Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Red Hat Security Advisory 2024-1835-03

Red Hat Security Advisory 2024-1835-03 - An update for shim is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.

Packet Storm
Open in Source
#vulnerability#linux#red_hat#js#rce#buffer_overflow#auth
Red Hat Security Advisory 2024-1834-03

Red Hat Security Advisory 2024-1834-03 - An update for shim is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include buffer overflow, bypass, integer overflow, and out of bounds read vulnerabilities.

Various Botnets Pummel Year-Old TP-Link Flaw in IoT Attacks

Moobot, Miori, AGoent, and a Gafgyt variant have joined the infamous Mirai botnet in attacking unpatched versions of vulnerable Wi-Fi routers.

Preparing for Cyber Warfare: 6 Key Lessons From Ukraine

Having a solid disaster recovery plan is the glue that keeps your essential functions together when all hell breaks loose.

Why a Native-First Approach Is Key to Cloud Security

A native-first approach delivers better protections and a more efficient use of resources than best-of-breed solutions, benefiting cloud service providers and end-user customers alike.

OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal

The documents contained malicious VBA code, indicating they may be used as lures to infect organizations.

Critical Atlassian Flaw Exploited to Deploy Linux Variant of Cerber Ransomware

Threat actors are exploiting unpatched Atlassian servers to deploy a Linux variant of Cerber (aka C3RB3R) ransomware. The attacks leverage CVE-2023-22518 (CVSS score: 9.1), a critical security vulnerability impacting the Atlassian Confluence Data Center and Server that allows an unauthenticated attacker to reset Confluence and create an administrator account. Armed with this access, a

Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign

Cybersecurity researchers have discovered a new campaign that's exploiting a recently disclosed security flaw in Fortinet FortiClient EMS devices to deliver ScreenConnect and Metasploit Powerfun payloads. The activity entails the exploitation of CVE-2023-48788 (CVSS score: 9.3), a critical SQL injection flaw that could permit an unauthenticated attacker to execute unauthorized code or

'Sandworm' Group Is Russia's Primary Cyberattack Unit in Ukraine

But even with that focus, the sophisticated threat group has continued operations against targets globally, including the US, says Google's Mandiant.

Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services

Cisco is warning about a global surge in brute-force attacks targeting various devices, including Virtual Private Network (VPN) services, web application authentication interfaces, and SSH services, since at least March 18, 2024. "These attacks all appear to be originating from TOR exit nodes and a range of other anonymizing tunnels and proxies," Cisco Talos said. Successful attacks could