Security
Headlines
HeadlinesLatestCVEs

Tag

#aws

Fake PoC Exploit Targets Cybersecurity Researchers with Malware

A fake proof-of-concept (PoC) exploit designed to lure cybersecurity researchers into downloading malicious software. This deceptive tactic leverages a recently patched critical vulnerability in Microsoft's Windows LDAP service (CVE-2024-49113), which can cause denial-of-service attacks.

HackRead
Open in Source
#vulnerability#mac#windows#microsoft#dos#git#intel#rce#ldap#aws#auth
Thousands of Live Hacker Backdoors Found in Expired Domains

SUMMARY Cybersecurity researchers at watchTowr have identified over 4,000 live hacker backdoors, exploiting abandoned infrastructure and expired domains.…

NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT

Researchers discovered a malicious package on the npm package registry that resembles a library for Ethereum smart contract vulnerabilities but actually drops an open-source remote access trojan called Quasar RAT onto developer systems.

Fake 7-Zip Exploit Code Traced to AI-Generated Misinterpretation

A recent claim that a critical zero-day vulnerability existed in the popular open-source file archiver 7-Zip has been met with skepticism from the software's creator and other security researchers.

'Bad Likert Judge' Jailbreak Bypasses Guardrails of OpenAI, Other Top LLMs

A novel technique to stump artificial intelligence (AI) text-based systems increases the likelihood of a successful cyberattack by 60%.

FortiGuard Labs Links New EC2 Grouper Hackers to AWS Credential Exploits

Researchers at FortiGuard Labs have identified a prolific attacker group known as "EC2 Grouper" who frequently exploits compromised credentials using AWS tools.

GHSA-wgqq-9qh8-wvqv: OpenShift Hive RCE through AWS/Kubernetes client configuration leads to privilege escalation

A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the hive/hive-controllers pod.

GHSA-8gc2-vq6m-rwjw: Amazon Redshift Python Connector vulnerable to SQL Injection

### Summary A SQL injection in the Amazon Redshift Python Connector in version 2.1.4 allows a user to gain escalated privileges via schema injection in the get_schemas, get_tables, or get_columns Metadata APIs. Users should upgrade to the driver version 2.1.5 or revert to driver version 2.1.3. ### Impact A SQL injection is possible in the Amazon Redshift Python Connector, version 2.1.4, when leveraging metadata APIs to retrieve information about database schemas, tables, or columns. **Impacted versions:** Amazon Redshift Python Connector version 2.1.4. ### Patches The issue described above has been addressed in the Amazon Redshift Python Connector, version 2.1.5. The patch implemented in this version ensures that every metadata command input is sent to the Redshift server as part of a parameterized query, using either QUOTE_IDENT(string) or QUOTE_LITERAL(string). After processing all the inputs into quoted identifiers or literals, the metadata command is composed using these input...