Two security advisories have been released to address two vulnerabilities in Redis. Redis is a popular in-memory key-value database that persists on disk.
CVE-2024-46981 is a ‘use after free’ vulnerability with a CVSSv3 score of 7.0. If exploited, an authenticated attacker could use a specially crafted Lua script to achieve remote code execution. CVE-2024-51741 is an ‘improper input validation’ vulnerability with a CVSSv3 score of 4.4.
Read more…
Source: NHS Digital
Related:
- Security and Privacy of COVID-19 Contact-Tracing Apps
March 12, 2021
Symantec analyzed the top 25 COVID-19 national contact-tracing apps to see which follow security and privacy best practices. Unfortunately, in this new COVID-19 era it’s not just our computers we have to protect from infection, but also ourselves and our loved ones. Along with social distancing, wearing a mask, and washing our hands, technology is also ...
- Good old malware for the new Apple Silicon platform
March 12, 2021
A short while ago, Apple released Mac computers with the new chip called Apple M1. The unexpected release was a milestone in the Apple hardware industry. However, as technology evolves, we also observe a growing interest in the newly released platform from malware adversaries. This inevitably leads us to new malware samples compiled for the ...
- No Laughing Matter: Joker’s Latest Ploy
March 12, 2021
Joker reveals more tricks up its sleeves: new malicious Android apps that, like in past schemes, subscribe users to premium services without their consent. Joker (a.k.a. Bread) is one of the most persistent malware families that continually targets Android devices. The malware entered the scene in 2017, and by early 2020, Google has removed more than ...
- Hafnium’s China Chopper: a ‘slick’ and tiny web shell for creating server backdoors
March 11, 2021
Researchers have provided insight into China Chopper, a web shell used by the state-sponsored Hafnium hacking group. Hafnium is a group of cyberattackers originating from China. The collective recently came into the spotlight due to Microsoft linking them to recent attacks exploiting four zero-day vulnerabilities — CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 — in Microsoft Exchange Server. Microsoft ...
- The Future of P2P IoT Botnets
March 11, 2021
The internet of things (IoT) has created a new domain for botnet developers to compete and thrive in. Already, there they battle one another for devices while their victims contend with persisting infections. But the involvement of a well-known file-sharing technology, peer-to-peer (P2P) networking, into the mix can further complicate matters. A typical IoT botnet consists ...
- Microsoft Exchange Servers Face APT Attack Tsunami
March 11, 2021
Recently patched Microsoft Exchange vulnerabilities are under fire from at least 10 different advanced persistent threat (APT) groups, all bent on compromising email servers around the world. Overall exploitation activity is snowballing, according to researchers. Microsoft said in early March that it had spotted multiple zero-day exploits in the wild being used to attack on-premises versions ...

