Security
Headlines
HeadlinesLatestCVEs

Tag

#amazon

World’s Leading Blockchain DeFiChain Announces Adding Four New dTokens

By Waqas Bitcoin network’s most prosperous blockchain DeFiChain is a decentralized proof-of-stake platform created as a hard fork to enable… This is a post from HackRead.com Read the original post: World’s Leading Blockchain DeFiChain Announces Adding Four New dTokens

HackRead
Open in Source
#apple#microsoft#amazon#alibaba
Hackers Exploiting Dell Driver Vulnerability to Deploy Rootkit on Targeted Computers

The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver, highlighting new tactics adopted by the state-sponsored adversary. The Bring Your Own Vulnerable Driver (BYOVD) attack, which took place in the autumn of 2021, is another variant of the threat actor's espionage-oriented activity called Operation In(ter)

NK Hackers Lacing Legit Software with Malware

By Waqas The hacker group is called ZINC, and its primary targets are organizations in the aerospace, media, IT services, and defense sectors. This is a post from HackRead.com Read the original post: NK Hackers Lacing Legit Software with Malware

Ubuntu Security Notice USN-5650-1

Ubuntu Security Notice 5650-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Reshaping the Threat Landscape: Deepfake Cyberattacks Are Here

It's time to dispel notions of deepfakes as an emergent threat. All the pieces for widespread attacks are in place and readily available to cybercriminals, even unsophisticated ones.

CVE-2022-40277: GitHub - laurent22/joplin: Joplin - an open source note taking and to-do application with synchronisation capabilities for Windows, macOS, Linux, Android and iOS.

Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before passing them to the 'shell.openExternal' function.

Cyera Survey Finds One in Three Respondents Want to Minimize Cloud Data Risk

Multiple providers say 'cloud data sprawl' makes managing cloud data risk a priority initiative within the next 12 months.

GHSA-5c6q-f783-h888: AWS Redshift JDBC Driver fails to validate class type during object instantiation

In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name. This issue has been fixed in version 2.1.0.8.

CVE-2022-41828: Release of 2.1.0.8 version · aws/amazon-redshift-jdbc-driver@40b143b

In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.