Critical Vulnerability Found in Linux Printing System CUPS
A critical vulnerability in the Common Unix Printing System (CUPS) poses a significant risk to Linux users, allowing remote attackers to hijack devices. Discovered by developer Simone Margaritelli, this flaw affects systems with the cups-browsed service enabled, enabling potential remote code execution. Users are urged to disable cups-browsed, block UDP port 631, and stay updated on security patches to mitigate risks. As the situation evolves, proactive security measures are essential for safeguarding against potential attacks.
Security Vulnerability Discovered in Arc Browser Raises Concerns
A newly identified security vulnerability in the Arc browser raises concerns for users and cybersecurity experts. This flaw could compromise user data and privacy, prompting urgent updates and security measures. As the developers work on a fix, users are advised to adopt best practices for online security to mitigate risks.
Critical Zero-Click RCE Vulnerability Discovered in Microsoft Outlook Applications
Discover the critical vulnerability CVE-2024-38021 impacting Microsoft Outlook applications, allowing zero-click remote code execution. Learn about the risks posed, the timeline of events, and the importance of immediate action to deploy patches and enhance email security measures.
Millions of OpenSSH Servers at Risk Due to Newly Disclosed Vulnerability
Millions of OpenSSH servers are at risk of a newly disclosed vulnerability, regreSSHion (CVE-2024-6387), allowing unauthenticated remote code execution. Exploiting a signal handler race condition in ‘sshd’, attackers can gain root privileges on glibc-based Linux systems. With over 14 million potentially vulnerable instances, organizations must address this critical threat promptly to prevent system takeovers and malware installations.
Microsoft Addresses Dangerous DNSSEC Flaws
Microsoft recently addressed a dangerous DNSSEC zero-day flaw, CVE-2023-50868, affecting a third-party DNSSEC mechanism called NSEC3. The delay in releasing a fix raised questions about Microsoft’s response time. Researchers also discovered another serious DNSSEC flaw, ‘KeyTrap’ (CVE-2023-50387), capable of impacting up to 31% of all DNS servers. Both vulnerabilities allow attackers to overload DNS resolvers’ CPU cycles, leading to unresponsiveness and facilitating DNS cache poisoning.
Cisco Reports Critical Vulnerability in Widely-Used Software
Cisco has reported a critical vulnerability in some of its widely-used software, urging users to patch their endpoints immediately. The flaw, tracked as CVE-2024-20253, carries a severity score of 9.9/10 and was first discovered by security researcher Julien Egloff of…