Proof-of-Concept Exploit Released for CVE-2024-53691 in QNAP QTS and QuTS NAS

QNAP has released a security advisory addressing three vulnerabilities in the QTS and QuTS products. QTS and QuTS are the operating system for QNAP Network-attached storage (NAS) appliances. CVE-2023-39298 is a ‘Missing authorisation’ vulnerability with a CVSSv3 score of 7.8. Read More …

Proof-of-Concept Released for Critical Apache Struts Vulnerability

Apache has released a security bulletin addressing a critical vulnerability in Apache Struts 2. Apache Struts is an open-source model-view-controller (MVC) framework for creating Java web applications. CVE-2024-53677 is a ‘Unrestricted Upload of File with Dangerous Type’ vulnerability and has Read More …

Exploitation of critical path traversal vulnerability (CVE-2024-41713) and 0-day path traversal vulnerability (CVE-2024-55550) in Mitel MiCollab

After proof-of-concept technical details were published on 5 December 2024 for CVE-2024-41713 and CVE-2024-55550, exploitation activity chaining these two Mitel MiCollab vulnerabilities has been reported. MiCollab is a cloud-based platform that integrates chat, voice, video, and SMS messaging for teams. Read More …

Don’t Hold Down The Ctrl Key – New Warning As Cyber Attacks Confirmed

Just as security professionals will tell you that layered defensive strategies are the best when it comes to staving off successful attacks, so attackers will often look to precisely the same when executing their cyber attacks. Two-step phishing attacks have, Read More …

Critical CyberPanel Vulnerability (CVE-2024-51378): How to Stay Protected

The SonicWall Capture Labs threat research team became aware of CVE-2024-51378, assessed its impact and developed mitigation measures for the vulnerability. CVE-2024-51378 is a critical vulnerability with a CVSS score of 9.8 in CyberPanel versions 2.3.6 and 2.3.7 that allows Read More …

Meta Glasses can be used to dox strangers via facial recognition

Two Harvard students have created a privacy nightmare, according to 404 Media. Real-time facial recognition smart glasses, which pull up names, contacts, addresses, and more about a complete stranger just by looking at them. The students – AnhPhu Nguyen and Read More …

Cybersecurity researchers spotlight a new ransomware threat – be careful where you upload files

Today’s browsers are almost operating systems unto themselves. They can run software programs and encrypt files. These capabilities, combined with the browser’s access to the host computer’s files – including ones in the cloud, shared folders and external drives – Read More …

Sneaky GPU.zip technique steals sensitive information from your graphics card

Researchers from four top American universities have uncovered a new way for threat actors to sneakily access visual information from your graphics card while you’re online and browsing certain websites. The researchers call this threat “GPU.zip,” because it takes advantage Read More …

The sound of you typing on your keyboard could reveal your password

As if password authentication’s coffin needed any more nails, researchers in the UK have discovered yet another way to hammer one in. The technique, developed at Durham University, the University of Surrey, and Royal Holloway University of London, builds on Read More …