Tenable has identified a privilege escalation vulnerability in Google Cloud Run called ImageRunner. The vulnerability could have allowed attackers to bypass permissions, gain unauthorised access to container images and potentially expose sensitive data. Cloud Run, Google’s serverless container platform, uses a service agent with elevated permissions to pull private Google ContainerRead More…
Positive Technologies announced that its PT SWARM expert Arseniy Sharoglazov identified the CVE-2024-28059 (BDU:2024-01648) vulnerability in MyQ Print Server, a printing management solution, which might have resulted in the interception of sensitive documents and breachesRead More…
ESET researchers have discovered a vulnerability, affecting the majority of UEFI-based systems, that allows actors to bypass UEFI Secure Boot. This vulnerability, assigned CVE-2024-7344, was found in a UEFI application signed by Microsoft’s “Microsoft CorporationRead More…
ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). It was being exploited by APT-C-60, a South Korea-aligned cyberespionage group, to target East Asian countries.Read More…
Tenable has disclosed that its Tenable Cloud Research Team has discovered a high severity vulnerability in Azure that affects more than 10 Azure services, including Azure Application Insights, Azure DevOps, Azure Machine Learning, Azure API Management and Azure Logic Apps. Microsoft does not plan to issueRead More…
Yealink has thanked Positive Technologies for discovering the critical vulnerability BDU:2024-00482 in its Yealink Meeting Server videoconferencing system. Yealink is a prominent VoIP provider and is among five major online conferencing vendors. Its products are used in 140 countries. The vendor was notified of the threat per the responsible disclosure policy and released a software patch.Read More…
The Technology Innovation Institute (TII), a leading global scientific research center and the applied research pillar of Abu Dhabi’s Advanced Technology Research Council (ATRC), and Raelize, a globally-renowned cybersecurity entity, have reported a new vulnerability in Espressif’s ESP32 revision v3.0.Read More…
Qualys has announced it acquired the assets of Blue Hexagon. This brings AI/machine learning (AI/ML) to the Qualys Cloud Platform to help convert petabytes of highly integrated data into meaningful insights for customers. This acquisition will enable Qualys to leverage its powerful Cloud Platform and its more than 10 trillionRead More…
