More info Infostealers evade XProtect protection in macOS SentinelOne's team of researchers have published a report in which they analyze three examples of infostealers that have the ability to evade the security solution built into macOS operating systems called XProtect. Although Google is aware of the exploits used in attacks, it has not provided further details on these incidents. In addition to this vulnerability, Google has also patched other flaws, such as CVE-2024-0517 and CVE-2024-0518, which allowed arbitrary code execution on compromised devices. The vulnerability, known as CVE-2024-0519, is due to an out-of-bounds memory access weakness in Chrome's V8 JavaScript engine, which could allow attackers to access sensitive data or cause crashes. The company has fixed the flaw for Windows, Mac and Linux users. More info New actively exploited 0-day in Chrome fixed Google has released security updates to fix the first 0-day vulnerability in Chrome that has been exploited since the beginning of the year. Shadowserver reports that around 1,500 assets are exposed on the network. Also, the devices must be configured as a gateway or AAA virtual server to be vulnerable to DoS attacks. It should be noted that code execution requires attackers to log into low-privileged accounts with access to NSIP, CLIP or SNIP of the management interface. The security flaws registered as CVE-2023-6548, CVSSv3 of 5.5 and CVE-2023-6549, CVSSv3 of 8.2 according to the company, affect the NetScaler administration interface and their exploitation could lead to remote code execution and denial of service attacks, respectively. Citrix 0-day vulnerabilities actively exploited Citrix has issued a security advisory warning about the exploitation of two 0-day vulnerabilities affecting its NetScaler ADC and NetScaler Gateway products.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |