Security News

Friday Squid Blogging: Unpatched Vulnerabilities in the Squid Caching Proxy
2023-11-17 22:01

In a rare squid/security post, here's an article about unpatched vulnerabilities in the Squid caching proxy. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities
2023-11-15 05:46

Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023, including three vulnerabilities that have come under active exploitation in the wild. Of...

Google Offers Bug Bounties for Generative AI Security Vulnerabilities
2023-10-31 19:36

Google joins OpenAI and Microsoft in rewarding AI bug hunts. Google expanded its Vulnerability Rewards Program to include bugs and vulnerabilities that could be found in generative AI. Specifically, Google is looking for bug hunters for its own generative AI, products such as Google Bard, which is available in many countries, or Google Cloud's Contact Center AI, Agent Assist.

Alert: PoC Exploits Released for Citrix and VMware Vulnerabilities
2023-10-25 04:47

Virtualization services provider VMware has alerted customers to the existence of a proof-of-concept (PoC) exploit for a recently patched security flaw in Aria Operations for Logs. Tracked as...

Cisco Patches 2 Dangerous Zero-Day Vulnerabilities
2023-10-24 20:55

Cisco has patched two zero-day vulnerabilities that exposed Cisco IOS XE system software hosts to attackers. These vulnerabilities affected devices running the Cisco IOS XE software, such as routers and switches.

Webinar: Tackle compiler-born vulnerabilities
2023-10-18 02:45

In the pursuit of optimized performance, modern compilers employ sophisticated techniques, translating high-level source code into efficient, executable programs. Unbeknownst to many, these obscure threats can counteract safety measures and render a seemingly secure application vulnerable post-compilation.

Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software
2023-10-17 14:37

Two critical security flaws discovered in the open-source CasaOS personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible...

CISA shares vulnerabilities, misconfigs used by ransomware gangs
2023-10-13 14:55

The U.S. Cybersecurity and Infrastructure Security Agency has unveiled additional details regarding misconfigurations and security vulnerabilities exploited by ransomware gangs, aiming to help critical infrastructure organizations thwart their attacks. Since its inception, CISA's RVWP has identified and shared details of over 800 vulnerable systems with internet-accessible vulnerabilities frequently targeted by various ransomware operations.

curl vulnerabilities ironed out with patches after week-long tease
2023-10-11 10:05

Described by curl project founder and lead developer Daniel Stenberg as "Probably the worst curl security flaw in a long time," the patches address two separate vulnerabilities: CVE-2023-38545 and CVE-2023-38546. We now know the first vulnerability, CVE-2023-38545, is a heap-based buffer overflow flaw that affects both libcurl and the curl tool, carrying a severity rating of "High." Possible outcomes of such issues include the corruption of data and, in the worst cases, the execution of arbitrary code.

Supermicro's BMC Firmware Found Vulnerable to Multiple Critical Vulnerabilities
2023-10-06 06:02

Multiple security vulnerabilities have been disclosed in the Intelligent Platform Management Interface (IPMI) firmware for Supermicro baseboard management controllers (BMCs) that could result in...