Two security advisories have been released to address two vulnerabilities in Redis. Redis is a popular in-memory key-value database that persists on disk.
CVE-2024-46981 is a ‘use after free’ vulnerability with a CVSSv3 score of 7.0. If exploited, an authenticated attacker could use a specially crafted Lua script to achieve remote code execution. CVE-2024-51741 is an ‘improper input validation’ vulnerability with a CVSSv3 score of 4.4.
Read more…
Source: NHS Digital
Related:
- German authorities seize ‘BlueLeaks’ server that hosted data on US cops
July 7, 2020
German authorities have seized today a web server that hosted BlueLeaks, a website that provided access to internal documents stolen from US police departments. The server belonged to DDoSecrets (Distributed Denial of Secrets), an activist group that published the files last month, in mid-June. The server seizure was announced today by investigative journalist Emma Best, one of ...
- Purple Fox EK Adds Microsoft Exploits to Arsenal
July 6, 2020
The Purple Fox exploit kit (EK) has added two new exploits targeting critical- and high-severity Microsoft vulnerabilities to its bag of tricks – and researchers say they expect more attacks to be added in the future. The Purple Fox EK was previously analyzed in September, when researchers said that it appears to have been built to replace the Rig ...
- This is how EKANS ransomware is targeting industrial control systems
July 2, 2020
New samples of the EKANS ransomware have revealed how today’s cyberattackers are using a variety of methods to compromise key industrial companies. In a research report published on Wednesday, FortiGuard Labs researchers Ben Hunter and Fred Gutierrez said that malware designed to attack industrial control systems (ICS) continues to be lucrative for threat actors. While ransomware only accounted for ...
- Windows 10 background image tool can be abused to download malware
July 2, 2020
A binary in Windows 10 responsible for setting an image for the desktop and lock screen can help attackers download malware on a compromised system without raising the alarm. Known as living-off-the-land binaries (LoLBins), these files come with the operating system and have a legitimate purpose. Attackers of all colors are abusing them in post-exploitation phases ...
- TrickBot malware now checks screen resolution to evade analysis
July 1, 2020
The infamous TrickBot trojan has started to check the screen resolutions of victims to detect whether the malware is running in a virtual machine. When researchers analyze malware, they typically do it in a virtual machine that is configured with various analysis tools. Due to this, malware commonly uses anti-VM techniques to detect whether the malware is ...
- US Govt shares tips on defending against cyberattacks via Tor
July 1, 2020
The Cybersecurity and Infrastructure Security Agency (CISA) today issued guidance on how to protect against cyberattacks launched from the activity originating from or routed through the Tor anonymity network. Tor is a software enabling internet anonymity by automatically encrypt and reroute a user’s web requests through a network of Tor nodes (relay layers). Tor’s infrastructure is also used ...

