14, 2024 Container Security / Vulnerability
Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific circumstances. "The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster," Akamai security researcher Tomer Peled  said . "To exploit this vulnerability, the attacker needs to apply malicious YAML files on the cluster." Tracked as CVE-2023-5528 (CVSS score: 7.2), the shortcoming impacts all versions of kubelet, including and after version 1.8.0. It was addressed as part of updates released on November 14, 2023, in the following versions - kubelet v1.28.4 kubelet v1.27.8 kubelet v1.26.11, and kubelet v1.25.16 "A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes," Kubernetes maintainers  s...
Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws

Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws

Mar 13, 2024 Patch Tuesday / Software Update
Microsoft on Tuesday released its monthly security update,  addressing 61 different security flaws  spanning its software, including two critical issues impacting Windows Hyper-V that could lead to denial-of-service (DoS) and remote code execution. Of the 61 vulnerabilities, two are rated Critical, 58 are rated Important, and one is rated Low in severity. None of the flaws are listed as publicly known or under active attack at the time of the release, but six of them have been tagged with an "Exploitation More Likely" assessment. The fixes are in addition to  17 security flaws  that have been patched in the company's Chromium-based Edge browser since the release of the  February 2024 Patch Tuesday updates . Topping the list of critical shortcomings are  CVE-2024-21407  and  CVE-2024-21408 , which affect Hyper-V and could result in remote code execution and a DoS condition, respectively. Microsoft's update also addresses privilege escalation f...
Critical Flaws Found in ConnectWise ScreenConnect Software  - Patch Now

Critical Flaws Found in ConnectWise ScreenConnect Software - Patch Now

Feb 20, 2024 Vulnerability / Network Security
ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a critical bug that could enable remote code execution on affected systems. The vulnerabilities are listed below - CVE-2024-1708 (CVSS score: 8.4) - Improper limitation of a pathname to a restricted directory aka "path traversal" CVE-2024-1709 (CVSS score: 10.0) - Authentication bypass using an alternate path or channel The company deemed the severity of the issues as critical, citing they "could allow the ability to execute remote code or directly impact confidential data or critical systems." Both the vulnerabilities impact ScreenConnect versions 23.9.7 and prior, with fixes available in version 23.9.8. The flaws were reported to the company on February 13, 2024. While there is no evidence that the shortcomings have been exploited in the wild, users who are running self-hosted or on-premise versions are recommended...
Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products

Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products

Feb 08, 2024 Cyber Threat / Network Security
Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited to perform arbitrary actions on affected devices. The first set from Cisco consists of three flaws – CVE-2024-20252 and CVE-2024-20254 (CVSS score: 9.6) and CVE-2024-20255 (CVSS score: 8.2) – impacting Cisco Expressway Series that could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks. All the issues, which were found during internal security testing, stem from insufficient CSRF protections for the web-based management interface that could permit an attacker to perform arbitrary actions with the privilege level of the affected user. "If the affected user has administrative privileges, these actions could include modifying the system configuration and creating new privileged accounts," Cisco  said  about CVE-2024-20252 and CVE-2024-20254. On the other hand, successful exploitatio...
AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset

AnyDesk Hacked: Popular Remote Desktop Software Mandates Password Reset

Feb 03, 2024 Cyber Attack / Software Security
Remote desktop software maker AnyDesk disclosed on Friday that it suffered a cyber attack that led to a compromise of its production systems. The German company said the incident, which it discovered following a security audit, is not a ransomware attack and that it has notified relevant authorities. "We have revoked all security-related certificates and systems have been remediated or replaced where necessary," the company  said  in a statement. "We will be revoking the previous code signing certificate for our binaries shortly and have already started replacing it with a new one." Out of an abundance of caution, AnyDesk has also revoked all passwords to its web portal, my.anydesk[.]com, and it's urging users to change their passwords if the same passwords have been reused on other online services. It's also recommending that users download the latest version of the software, which comes with a new  code signing certificate . AnyDesk did not disclose...
AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks

AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks

Jan 27, 2024 Malware / Software Update
Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called  AllaKore RAT . The BlackBerry Research and Intelligence Team attributed the activity to an unknown Latin America-based financially motivated threat actor. The campaign has been active since at least 2021. "Lures use Mexican Social Security Institute (IMSS) naming schemas and links to legitimate, benign documents during the installation process," the Canadian company  said  in an analysis published earlier this week. "The AllaKore RAT payload is heavily modified to allow the threat actors to send stolen banking credentials and unique authentication information back to a command-and-control (C2) server for the purposes of financial fraud." The attacks appear to be designed to particularly single out large companies with gross revenues over $100 million. Targeted entities span retail, agriculture, publ...
Expert Insights / Articles Videos
Cybersecurity Resources