Security
Headlines
HeadlinesLatestCVEs

Tag

#git

A Frontline Report of Chinese Threat Actor Tactics and Techniques

Threat intel experts see a reduced focus on desktop malware as threat groups prioritize passwords and tokens that let them access the same systems as remote workers.

DARKReading
Open in Source
#vulnerability#microsoft#git#intel#auth
Protect AI Releases 3 AI/ML Security Tools as Open Source

NB Defense, ModelScan, and Rebuff, which detect vulnerabilities in machine learning systems, are available on GitHub.

The UN Risks Normalizing Internet Censorship

The United Nations' top internet governance body will allegedly host its next two annual meetings in countries known for repressive internet policies and human rights abuses.

Stalkerware activity drops as glaring spying problem is revealed

Categories: News Tags: stalkerware Tags: tracking Tags: intimate partner tracking Tags: spying Tags: stalkerware-type Tags: stalkerware-type app Tags: monitoring app Tags: monitoring Tags: Everyone's afraid of the internet Tags: privacy Tags: parenthood North America has a spying problem. Its perpetrators are everyday people. (Read more...) The post Stalkerware activity drops as glaring spying problem is revealed appeared first on Malwarebytes Labs.

Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits

Microsoft has released its Patch Tuesday updates for October 2023, addressing a total of 103 flaws in its software, two of which have come under active exploitation in the wild. Of the 103 flaws, 13 are rated Critical and 90 are rated Important in severity. This is apart from 18 security vulnerabilities addressed in its Chromium-based Edge browser since the second Tuesday of September. The two

CISA catalog passes 1,000 known-to-be-exploited vulnerabilities. Celebration time, or is it?

Categories: Exploits and vulnerabilities Categories: News Tags: CISA Tags: KEV Tags: catalog Tags: vulnerabilities Tags: prioritize The CISA Known Exploited Vulnerabilities catalog has grown to cover more than 1,000 vulnerabilities since its launch in November 2021. (Read more...) The post CISA catalog passes 1,000 known-to-be-exploited vulnerabilities. Celebration time, or is it? appeared first on Malwarebytes Labs.

Microsoft Warns of Nation-State Hackers Exploiting Critical Atlassian Confluence Vulnerability

Microsoft has linked the exploitation of a recently disclosed critical flaw in Atlassian Confluence Data Center and Server to a nation-state actor it tracks as Storm-0062 (aka DarkShadow or Oro0lxy). The tech giant's threat intelligence team said it observed in-the-wild abuse of the vulnerability since September 14, 2023. "CVE-2023-22515 is a critical privilege escalation vulnerability in

GHSA-33vj-r6p6-x4p8: Cross-Site Request Forgery (CSRF) in snipe/snipe-it

Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.

CVE-2023-5511: Set resend acceptance to POST · snipe/snipe-it@6d55d78

Cross-Site Request Forgery (CSRF) in GitHub repository snipe/snipe-it prior to v.6.2.3.

GHSA-fr44-546p-7xcp: MsQuic Remote Denial of Service Vulnerability

### Impact The MsQuic server will continue to leak memory until no more is available, resulting in a denial of service. ### Patches The following patch was made: - Fix Memory Leak from Multiple Decodes of TP - https://github.com/microsoft/msquic/commit/d364feeda0dd8b729eca6fef149c1ef98630f0cb ### Workarounds Beyond upgrading to the patched versions, there is no other workaround.