Security
Headlines
HeadlinesLatestCVEs

Tag

#acer

China-Based Billbug APT Infiltrates Certificate Authority

Access to digital certificates would allow the Chinese-speaking espionage group to sign its custom malware and skate by security scanners.

DARKReading
Open in Source
#web#ios#mac#git#intel#backdoor#bios#acer#auth
7 Reasons to Choose an MDR Provider

According to a recent survey, 90% of CISOs running teams in small to medium-sized enterprises (SMEs) use a managed detection and response (MDR) service. That’s a 53% increase from last year. Why the dramatic shift to MDR? CISOs at organizations of any size, but especially SMEs, are realizing that the threat landscape and the way we do cybersecurity are among the many things that will never look

WordPress BeTheme BeCustom 1.0.5.2 Cross Site Request Forgery

WordPress BeTheme BeCustom plugin versions 1.0.5.2 and below suffer from a cross site request forgery vulnerability.

RHSA-2022:8267: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2020-36516: kernel: off-path attacker may inject data or terminate victim's TCP session * CVE-2021-3640: kernel: use-after-free vulnerability in function sco_sock_sendmsg() * CVE-2022-0168: kernel: smb2_ioctl_query_info NULL pointer dereference * CVE-2022-0617: kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback * CVE-2022-0854: ...

Researchers Say China State-backed Hackers Breached a Digital Certificate Authority

A suspected Chinese state-sponsored actor breached a digital certificate authority as well as government and defense agencies located in different countries in Asia as part of an ongoing campaign since at least March 2022. Symantec, by Broadcom Software, linked the attacks to an adversarial group it tracks under the name Billbug, citing the use of tools previously attributed to this actor. The

The Hunt for the Dark Web’s Biggest Kingpin, Part 4: Face to Face

The team uses a secret technique to locate AlphaBay’s server. But just as the operation heats up, the agents have an unexpected run-in with their target.

The Hunt for the FTX Thieves Has Begun

Mysterious crooks took hundreds of millions of dollars from FTX just as it collapsed. Crypto-tracing blockchain analysis may provide an answer.

CVE-2022-28689: TALOS-2022-1521 || Cisco Talos Intelligence Group

A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2022-26023: TALOS-2022-1520 || Cisco Talos Intelligence Group

A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.

OnePlanet Announces Support for Polygon-based Launchpad Services

By Deeba Ahmed This connectivity between the NFT launchpad and the Polygon ecosystem will allow the minting of new collections on the Polygon network. This is a post from HackRead.com Read the original post: OnePlanet Announces Support for Polygon-based Launchpad Services