ShadowSyndicate Hackers Exploit Aiohttp Vulnerability To Steal Sensitive Data | allinfosecnews.com

May 3, 2024, 1:34 p.m. | Guru Baran

Cyber Security News cybersecuritynews.com

A directory traversal vulnerability (CVE-2024-23334) was identified in aiohttp versions before 3.9.2. This vulnerability allows remote attackers to access sensitive files on the server because aiohttp doesn’t validate file reading within the root directory when ‘follow_symlinks’ is enabled. Aiohttp is a popular asynchronous HTTP framework used in over 43,000 internet-exposed instances, making them prime targets […]

The post ShadowSyndicate Hackers Exploit Aiohttp Vulnerability To Steal Sensitive Data appeared first on Cyber Security News.

access aiohttp vulnerability asynchronous attackers cve cve-2024 cve-2024-23334 cyber security cybersecurity data data breach directory directory traversal exploit exposed file files framework hackers hackers exploit http internet popular root sensitive sensitive data server steal vulnerability

More from cybersecuritynews.com / Cyber Security News

30+ Tesla Cars Hacked Using Third-Party Software 1 day, 4 hours ago | cybersecuritynews.com

access cars collect cyber security +23

How to Use Threat Intelligence Feeds for SOC/DFIR Teams 1 day, 4 hours ago | cybersecuritynews.com

block can compromise cyber security +28

YARA, the Malware Researchers Toolbox Evolved 1 day, 7 hours ago | cybersecuritynews.com

big bugs can cyber security +13

SugarGh0st RAT Attacking Organizations & Individuals in AI Research 1 day, 9 hours ago | cybersecuritynews.com

access ai research attack businesses +21

New Cyber Attack Targeting Facebook Business Accounts 1 day, 9 hours ago | cybersecuritynews.com

accounts ads attack business +28

CISA Reveals Guidance For Implementation of Encrypted DNS Protocols 1 day, 12 hours ago | cybersecuritynews.com

advice agency budget cisa +23

Two Brothers Arrested for Attacking Blockchain & Stealing $25M 1 day, 13 hours ago | cybersecuritynews.com

arrested blockchain boston charged +17

Microsoft to Mandate Multi-Factor Authentication for All Azure Users 1 day, 14 hours ago | cybersecuritynews.com

authentication azure big cloud +12

Darkgate Malware Weaponizing XLSX, HTML And PDF To Attack Windows Machines 1 day, 15 hours ago | cybersecuritynews.com

attack aware cyber security cybersecurity analysis +20

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Security Operations Manager-West Coast

@ The Walt Disney Company | USA - CA - 2500 Broadway Street

View on infosec-jobs.com

Vulnerability Analyst - Remote (WFH)

@ Cognitive Medical Systems | Phoenix, AZ, US | Oak Ridge, TN, US | Austin, TX, US | Oregon, US | Austin, TX, US

View on infosec-jobs.com

Senior Mainframe Security Administrator

@ Danske Bank | Copenhagen V, Denmark

View on infosec-jobs.com