Vulnerabilities | News, how-tos, features, reviews, and videos
Software providers continue to rely on community support to help them identify code mistakes that can lead to malicious attacks.
Build artifacts generated by GitHub Actions often contain access tokens that can be abused by attackers to push malicious code into projects or compromise cloud infrastructure.
Customers of Oracle subsidiary NetSuite’s ERP offering may be unaware that their custom record types grant unauthenticated access to sensitive data readily consumable via NetSuite’s APIs.
The zero-click hole, which was patched by Microsoft Tuesday, could point to far more vulnerabilities in the form-based architecture of Outlook.
Both the vulnerabilities score above 9 on CVSS and can allow access to sensitive data if not patched immediately.
Microsoft’s August Patch Tuesday covered 10 zero-day flaws, of which six are being exploited in the wild and four are publicly disclosed.
Security analyst sides with Mitre, describes flaw as ‘fantastic win for phishing campaigns.’
The company has decided not to extend these updates to its Ryzen 1000, 2000, and 3000 series processors or its Threadripper 1000 and 2000 models.
Security reseachers estimate the ‘Sinkclose’ vulnerability affects ‘hundreds of millions of laptops, desktops, and servers,’ allowing attackers to execute malicious code on the most privileged execution mode on a computer.
Attackers can gain access to AWS accounts or sensitive data by creating in advance S3 storage buckets with predictable names that will be automatically used by various services and tools.