Security
Headlines
HeadlinesLatestCVEs

Latest News

More_eggs Malware Disguised as Resumes Targets Recruiters in Phishing Attack

Cybersecurity researchers have spotted a phishing attack distributing the More_eggs malware by masquerading it as a resume, a technique originally detected more than two years ago. The attack, which was unsuccessful, targeted an unnamed company in the industrial services industry in May 2024, Canadian cybersecurity firm eSentire disclosed last week. "Specifically, the targeted individual was a

The Hacker News
Open in Source
#The Hacker News
Ransomware Is ‘More Brutal’ Than Ever in 2024

As the fight against ransomware slogs on, security experts warn of a potential escalation to “real-world violence.” But recent police crackdowns are successfully disrupting the cybercriminal ecosystem.

Is a US Nationwide Privacy Law Really Coming?

If passed, APRA will be a giant leap forward for the rights and freedoms of Americans.

Making Choices that Lead to Stronger Vulnerability Management

The threat environment will continue to grow in complexity. Now is the time for organizations to streamline how they manage and mitigate overlooked vulnerabilities.

American Fuzzy Lop plus plus 4.21c

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.

Kiuwan Local Analyzer / SAST / SaaS XML Injection / XSS / IDOR

Kiuwan SAST versions prior to 2.8.2402.3, Kiuwan Local Analyzer versions prior to master.1808.p685.q13371, and Kiuwan SaaS versions prior to 2024-02-05 suffer from XML external entity injection, cross site scripting, insecure direct object reference, and various other vulnerabilities.

Ubuntu Security Notice USN-6821-1

Ubuntu Security Notice 6821-1 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

Ubuntu Security Notice USN-6820-1

Ubuntu Security Notice 6820-1 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

SEH utnserver Pro/ProMAX / INU-100 20.1.22 XSS / DoS / File Disclosure

SEH utnserver Pro/ProMAX and INU-100 version 20.1.22 suffers from cross site scripting, denial of service, and file disclosure vulnerabilities.

Ubuntu Security Notice USN-6819-1

Ubuntu Security Notice 6819-1 - Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service.