-
CVE-2024-54010 – Aruba Networking CX 10000 Series Switches ICMP and UDP Packet Forwarding Vulnerability
CVE ID : CVE-2024-54010 Published : Jan. 8, 2025, 9:15 p.m. | 29 minutes ago Description : A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against the ICMP and UDP protocol. For this attack to be…
-
CVE-2024-12431 – GitLab Unauthorized Issue Status Manipulation
CVE ID : CVE-2024-12431 Published : Jan. 8, 2025, 9:15 p.m. | 29 minutes ago Description : An issue was discovered in GitLab CE/EE affecting all versions starting from 15.5 before 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1, in which unauthorized users could manipulate the status of issues in public projects. Severity: 4.3 | MEDIUM…
-
CVE-2024-12854 – “WordPress Garden Gnome Package Plugin Remote Code Execution File Upload Vulnerability”
CVE ID : CVE-2024-12854 Published : Jan. 8, 2025, 10:15 a.m. | 11 hours, 29 minutes ago Description : The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts ‘ggpkg’ files that have been uploaded in all versions up to, and including,…
-
CVE-2024-12853 – WordPress Modula Image Gallery Remote File Upload Vulnerability
CVE ID : CVE-2024-12853 Published : Jan. 8, 2025, 10:15 a.m. | 11 hours, 29 minutes ago Description : The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 2.11.10. This makes it possible for authenticated…
-
The Best, the Worst and the Ugliest in Cybersecurity | 2024 Edition
Before we ring in the New Year, SentinelOne reviews and reflects on some of the most formative cyber news stories that occurred in 2024. It’s almost time to wave goodbye to the year that was 2024, and as we look ahead to 2025 and the challenges that might bring, now is a good time to…
-
AWS re:Invent 2024 Highlights | Empowering Customers Through Innovations & Security in Cloud
Learn about the latest technologies and innovations for cloud, container, and data security revealed at AWS re:Invent 2024. Last week marked another action-packed year at AWS re:Invent for the SentinelOne Team. Year after year, a consistent highlight from the event is the strong sense of community it builds with people from different backgrounds, geographies, and…
-
Cybersecurity 2025 | Preparing for Tomorrow’s Threats, Challenges and Strategic Shifts
Explore SentinelLabs’ take on what 2025 may bring for cybersecurity, including emerging trends and actionable insights. Crystal balls are notoriously fragile, and those who look into them are wise not to become fixated with the shadows cast by their refracted light, yet no business can function without some meaningful sense of what the future might…
-
Securing AWS Lambda | How Misconfigurations Can Lead to Lateral Movement
Learn how several misconfigurations and user-defined code issues in AWS Lambda could lead to potential credential theft and lateral movement. As serverless computing continues to revolutionize the cloud landscape, AWS Lambda has emerged as a pivotal service, offering a Function-as-a-Service (FaaS) model that allows developers to focus solely on code while AWS manages the underlying…
-
LABScon24 Replay | The Ransomware Trust Paradox
Max Smeets explores how ransomware groups leverage public reporting and why we must disrupt the trust dynamic between threat actors and victims. In his Keynote talk at LABScon 24, Max Smeets explores how ransomware operators build a unique relationship between themselves and their victims. In contrast to most other threat actors, ransomware operators rely on…
-
LABScon24 Replay | Let Them Eat Cake: “Secure by Upgrade” Software is a National Security Threat
Kymberlee Price reveals the technical chaos facing SMBs as they struggle with solutions aimed at bigger fish in the face of expanding crimeware. Ransomware is doing more to change the security landscape than the last 20 years of Secure Development Lifecycle, DevSecOps, Zero Days, Breaches, or any corporate memo. Pair this with predatory pricing models…