Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security

Security researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell (SSH) cryptographic network protocol that could allow an attacker to downgrade the connection's security by breaking the integrity of the secure channel. Called Terrapin (CVE-2023-48795, CVSS score: 5.9), the exploit has been described as the "first ever practically exploitable prefix

The Hacker News
Open in Source
#vulnerability#mac#auth#ssh#The Hacker News
New JinxLoader Targeting Users with Formbook and XLoader Malware

A new Go-based malware loader called JinxLoader is being used by threat actors to deliver next-stage payloads such as Formbook and its successor XLoader. The disclosure comes from cybersecurity firms Palo Alto Networks Unit 42 and Symantec, both of which highlighted multi-step attack sequences that led to the deployment of JinxLoader through phishing attacks. "The

Microsoft Disables App Installer After Feature is Abused for Malware

By Deeba Ahmed According to the Microsoft Threat Intelligence Team, threat actors labeled as 'financially motivated' utilize the ms-appinstaller URI scheme for malware distribution. This is a post from HackRead.com Read the original post: Microsoft Disables App Installer After Feature is Abused for Malware

Google Fixes Nearly 100 Android Security Issues

Plus: Apple shuts down a Flipper Zero Attack, Microsoft patches more than 30 vulnerabilities, and more critical updates for the last month of 2023.

China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks

By Deeba Ahmed The police arrested two suspects in Beijing and two in Inner Mongolia. This is a post from HackRead.com Read the original post: China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks

Malware Leveraging Google Cookie Exploit via OAuth2 Functionality

By Deeba Ahmed Among others, developers of the infamous Lumma, an infostealer malware, are already using the exploit by employing advanced… This is a post from HackRead.com Read the original post: Malware Leveraging Google Cookie Exploit via OAuth2 Functionality

Apache OFBiz 18.12.09 Remote Code Execution

Apache OFBiz version 18.12.09 suffers from a pre-authentication remote code execution vulnerability.

Albanian Parliament and One Albania Telecom Hit by Cyber Attacks

The Assembly of the Republic of Albania and telecom company One Albania have been targeted by cyber attacks, the country’s National Authority for Electronic Certification and Cyber Security (AKCESK) revealed this week. “These infrastructures, under the legislation in force, are not currently classified as critical or important information infrastructure,” AKCESK said. One Albania, which has

iPhone Spyware Exploits Obscure Chip Feature, Targets Researchers

By Deeba Ahmed Triangulation of Terror: Inside the Most Sophisticated iPhone Spyware Campaign Ever Seen. This is a post from HackRead.com Read the original post: iPhone Spyware Exploits Obscure Chip Feature, Targets Researchers

The Worst Hacks of 2023

It was a year of devastating cyberattacks around the globe, from ransomware attacks on casinos to state-sponsored breaches of critical infrastructure.