Two security advisories have been released to address two vulnerabilities in Redis. Redis is a popular in-memory key-value database that persists on disk.
CVE-2024-46981 is a ‘use after free’ vulnerability with a CVSSv3 score of 7.0. If exploited, an authenticated attacker could use a specially crafted Lua script to achieve remote code execution. CVE-2024-51741 is an ‘improper input validation’ vulnerability with a CVSSv3 score of 4.4.
Read more…
Source: NHS Digital
Related:
- Fraudsters use AI voice manipulation to steal £200,000
September 2, 2019
Cyber criminals have used artificial intelligence (AI) and voice technology to impersonate a UK business owner, resulting in the fraudulent transfer of $243,000 (£201,000). In March this year, what is believed to be an unknown hacker group is said to have exploited AI-powered software to mimic the prominent business leader’s voice to fool his subordinate, the CEO of ...
- Google finds malicious sites pushing iOS exploits for years
August 30, 2019
Security researchers at Google said they found malicious websites that served iPhone exploits for almost three years. The attacks weren’t aimed at particular iOS users, as most iOS exploits tend to be used, but were aimed at any user accessing these sites via an iPhone. “There was no target discrimination; simply visiting the hacked site was enough ...
- Hiding in Plain Text: Jenkins Plugin Vulnerabilities
August 30, 2019
Jenkins is a widely used open-source automation server that allows DevOps developers to build, test, and deploy software efficiently and reliably. In order to make the most out of Jenkins’ modular architecture, developers make use of plugins that help extend its core features, allowing them to expand the scripting capabilities of build steps. As of writing, there ...
- FIN6 Switches Up PoS Tactics to Target E-Commerce
August 29, 2019
The group is using the More_eggs JScript backdoor to anchor its attack. The financial cybergang known as the FIN6 group, known for going after brick-and-mortar point-of-sale (PoS) data in the U.S. and Europe, has changed up its tactics to target e-commerce sites. According to researchers at IBM X-Force Incident Response and Intelligence Services (IRIS), FIN6 (a.k.a. ITG08) ...
- Patch now: Cisco IOS XE routers exposed to rare 10/10-severity security flaw
August 29, 2019
Cisco is urging customers to install updates for a critical bug affecting its popular IOS XE operating system that powers millions of enterprise network devices around the world. The bug has a rare Common Vulnerability Scoring System (CVSS) version 3 rating of 10 out of a possible 10 and allows anyone on the internet to bypass the login ...
- Exploitation of Windows CVE-2019-0708 (BlueKeep): Three Ways to Write Data into the Kernel with RDP PDU
August 29, 2019
In May 2019, Microsoft released an out-of-band patch update for remote code execution vulnerability CVE-2019-0708, which is also known as “BlueKeep” and resides in code to Remote Desktop Services (RDS). This vulnerability is pre-authentication and requires no user interaction, making it particularly dangerous as it has the unsettling potential to be weaponized into a destructive exploit. ...

