Security
Headlines
HeadlinesLatestCVEs

Latest News

GHSA-jxw2-jvxf-5vrp: Databricks JDBC Driver Command Injection vulnerability

Databricks JDBC Driver before 2.6.40 could potentially allow remote code execution (RCE) by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could potentially exploit this vulnerability to achieve Remote Code Execution in the context of the driver by tricking a victim into using a crafted connection URL that uses the property krbJAASFile.

ghsa
#vulnerability#rce#auth
Texas Tech Fumbles Medical Data in Massive Breach

The cyberattack impacts at least 1.4 million patients, as tranches of highly sensitive personal, medical, and financial data fall into the hands of cyber crooks who have everything they need to carry out convincing social engineering and fraud attacks.

CISA Directs Federal Agencies to Secure Cloud Environments

Actions direct agencies to deploy specific security configurations to reduce cyber-risk.

Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware

A new social engineering campaign has leveraged Microsoft Teams as a way to facilitate the deployment of a known malware called DarkGate. "An attacker used social engineering via a Microsoft Teams call to impersonate a user's client and gain remote access to their system," Trend Micro researchers Catherine Loveria, Jovit Samaniego, and Gabriel Nicoleta said. "The attacker failed to install a

Intel Officials Warned Police That US Cities Aren’t Ready for Hostile Drones

In a previously unreported August memo, the Department of Homeland Security urged state and local police to conduct exercises to test their ability to respond to weaponized drones.

5 million payment card details stolen in painful reminder to monitor Christmas spending

An online repository of screenshots where victims filled out their payment card details online was publicly accessible.

Azure Data Factory Bugs Expose Cloud Infrastructure

Three vulnerabilities in the service's Apache Airflow integration could have allowed attackers to take shadow administrative control over an enterprise cloud infrastructure, gain access to and exfiltrate data, and deploy malware.

Hackers Demand Ransom in Rhode Island Health System Data Breach

In a major cyberattack, the state of Rhode Island has fallen victim to a security breach potentially exposing the personal information of thousands of residents.