HelpSystems releases Cobalt Strike 4.7.2 to address new RCE vulnerability
Out-of-band update addresses an issue for which IBM X-Force researchers had wanted a new CVE, but which HelpSystems says is not specific to its software [300 words] What: HelpSystems on October 17 released Cobalt Strike 4.7.2, an OOB update to fix an RCE vulnerability reported to it by IBM’s X-Force threat intelligence team. IBM’s researchers […]
Read MoreCritical vulnerability puts vm2 JavaScript sandbox environments at risk of remote code execution attack
- Editor DTI
- October 11, 2022
- critical
- javascript
- oxeye
- RCE
- sandbox
- sandbreak
- vm2
- vulnerability
Key takeaway: “Although sandboxes are meant to run untrusted code within your application, you shouldn’t automatically assume that they are safe.”—Oxeye [260 words] What: Organizations using JavaScript sandbox vm2 should immediately update to version 3.9.11 of vm2. Why: A critical vulnerability (CVE-2022-36067) exists in all previous versions of vm2 that gives remote attackers a way […]
Read MoreGLPI warns of massive exploit activity targeting one of two critical flaws disclosed in Sept.
Key takeaway: Update now to latest versions of the IT asset management software. If you can’t, implement GLPIs recommended mitigation. Attackers are targeting the flaw to execute arbitrary code on insecure servers [241 words]. What: Organizations using GLPI’s free, open-source asset and IT management software platform should immediately update to versions 9.5.9 or 10.0.3. GLPi […]
Read More