Alireza Gharib Blog

CVE ID : CVE-2024-56514 Published : Jan. 3, 2025, 5:15 p.m. | 1 hour, 45 minutes ago Description : Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an…

CVE ID : CVE-2024-56513 Published : Jan. 3, 2025, 5:15 p.m. | 1 hour, 45 minutes ago Description : Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, the PULL mode clusters registered with the `karmadactl register` command have excessive privileges to access…

The Good, the Bad and the Ugly in Cybersecurity – Week 1 The Good | HIPAA to Update Security Rules and Feds Sanction Disinformation Campaign Operators Cyberattacks on healthcare systems put patients at critical risk, disrupting urgent medical services or tr … Read more Published Date: Jan 03, 2025 (4 hours, 59 minutes ago) Vulnerabilities has been…

The Good, the Bad and the Ugly in Cybersecurity – Week 1 The Good | HIPAA to Update Security Rules and Feds Sanction Disinformation Campaign Operators Cyberattacks on healthcare systems put patients at critical risk, disrupting urgent medical services or tr … Read more Published Date: Jan 03, 2025 (4 hours, 59 minutes ago) Vulnerabilities has been…

CVE-2024-49113: PoC Exploit Code Released The CVE-2024-49113 vulnerability is a significant Denial of Service (DoS) issue found in the Windows Lightweight Directory Access Protocol (LDAP). SafeBreach Labs developed the exploit code, which has … Read more Published Date: Jan 03, 2025 (5 hours, 10 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2024-12108 CVE-2024-12987 CVE-2024-49113 CVE-2024-49112…

After a bit too much eggnog, Elliot Williams and Al Williams got together to see what Hackaday had been up to over the holiday. Turns out, quite a bit. There was a lot to cover, but the big surprise was the “What’s that Sound” competition. Do you know who had the correct answer from the…

Despite initial interest in the 1990s and early 2000s, palmtop computers never really took off. Realistically most consumers were probably satisfied enough with smartphones as they became more widely available, but those of us who would prefer a real keyboard on our mobile devices are still feeling the pain. Today there are still a few…

Claroty’s TEAM82 has a report on a new malware strain, what they’re calling IOCONTROL. It’s a Linux malware strain aimed squarely at embedded devices. One of the first targets of this malware, surprisingly, is the Iraeli made Orpak gas station pumps. There’s a bit of history here, as IOCONTROL is believed to be used by…

The background and the IOCs for this blog were gathered by an Expert helper on our forums and Malwarebytes researchers. Our thanks go out to them. A new, malicious campaign is making the rounds online and it starts simple: Unwitting targets receive a direct message (DM) on a Discord server asking about their interest in…