Security
Headlines
HeadlinesLatestCVEs

Latest News

Red Hat Security Advisory 2024-1959-03

Red Hat Security Advisory 2024-1959-03 - An update for shim is now available for Red Hat Enterprise Linux 7. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.

Packet Storm
#vulnerability#linux#red_hat#js#rce#buffer_overflow#auth
Red Hat Security Advisory 2024-1948-03

Red Hat Security Advisory 2024-1948-03 - An update for Red Hat Build of Apache Camel 3.18 for Quarkus 2.13 is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product Security has rated this update as having a security impact of Important. Issues addressed include denial of service and server-side request forgery vulnerabilities.

“Substantial proportion” of Americans may have had health and personal data stolen in Change Healthcare breach

UnitedHealth has made an announcement about the stolen data in the ransomware attack on subsidiary Change Healthcare.

Apache Cordova App Harness Targeted in Dependency Confusion Attack

Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness. Dependency confusion attacks take place owing to the fact that package managers check the public repositories before private registries, thus allowing a threat actor to publish a malicious package with the same name to a public package repository. This&

Lessons for CISOs From OWASP's LLM Top 10

It's time to start regulating LLMs to ensure they're accurately trained and ready to handle business deals that could affect the bottom line.

US Gov Slaps Visa Restrictions on Spyware Honchos

The State Department can now deny entrance to the US for individuals accused of profiting from spyware-related human rights abuses, and their immediate family members.

GitHub Comments Abused to Spread Malware in Fake Microsoft Repositories

By Deeba Ahmed Hackers are exploiting GitHub comments to spread malware disguised as Microsoft software downloads tricking users into downloading malware. This is a post from HackRead.com Read the original post: GitHub Comments Abused to Spread Malware in Fake Microsoft Repositories

Russia's Fancy Bear Pummels Windows Print Spooler Bug

The infamous Russian threat actor has created a custom tool called GooseEgg to exploit CVE-2022-38028 in cyber-espionage attacks against targets in Ukraine, Western Europe, and North America.

Suspected CoralRaider continues to expand victimology using three information stealers

Talos also discovered a new PowerShell command-line argument embedded in the LNK file to bypass anti-virus products and download the final payload into the victims’ host.

Teetering on the Edge: VPNs, Firewalls' Nonexistent Telemetry Lures APTs

State-sponsored groups are targeting critical vulnerabilities in virtual private network (VPN) gateways, firewall appliances, and other edge devices to make life difficult for incident responders, who rarely have visibility into the devices.