Elevation of Privileges
Google fixes two Android zero-days used in targeted attacks
Google fixed two actively exploited Android zero-day flaws as part of its November security updates, addressing a total of 51 vulnerabilities. Tracked as CVE-2024-43047 and CVE-2024-43093, the two issues are marked as exploited in limited, targeted attacks. “There are indications that the following may be under limited, targeted exploitation,” says Google’s advisory. The CVE-2024-43047 flaw is […]
LiteSpeed Cache WordPress plugin bug lets hackers get admin access
The free version of the popular WordPress plugin LiteSpeed Cache has fixed a dangerous privilege elevation flaw on its latest release that could allow unauthenticated site visitors to gain admin rights. LiteSpeed Cache is a caching plugin used by over six million WordPress sites, helping to speed up and improve user browsing experience. The newly discovered high-severity flaw […]
VMware fixes bad patch for critical vCenter Server RCE flaw
VMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not correctly fixed in the first patch from September 2024. The flaw is rated critical (CVSS v3.1 score: 9.8) and stems from a heap overflow weakness in vCenter’s DCE/RPC protocol implementation, impacting the vCenter Server and […]
Iranian hackers now exploit Windows flaw to elevate privileges
The Iranian state-sponsored hacking group APT34, aka OilRig, has recently escalated its activities with new campaigns targeting government and critical infrastructure entities in the United Arab Emirates and the Gulf region. In these attacks, spotted by Trend Micro researchers, OilRig deployed a novel backdoor, targeting Microsoft Exchange servers to steal credentials, and also exploited the Windows […]