New Cyberattack Method ‘Open Sesame’ Exposes Vulnerabilities in Ruijie Networks’ IoT Devices
At Black Hat Europe 2024, researchers from Claroty Team82 revealed a critical cyberattack method named ‘Open Sesame,’ exploiting vulnerabilities in Ruijie Networks’ Reyee cloud management platform. This discovery, affecting thousands of IoT devices globally, underscores the urgent need for robust security measures in cloud-connected environments. With ten vulnerabilities identified, including three rated critical, organizations must prioritize cybersecurity to protect against potential remote code execution attacks.
Critical Vulnerability Found in Linux Printing System CUPS
A critical vulnerability in the Common Unix Printing System (CUPS) poses a significant risk to Linux users, allowing remote attackers to hijack devices. Discovered by developer Simone Margaritelli, this flaw affects systems with the cups-browsed service enabled, enabling potential remote code execution. Users are urged to disable cups-browsed, block UDP port 631, and stay updated on security patches to mitigate risks. As the situation evolves, proactive security measures are essential for safeguarding against potential attacks.
Security Vulnerability Discovered in Arc Browser Raises Concerns
A newly identified security vulnerability in the Arc browser raises concerns for users and cybersecurity experts. This flaw could compromise user data and privacy, prompting urgent updates and security measures. As the developers work on a fix, users are advised to adopt best practices for online security to mitigate risks.
CERT-IN Warns of Critical Vulnerabilities in Google Chrome
CERT-IN warns of critical vulnerabilities in Google Chrome that could expose users to remote attacks. Users are urged to update to version 128.0.6613.119 or newer to safeguard their systems against these serious ‘use after free’ vulnerabilities, which could allow unauthorized access. Stay secure by practicing good cybersecurity habits and keeping software up to date.
CISA Warns of Exploited Twilio Authy Vulnerability
The U.S. CISA has issued a cybersecurity alert regarding a critical vulnerability in Twilio’s Authy service (CVE-2024-39891), which is being actively exploited. This information disclosure issue affects Authy app versions on Android and iOS, allowing unauthorized access to sensitive phone numbers. Twilio urges users to update their apps immediately to prevent potential phishing attacks. Organizations are advised to take these warnings seriously and enhance their security measures to protect sensitive data.
Critical Zero-Click RCE Vulnerability Discovered in Microsoft Outlook Applications
Discover the critical vulnerability CVE-2024-38021 impacting Microsoft Outlook applications, allowing zero-click remote code execution. Learn about the risks posed, the timeline of events, and the importance of immediate action to deploy patches and enhance email security measures.
Security Vulnerability Discovered in Sleep Number Beds
Discover the potential security vulnerability in Sleep Number beds uncovered by computer engineer Dillan Mills. Find out how Mills found a backdoor-like connection that allows remote access to the bed’s control hub, raising concerns about privacy and security. Learn how users can take control of their bed’s network connectivity to mitigate the risk of unauthorized access.
GitLab Releases Updates to Address Dozens of Vulnerabilities
GitLab has released updates to address over a dozen vulnerabilities in its Community Edition and Enterprise Edition software, including a critical bug that could allow for automated pipeline execution. Organizations are urged to update to versions 17.1.1, 17.0.3, and 16.11.5 to mitigate security risks.
Millions of OpenSSH Servers at Risk Due to Newly Disclosed Vulnerability
Millions of OpenSSH servers are at risk of a newly disclosed vulnerability, regreSSHion (CVE-2024-6387), allowing unauthenticated remote code execution. Exploiting a signal handler race condition in ‘sshd’, attackers can gain root privileges on glibc-based Linux systems. With over 14 million potentially vulnerable instances, organizations must address this critical threat promptly to prevent system takeovers and malware installations.
U.S. Government Issues Critical Warning to Google Pixel Users About Firmware Vulnerability
U.S. government issues critical warning to Google Pixel users about CVE-2024-32896 firmware vulnerability, urging immediate action before July 4 deadline. GrapheneOS highlights risk extends beyond Pixels, emphasizing need for prompt updates and vigilance to mitigate potential security risks.