Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Supply Chain Cybersecurity Beyond Traditional Vendor Risk Management

Traditional practices are no longer sufficient in today's threat landscape. It's time for cybersecurity professionals to rethink their approach.

DARKReading
Open in Source
#vulnerability#mac#git#intel#backdoor#auth#zero_day#ssl
North Korean IT Workers in Western Firms Now Demanding Ransom for Stolen Data

North Korean information technology (IT) workers who obtain employment under false identities in Western companies are not only stealing intellectual property, but are also stepping up by demanding ransoms in order to not leak it, marking a new twist to their financially motivated attacks. "In some instances, fraudulent workers demanded ransom payments from their former employers after gaining

U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign

Cybersecurity and intelligence agencies from Australia, Canada, and the U.S. have warned about a year-long campaign undertaken by Iranian cyber actors to infiltrate critical infrastructure organizations via brute-force attacks. "Since October 2023, Iranian actors have used brute force and password spraying to compromise user accounts and obtain access to organizations in the healthcare and

GHSA-4gc7-5j7h-4qph: Spring Framework DataBinder Case Sensitive Match Exception

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.

Hong Kong Crime Ring Swindles Victims Out of $46M

The scammers used real-time deepfakes in online dating video calls to convince the victims of their legitimacy.

Fake North Korean IT Workers Infiltrate Western Firms, Demand Ransom

North Korean hackers are infiltrating Western companies using fraudulent IT workers to steal sensitive data and extort ransom.…

GHSA-4qm4-8hg2-g2xm: MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow

### Impact When this library is used to deserialize messagepack data from an untrusted source, there is a risk of a denial of service attack by an attacker that sends data contrived to produce hash collisions, leading to large CPU consumption disproportionate to the size of the data being deserialized. This is similar to [a prior advisory](https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf), which provided an inadequate fix for the hash collision part of the vulnerability. ### Patches The following steps are required to mitigate this risk. 1. Upgrade to a version of the library where a fix is available. 1. Review the steps in [this previous advisory](https://github.com/MessagePack-CSharp/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf) to ensure you have your application configured for untrusted data. ### Workarounds If upgrading MessagePack to a patched version is not an option for you, you may apply a manual workaround a...

Internet Archive Slowly Revives After DDoS Barrage

Days after facing a major breach, the site is still struggling to get fully back on its feet.

What I’ve learned in my first 7-ish years in cybersecurity

Plus, a zero-day vulnerability in Qualcomm chips, exposed health care devices, and the latest on the Salt Typhoon threat actor.