Two security advisories have been released to address two vulnerabilities in Redis. Redis is a popular in-memory key-value database that persists on disk.
CVE-2024-46981 is a ‘use after free’ vulnerability with a CVSSv3 score of 7.0. If exploited, an authenticated attacker could use a specially crafted Lua script to achieve remote code execution. CVE-2024-51741 is an ‘improper input validation’ vulnerability with a CVSSv3 score of 4.4.
Read more…
Source: NHS Digital
Related:
- Capcom: Ransomware gang used old VPN device to breach the network
April 13, 2021
Capcom has released a final update about the ransomware attack it suffered last year, detailing how the hackers gained access to the network, compromised devices, and stole personal information belonging to thousands of individuals. In early November 2020, Ragnar Locker ransomware hit the Japanese game developer and publisher, forcing Capcom to shut down portions of their ...
- NAME:WRECK DNS vulnerabilities affect over 100 million devices
April 13, 2021
Security researchers today disclosed nine vulnerabilities affecting implementations of the Domain Name System protocol in popular TCP/IP network communication stacks running on at least 100 million devices. Collectively referred to as NAME: WRECK, the flaws could be leveraged to take offline affected devices or to gain control over them. The vulnerabilities were found in widespread TCP/IP stacks ...
- Man Arrested for AWS Bomb Plot
April 12, 2021
A Texas man has been charged with plotting a bombing of Amazon Web Services in a quest to allegedly “kill off the internet.” Seth Aaron Pendley was arrested in Ft. Worth after allegedly attempting to get an explosive device from an undercover FBI employee in a sting. The feds were alerted to Pendley after a concerned ...
- Winter 2020 Network Attack Trends: Internet of Threats
April 12, 2021
Unit 42 researchers analyzed network attack trends over Winter 2020 and discovered many interesting exploits in the wild. During the period of Nov. 2020 to Jan. 2021, the majority of the attacks we observed were classified as critical (75%), compared to the 50.4% we reported in the fall of 2020. Several newly observed exploits, including ...
- Dutch supermarkets run out of cheese after ransomware attack
April 12, 2021
A ransomware attack against conditioned warehousing and transportation provider Bakker Logistiek has caused a cheese shortage in Dutch supermarkets. Bakker Logistiek is one of the largest logistics services providers in the Netherlands, offering air-conditioned warehousing and food transportation for Dutch supermarkets. Last week, Bakker Logistiek suffered a ransomware attack that encrypted devices on their network and disrupted ...
- New survey report released: The state of industrial cybersecurity (Part 3)
April 12, 2021
This is the final installation of our three-part blog series, explaining the state of industrial cybersecurity based on the result of survey Trend Micro conducted in the US, Germany and Japan in November 2021. Part 1: Converging IT and OT with people, process and technology Part 2: Most factories have already implemented technical measures but are still ...

