Widespread RCE compromise likely with critical TinyProxy bug | allinfosecnews.com

May 7, 2024, 2:06 p.m. | SC Staff

SC Magazine feed for Threats www.scmagazine.com

Fifty-seven percent of more than 90,000 internet-exposed hosts continue to run TinyProxy instances unpatched against the critical use-after-free vulnerability, tracked as CVE-2023-49606, which could be leveraged to facilitate remote code execution attacks via an unauthenticated HTTP request, reports The Hacker News.

attacks bug code code execution compromise continue critical cve exposed free hacker http internet patchconfiguration-management rce remote code remote code execution reports request run the hacker news threat intelligence tinyproxy unauthenticated unpatched use-after-free vulnerability vulnerability management

More from www.scmagazine.com / SC Magazine feed for Threats

Arrests made in North Korean remote job scam targeting US firms 1 day, 22 hours ago | www.scmagazine.com

american arrests companies governance risk and compliance +14

BreachForums seized by FBI for 2nd time 3 days, 16 hours ago | www.scmagazine.com

account breach breachforums data +10

Anti-stalking feature to become part of Android 6.0+ and iOS 17.5 3 days, 22 hours ago | www.scmagazine.com

airtag alerts android apple +14

US agencies issue warning about Black Basta ransomware gang 3 days, 22 hours ago | www.scmagazine.com

agency alert basta black basta +29

Draft of 2025 defense bill includes mobile device cybersecurity evaluation 3 days, 22 hours ago | www.scmagazine.com

act analysts application security authorization +20

US agencies warn of state-sponsored cyberattacks on civil society groups 3 days, 22 hours ago | www.scmagazine.com

china civil civil society cyberattacks +20

UN report exposes North Korean cyberattacks, crypto laundering spree 3 days, 23 hours ago | www.scmagazine.com

breach cash crypto cryptocurrency +23

US, UK decry escalating cyber activities from China 3 days, 23 hours ago | www.scmagazine.com

british china critical-infrastructure-security cyber +9

Malicious PyPI ‘requests’ fork hides backdoor in PNG file 5 days, 14 hours ago | www.scmagazine.com

backdoor file fork malicious +7

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Technical Support Specialist (Cyber Security)

@ Sigma Software | Warsaw, Poland

View on infosec-jobs.com

OT Security Specialist

@ Adani Group | AHMEDABAD, GUJARAT, India

View on infosec-jobs.com

FS-EGRC-Manager-Cloud Security

@ EY | Bengaluru, KA, IN, 560048

View on infosec-jobs.com