Splunk, the data analysis and monitoring platform, is addressing a critical Remote Code Execution (RCE) vulnerability, identified as CVE-2024-53247, which affects several versions of Splunk Enterprise and the Splunk Secure Gateway app on the Splunk Cloud Platform. Rated with a CVSSv3.1 score of 8.8, this vulnerability poses a significant risk to organizations using these services. The vulnerability stems from the unsafe deserialization of untrusted data, traced to the insecure use of the jsonpickle Python library. This flaw allows low-privileged users, who do not have "admin" or "power" roles, to execute arbitrary code on affected systems. The issue impacts Splunk Enterprise versions 9.3.1 and earlier, 9.2.3 and earlier, and versions 9.1.0 to 9.1.6, as well as Splunk Secure Gateway versions below 3.7.13 and 3.4.261. Splunk has taken swift action to address the issue, demonstrating transparency and responsiveness in the face of this vulnerability.
A recent cyber campaign has been observed delivering a fileless variant of the Remcos Remote Access Trojan (RAT) through phishing emails. The attack primarily targets organizations...
As a result of an international law enforcement action orchestrated by the U.S. Justice Department, a large residential proxy service known as SocksEscort has been taken down. This...
Poland’s National Centre for Nuclear Research (NCBJ) was recently targeted by a cyberattack that disrupted parts of its IT infrastructure. The attack prompted the organization to...