command injection

CISA and FBI Issue Alert on OS Command Injection Vulnerabilities

| | CISA Advisory, CISA Threat Update, Cisco Vulnerabilities, command injection, Command Injection Vulnerability, FBI alert, FBI warning, Ivanti Vulnerabilities, Linux & Open Source News, MITRE ATTACK, OS command injection, OS command injection prevention, OS command injection vulnerabilities, Palo Alto Networks, secure by design, Secure by Design Alert
CISA and FBI issued a critical advisory on July 10, 2024, urging software companies to review their products and eliminate OS command injection vulnerabilities at the source. This urgent call comes in ...
TuxCare

Kubernetes RCE Vulnerability Allows Remote Code Execution

| | Akamai, command injection, CVE-2023-5528, CVSS score, Cybersecurity Mitigation, Cybersecurity News, Cybersecurity Vulnerabilities, Kubernetes, Kubernetes Clusters, Kubernetes Exploits, Kubernetes Security, Remote Code Execution (RCE), Tomer Peled, vulnerability discovery, Windows security, YAML Files
Tomer Peled, an Akamai cybersecurity security researcher, recently discovered a Kubernetes RCE vulnerability that allows threat actors to remotely execute code on Windows endpoints. Not only this but the threat actors can ...
TuxCare

Securing Networks: Addressing pfSense Vulnerabilities

| | command injection, CVE-2023-42325, CVE-2023-42326, CVE-2023-42327, Cybersecurity, Cybersecurity Best Practices, Cybersecurity News, Digital Threats, firewall, Microsoft Visual Studio Code, mitigation, Netgate, network infrastructure, Network Security, npm integration, Patch Tuesday updates, patching, pfsense, pfSense CE, pfSense Plus, proactive security measures, Remote Code Execution, resolution, responsible disclosure, security risks, Sonar, Vulnerabilities, XSS
In recent findings by Sonar, critical security vulnerabilities have emerged within the widely-used open-source Netgate pfSense firewall solution, potentially exposing susceptible appliances to unauthorized command execution. These pfSense vulnerabilities, comprising two reflected ...
TuxCare
insider threat

Serious Vulnerability Found in Lifesize Business Videoconferencing Devices

| | command injection, default credentials, device hacking, firmware, Lifesize, Privilege Escalation, videoconferencing
A security researcher from security firm Trustwave has found a vulnerability that could allow hackers to take over videoconferencing devices made by Lifesize. Some of the affected products have reached end-of-sale or ...
Security Boulevard
cyber attacks

Not All Macs Get Firmware Security Fixes, Researchers Find

| | Apple, command injection, cross-site scripting, EFI, Extensible Firmware Interface, firmware update, firmware vulnerability, iMac, Mac update, Macbook, macos, Malware, Netgear, OS X, Privilege Escalation, ReadyNAS, Remote Code Execution, router security, Thunderstrike
An investigation by researchers from Duo Security revealed that Apple does not consistently release security patches for known vulnerabilities in the low-level firmware code of its Mac computers. When it does, the patches ...

How I hacked my IP camera, and found this backdoor account

| | camera, command injection, Hack, iot, ipcamera, junk hacking
The time has come. I bought my second IoT device - in the form of a cheap IP camera. As it was the most affordable among all others, my expectations regarding security ...
Jump ESP, jump!