Theregister2 weeks agoInformation securityFour critical bugs in ArubaOS lead to remote code executionNetwork admins should patch critical vulnerabilities in ArubaOS immediately to avoid remote code execution by privilege escalation. [ more ]
Zero Day Initiative2 months agoInformation securityZero Day Initiative - CVE-2023-36049: Microsoft .NET CRLF Injection Arbitrary File Write/Deletion VulnerabilityPrivilege escalation vulnerability in .NET Framework and Visual Studio patched Exploitation leads to remote file manipulation in the context of the FTP server [ more ]
Theregister3 months agoInformation securityZoom stomps critical privilege escalation bug, 6 other flawsZoom has revealed a critical privilege escalation vulnerability in its products that could allow unauthenticated users to gain higher privileges. The company has released updates to patch the vulnerability, along with other medium-severity issues. [ more ]
Dark Reading6 months agoInformation securityMicrosoft Zero-Days Allow Defender Bypass, Privilege EscalationMicrosoft released fixes for 63 bugs in its November update, including three zero-days that are actively being exploited by threat actors. The November update is smaller in comparison to the October update and contains fewer critical vulnerabilities. One of the zero-days, CVE-2023-36036, allows attackers to acquire system-level privileges. [ more ]
TechRepublic5 months agoPrivacy professionalsGoogle Workspace Security: DeleFriend Vulnerability Could Allow Unwanted Access to APIsCybersecurity researchers discovered a vulnerability in Google Workspace that could allow unwanted access to Workspace APIs. The vulnerability allows attackers to use privilege escalation to gain access that would otherwise only be available to Super Admins. [ more ]