NCERT | National Computer Emergency Response Team Philippines

regreSSHion, CVE-2024-6387 Remote Code Execution (RCE) vulnerability in OpenSSH’s server

The Qualys Threat Research Unit (TRU) discovered an unauthenticated Remote Code Execution (RCE) vulnerability in OpenSSH’s server (sshd) in glibc-based Linux systems that grants full root access. It affects the default configuration and does not require user interaction.This vulnerability is a regression of the previously patched vulnerability CVE-2006-5051, reported in 2006. Qualys Threat Researchers says that it continue reading : regreSSHion, CVE-2024-6387 Remote Code Execution (RCE) vulnerability in OpenSSH’s server

PHP CGI Argument Injection Vulnerability (CVE-2024-4577)

Researchers at DEVCORE found a serious vulnerability in PHP that could allow attackers to remotely execute malicious code on affected servers. Due to PHP’s widespread use and the simplicity of exploiting this flaw, DEVCORE classified it as critical and swiftly reported it to the PHP development team. A fix was released on June 6th, 2024. continue reading : PHP CGI Argument Injection Vulnerability (CVE-2024-4577)

Actively Exploited Zero-Day Vulnerability in Google Chrome (CVE-2024-5274)

Recently, after Google released a security update to fix CVE-2024-4671, another security update has been released: Chrome Version 124.0.6367.201/.202 for Mac and Windows and 124.0.6367.201 for Linux to address a zero-day vulnerability tracked as CVE-2024-5274. Based on the official site for Chrome updates, “Google is aware that an exploit for CVE-2024-5274 exists in the wild”. continue reading : Actively Exploited Zero-Day Vulnerability in Google Chrome (CVE-2024-5274)

Microsoft Releases May 2024 Patch Tuesday Security Updates

Microsoft has released its May 2024 Patch Tuesday security updates to fix 60 vulnerabilities across its products, including two vulnerabilities that were detected being exploited in the wild. Tracked as CVE-2024-30051, the first exploited vulnerability is in the Windows DWM Core Library and could allow an adversary to gain SYSTEM-level privileges. Additionally, based on the continue reading : Microsoft Releases May 2024 Patch Tuesday Security Updates

Actively Exploited Zero-Day Vulnerability in Google Chrome (CVE-2024-4671)

Google has released Chrome Version 124.0.6367.201/.202 for Mac and Windows and 124.0.6367.201 for Linux to address a zero-day vulnerability tracked as CVE-2024-4671. Based on the official site for Chrome updates, “Google is aware that an exploit for CVE-2024-4671 exists in the wild”. _____________________________ A. Nature of the Vulnerability CVE-2024-4671 Use after free in Visuals in continue reading : Actively Exploited Zero-Day Vulnerability in Google Chrome (CVE-2024-4671)