Multiple Vulnerabilities in Redis


Two security advisories have been released to address two vulnerabilities in Redis. Redis is a popular in-memory key-value database that persists on disk.

CVE-2024-46981 is a ‘use after free’ vulnerability with a CVSSv3 score of 7.0. If exploited, an authenticated attacker could use a specially crafted Lua script to achieve remote code execution. CVE-2024-51741 is an ‘improper input validation’ vulnerability with a CVSSv3 score of 4.4.

Read more…
Source: NHS Digital


Sign up for our Newsletter


Related:

  • APT annual review: What the world’s threat actors got up to in 2020

    December 3, 2020

    Beyond Windows While Windows continues to be the main focus for APT threat actors, we have observed a number of non-Windows developments this year. Last year we reported a malware framework called MATA that we attribute to Lazarus. This framework included several components such as a loader, orchestrator and plug-ins. In April, we learned that MATA ...

  • Brazilian aerospace firm Embraer hit by cyberattack

    December 2, 2020

    Brazilian aerospace and defence group Embraer has been targeted by a cyberattack that has impacted the company’s operations. According to a statement released by the global firm on Monday (30) the attack resulted in the “disclosure of data allegedly attributed to the company”. The incident was reported five days after it took place to the Brazilian Securities ...

  • Cyberespionage APT group hides behind cryptomining campaigns

    December 2, 2020

    An advanced threat group called Bismuth recently used cryptocurrency mining as a way to hide the purpose of their activity and to avoid triggering high-priority alerts. Coin mining is typically regarded as a non-critical security issue, so the method allowed the actor to establish persistence and move laterally on the compromised network, at the same time ...

  • Turla’s ‘Crutch’ Backdoor Leverages Dropbox in Espionage Attacks

    December 2, 2020

    Researchers have discovered a previously undocumented backdoor and document stealer, which they have linked to the Russian-speaking Turla advanced persistent threat (APT) espionage group. The malware, which researchers call “Crutch,” is able to bypass security measures by abusing legitimate tools – including the file-sharing service Dropbox – in order to hide behind normal network traffic. Researchers ...

  • iPhone Bug Allowed for Complete Device Takeover Over the Air

    December 2, 2020

    Details tied to a stunning iPhone vulnerability were disclosed by noted Google Project Zero researcher Ian Beer. Apple patched the vulnerability earlier this year. But few details, until now, were known about the bug that could have allowed a threat actor to completely take over any iPhone within a nearby vicinity. The hack could of ...

  • The Impact of Modern Ransomware on Manufacturing Networks

    December 1, 2020

    Ransomware threats have disrupted the manufacturing industry significantly in 2020. In a disturbing trend during the third quarter of the year, attackers appeared to be singling out manufacturing organizations as a victim of choice in their ransomware operations. Ransomware threats have disrupted the manufacturing industry significantly in 2020. These attacks have resulted in substantial losses in ...