Security
Headlines
HeadlinesLatestCVEs

Latest News

First Mobile Crypto Drainer on Google Play Steals $70K from Users

A malicious app disguised as a legitimate WalletConnect tool targeted mobile users on Google Play. The app stole…

HackRead
Open in Source
#web#android#apple#google#git
Hackers Could Remotely Control Kia Cars by Exploiting License Plates

A critical vulnerability in Kia vehicles allowed hackers to control cars remotely using only license plates. The flaw…

Millions of Kia vehicles were vulnerable to remote attacks with just a license plate number

Researchers found a method to remotely take over any Kia with only the license plate number as a starting point.

Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now

Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical vulnerabilities. The issues, the company said, have been resolved in version 24.0.1 released on September 20, 2024. The company has yet to release any details about what the flaws are other than listing their CVE identifiers - CVE-2024-46905 (CVSS score: 8.8)

Nexus Repository Traversal Scanner

This scanner helps security enthusiasts to scan for a path traversal vulnerability in Nexus Repository targets in bulk. The scanner will show the number of targets loaded and the state of the current scanning. The URLs will be listed with three status messages: Timeout, Fail, or Success, based on the results.

Linux OverlayFS Local Privilege Escalation

This Metasploit module exploit targets the Linux kernel bug in OverlayFS. A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.

Lynis Auditing Tool 3.1.2

Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.

Ubuntu Security Notice USN-7045-1

Ubuntu Security Notice 7045-1 - Simone Margaritelli discovered that libppd incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used.

Ubuntu Security Notice USN-7044-1

Ubuntu Security Notice 7044-1 - Simone Margaritelli discovered that libcupsfilters incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used.

Ubuntu Security Notice USN-7043-1

Ubuntu Security Notice 7043-1 - Simone Margaritelli discovered that the cups-filters cups-browsed component could be used to create arbitrary printers from outside the local network. In combination with issues in other printing components, a remote attacker could possibly use this issue to connect to a system, created manipulated PPD files, and execute arbitrary code when a printer is used. This update disables support for the legacy CUPS printer discovery protocol. Simone Margaritelli discovered that cups-filters incorrectly sanitized IPP data when creating PPD files. A remote attacker could possibly use this issue to manipulate PPD files and execute arbitrary code when a printer is used.