Lifeboat Foundation

A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes more than 100,000 websites to remote code execution attacks.

The flaw, tracked as CVE-2024–5932 (CVSS score: 10.0), impacts all versions of the plugin prior to version 3.14.2, which was released on August 7, 2024. A security researcher, who goes by the online alias villu164, has been credited with discovering and reporting the issue.

The plugin is “vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the ‘give_title’ parameter,” Wordfence said in a report this week.

A widely used security protocol that dates back to the days of dial-up internet has vulnerabilities that could expose large numbers of networked devices to an attack and allow an attacker to gain control of traffic on an organization’s network.

A research team led by University of California San Diego computer scientists investigated the Remote Authentication Dial-In User Service (RADIUS) protocol and found a vulnerability they call Blast-RADIUS that has been present for decades. RADIUS, designed in 1991, allows networked devices such as routers, switches or mobile roaming gear to use a remote server to validate login or other credentials.

This is a common set-up in enterprise and telecommunications networks because it allows credentials to be centrally managed. As a result, RADIUS is a critical part of modern telecommunications and enterprise networks; in large enterprises, it may control access to tens of thousands of switches.

According to user reports following this month’s Patch Tuesday, the August 2024 Windows updates are breaking dual boot on Linux systems with Secure Boot enabled.

This issue is caused by Microsoft’s decision to apply a Secure Boot Advanced Targeting (SBAT) update to block Linux boot loaders unpatched against the CVE-2022–2601 GRUB2 Secure Boot bypass vulnerability, which could “have an impact on Windows security.”

“The vulnerability assigned to this CVE is in the Linux GRUB2 boot loader, a boot loader designed to support Secure Boot on systems that are running Linux,” Microsoft says in an advisory published last week to address this issue.

Security researchers disclosed PoC exploit codes for three vulnerabilities (CVE-2023–4206, CVE-2023–4207, and CVE-2023–4208) in the Linux kernel, impacting versions v3.18-rc1 to v6.5-rc4. These “use-after-free” vulnerabilities within the net/sched component could allow local privilege escalation, enabling attackers to gain unauthorized control over affected systems. The vulnerabilities have been given a CVSS score of 7.8, indicating their high severity.

Researchers at the University of Houston unveiled an advancement in X-ray imaging technology that could provide significant improvements in medical diagnostics, materials and industrial imaging, transportation security and other applications.

Microsoft on Tuesday shipped fixes to address a total of 90 security flaws, including 10 zero-days, of which six have come under active exploitation in the wild.

Of the 90 bugs, seven are rated Critical, 79 are rated Important, and one is rated Moderate in severity. This is also in addition to 36 vulnerabilities that the tech giant resolved in its Edge browser since last month.

The Patch Tuesday updates are notable for addressing six actively exploited zero-days.

Ivanti releases critical security updates for vTM and Neurons for ITSM to fix vulnerabilities allowing unauthorized access. Update immediately.

Unlike classical encryption, which relies on mathematical algorithms, quantum encryption assures security based on physical principles. Detection of espionage or interference is guaranteed by unavoidable alteration of the quantum states involved.

A very dangerous position to be in the world community of scientist should gather in agreement those friendly to the values and principles of democracy to advance science for the good humanity and freedom.

The U.S. sorely needs a coordinated national research strategy, says Marcia McNutt, president of the U.S. National Academy of Sciences.

By Saima S. Iqbal

Continue reading “American Science is in Dangerous Decline while Chinese Research Surges, Experts Warn” »