Five vulnerabilities have been discovered within the RSync utility. RSync is a popular tool for transferring and synchronising files between different systems. RSync is commonly used in Unix-like operating systems.
- CVE-2024-12084 is a ‘heap-based buffer overflow’ vulnerability, with a CVSSv3 score of 9.8. When used alongside CVE-2024-12085, attackers could gain remote code execution (RCE).
- CVE-2024-12085 is an ‘improper restriction of operations within the bounds of a memory buffer’ vulnerability, with a CVSSv3 score of 7.5. When used alongside CVE-2024-12084, attackers could gain RCE.
Read more…
Source: NHS Digital
Related:
- Over 80 Cisco Products Affected by FragmentSmack DoS Bug
September 25, 2018
Cisco is currently looking into its product line to determine which products and services use Linux kernel 3.9 or above, which is vulnerable to the FragmentSmack denial-of-service (DoS) bug. The networking hardware manufacturer already assembled a list of more than 80 products that are affected by the vulnerability. Many of them expect a fix by February ...
- macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files
September 24, 2018
A security researcher shows on Mojave’s release day that Apple’s latest privacy protection implementations in macOS are not sufficiently strong. In a minute-long clip, Patrick Wardle shows that the security in the dark-themed macOS can be bypassed to reach sensitive user data, such as the information in the address book. Talking to BleepingComputer, Wardle says that he ...
- Adwind RAT Scurries By AV Software With New DDE Variant
September 24, 2018
A newly-discovered spam campaign is spreading the Adwind 3.0 remote-access tool (RAT) – and using a fresh take on the Dynamic Data Exchange (DDE) code-injection technique for anti-virus evasion. The spam campaign features two types of droppers that leverage a new variant to the already-known DDE code-injection attack on Microsoft Excel – enabling them to bypass ...
- New Virobot malware works as ransomware, keylogger, and botnet
September 21, 2018
A newly discovered malware strain is a multi-tasking threat that besides working as ransomware and encrypting users’ files, it can also log and steal their keystrokes, and add infected computers to a spam-sending botnet. This new threat is named Virobot and appears to be under development, and comprised of multiple components that allow it to work ...
- Major Irish utility networks vulnerable to cyber attacks set to have security increased
September 19, 2018
Our water supplies, electricity and gas grids and phone networks are all vulnerable to cyber-attacks from tech-terrorists and are about to have their security beefed-up. That is because all of our utilities and essential State services are in some way or another reliant on digital technology, which in turn makes them vulnerable to digital attack. Minister Denis ...
- Cybercrime: Ransomware remains a ‘key’ malware threat says Europol
September 18, 2018
Targeted attacks replace spam campaigns, but Europol’s annual cybercrime report also warns that cryptojacking malware “may overtake ransomware as a future threat”. Ransomware remains the top malware threat to organisations, causing millions of dollars of damage and remaining a potent tool for cyber criminals and nation-state attackers. The rise of highly targeted file-locking malware campaigns and the ...