All posts tagged: exploited

Microsoft Patches One Actively Exploited Vulnerability, Among Others

Microsoft Patches One Actively Exploited Vulnerability, Among Others

Published by Webster

December brought a relatively mild Patch Tuesday, with one vulnerability having been actively exploited. Of all 70 vulnerabilities fixed, 16 were classified as critical. “This year, cybersecurity professionals must be on Santa’s nice list, or, at the very least, Microsoft’s,” Tyler Reguly, associate director of security R&D at cybersecurity software and services company Fortra, told TechRepublic in an email. Microsoft patches leaky CLFS CVE-2024-49138 is an elevation of privilege vulnerability in the Windows Common Log File System (CLFS) driver. The driver is a key element of Windows used to write transaction logs. Misuse of the driver, specifically through improper bounds checking, could let an attacker gain SYSTEM privileges. From there, they could steal data or install backdoors. “Given that CLFS is a standard component across multiple versions of Windows, including server and client installations, the vulnerability has extensive reach, especially in enterprise environments,” Mike Walters, president and co-founder of Action1, said in an email to TechRepublic. Addressing this vulnerability should be a high priority since it has already been exploited. Microsoft has released patches for …

Mani Ratnam’s wife Suhasini says women in cinema are being ‘exploited’ in the name of freedom of expression

Mani Ratnam’s wife Suhasini says women in cinema are being ‘exploited’ in the name of freedom of expression

Published by Parlour News

Ace filmmaker Mani Ratnam’s wife Suhasini recently made a shocking revelation on how women in the film industry are being “exploited.” In an interview with Mathrubhumi, the actress said that many artists are adopting the misguided notion that exposing skin equates to liberation. She further criticized the influence of “western” ideals on Indian cinema. During the interview, Suhasini Maniratnam shared her perspective on the representation of women in contemporary cinema. She pointed out that there is a significant emphasis on skin exposure and intimate scenes as a result of Western trends.  Mani Ratnam’s wife said, “There is a lot of freedom in skin exposure and close scenes because we’re copying the West and we don’t mind doing sensuous scenes. From the directors to the artists, they are a little more liberalized (now). We are again back to the exploitation of women. Women are doing this willingly, whether it is body exposure or close (intimate) scenes.” Suhasini mentioned that previously, to keep up in the competitive film industry, artists felt pressured to perform scenes they didn’t …

Firefox Update Patches Exploited Vulnerability

Firefox Update Patches Exploited Vulnerability

Published by Webster

Mozilla, the company behind the browser Firefox, issued a fix on Wednesday for a zero-day vulnerability they say has been exploited. NIST lists the vulnerability as CVE-2024-9680, and its status as “awaiting analysis.” Firefox users should update to the latest version of the browser and of the extended support releases to protect their systems from potential attacks. Due to widespread use of Firefox, this issue poses a significant risk, particularly for systems that haven’t been updated. No specific details about the attackers or exploitation methods have been released, but possible attack vectors include drive-by downloads or malicious websites. Use-after-free flaw highlights cracks in memory-unsafe programming languages The attacker found the use-after-free flaw in Animation timelines, part of an API that displays animations on web pages. A use-after-free bug occurs when a connection in dynamic memory is left open after already being used. It can stem from code written in a programming language that doesn’t use automatic memory management, such as C or C++. The U.S. government’s recommendation away from memory-unsafe languages is an attempt to …

Google Chrome Updated With Patch for Nasty Zero-Day Vulnerability Exploited by Attackers

Published by Webster

Google Chrome has been updated with fixes for a zero-day security flaw that was being actively exploited in the wild, according to the search giant. The vulnerability affects a component in Chrome that renders web content on a user’s screen, allowing attackers to take advantage of a user’s computer when a user visits a maliciously crafted website. Chrome users on all desktop computer platforms will need to ensure that their browser is updated to the latest version in order to ensure that they are safe. According to details shared by the company in a blog post, the latest stable versions of Google Chrome for Windows, macOS, and Linux includes a fix for a security flaw with a ‘High’ severity rating. Google says it has patched a use after free vulnerability (CVE-2024-4671) is related to the Visuals component on Chrome, reported by an anonymous external researcher. A use after free vulnerability would allow an attacker to access out-of-bounds-memory when a user visits a malicious crafted webpage, by taking advantage of the vulnerability. This would allow them …

New Vulnerabilities in ConnectWise ScreenConnect Massively Exploited by Attackers

Published by Webster

Two new vulnerabilities impact ConnectWise ScreenConnect, remote desktop and access software used for support: CVE-2024-1709 and CVE-2024-1708, with the former being particularly dangerous for organizations. The CVE-2024-1709 vulnerability, which affects ScreenConnect 23.9.7 and prior, allows any remote attacker to bypass authentication to delete the ScreenConnect user database and get control of an admin user. Massive exploitation by attackers is ongoing in the wild, with more than 3,000 vulnerable instances reachable from the internet. Security companies have observed ransomware, information stealers and Cobalt Strike payloads, to name a few, being installed after successful exploitation of the vulnerability. The CVE-2024-1708 vulnerability, which is not as severe as CVE-2024-1709, allows path traversal, which enables an attacker to access files and directories that should not be accessible. Technical details about the ScreenConnect CVE-2024-1709 vulnerability U.S.-based cybersecurity company Huntress released technical details about the ScreenConnect CVE-2024-1708 and CVE-2024-1709 vulnerabilities, the latter being particularly dangerous because a simple request to a special path on exposed instances allows an attacker to connect to the setup wizard of the instance (Figure A). Figure …

Producer Vipul Shah Calls The Story Of Four Women The ‘The Voice Of Thousands Of Women’ Who Have Been ‘Exploited For Terrorism’

Published by Webster

Vipul Shah: ‘The Kerala Story’ aims to become voice of thousands of women ( Photo Credit – Instagram ) Film director and producer Vipul Amrutlal Shah talked about his film ‘The Kerala Story’, in which actress Adah Sharma plays the role of Fathima Ba, a Hindu Malayali nurse who is among the 32,000 women who went missing from Kerala and were then recruited to the ISIS (Islamic State of Iraq and Syria) after being forced to convert to Islam. As the story is based on true events, Vipul said that it involved a lot of research, and it is an attempt to bring out the truth in front of everyone. Vipul Shah said, “The film is an amalgamation of years of research and true stories which have never been dared to be told before, it will uncover many hidden truths that have been hidden for long. It will uncover the dangerous threat radicalisation poses to the women of our nation and will create awareness about this conspiracy being hatched against India.” Directed by Sudipto Sen, …

Two levels of protection, but Aravallis still heavily exploited | Latest News India

Published by Webster

Chandigarh Much of the Aravallis in Haryana have two levels of protection. They are village commons of Gair Mumkin Pahar. Then, in August 1992, the state passed an order under Section 4 of Punjab Land Preservation Act (PLPA), which essentially provides protection to green areas and allows restricted development. Yet, over the years, in Faridabad and Gurugram, a large number of farmhouses, colonies, buildings, wedding halls, schools, even engineering colleges have come up on forest or commons land. According to a June 15, 2020 report by a committee headed by the Faridabad deputy commissioner, about 5,011 hectares of area closed off under sections 4 and 5 of PLPA overlapped with an area of about 7,929 hectares under Gair Mumkin Pahar in Faridabad district, meaning that 5,011 hectares of Gair Mumkin Pahar in Faridabad is under sections 4 and 5 of PLPA, which means it is doubly protected. Another report by a committee headed by the Gurugram deputy commissioner in 2020 said that out of 11,375 hectares of Gair Mumkin Pahar in the district, about 6,824 …