Supply chain attacks likely with exploitation of novel R programing bug

30 April 2024

Threat actors could leverage a high-severity vulnerability impacting the R programming language, tracked as CVE-2024-27322, to enable arbitrary code execution during the deserialization of packages using the RDS format and potentially facilitate supply chain attacks, The Hacker News reports. “For an attacker to take over an R package, all they need to do is overwrite the rdx file with the maliciously crafted file, and when the package is loaded, it will automatically execute the code,”

Source: SC Magazine

Date:

30 April 2024

Categorie(s):

NEWS

Tag(s):

IT, News

Palo Alto Networks posts strong earnings, but stock dips on disappointing forecast20 May 2024
Julian Assange can appeal extradition to the US, London High Court rules20 May 2024
Security Money: Rubrick Saves The Index As It Continues To Climb – BSW #35120 May 2024
2024 Cyber Resilience Trends & Leveling the Cybersecurity Playing Field – Theresa Lanowitz, Jim Simpson – BSW #35120 May 2024
WebTPA reports 2.4 million plan members had their data stolen20 May 2024