Tag
Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the wild. Tracked as CVE-2024-4671, the high-severity vulnerability has been described as a case of use-after-free in the Visuals component. It was reported by an anonymous researcher on May 7, 2024. Use-after-free bugs, which arise when a program
Malicious Android apps masquerading as Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter) have been observed to steal users' credentials from compromised devices. "This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their devices," the SonicWall Capture Labs threat research team said in a recent report. The
Ubuntu Security Notice 6766-1 - It was discovered that the Open vSwitch implementation in the Linux kernel could overflow its stack during recursive action operations under certain conditions. A local attacker could use this to cause a denial of service. Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive information.
Ubuntu Security Notice 6767-1 - Chenyuan Yang discovered that the RDS Protocol implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
By Waqas The norotious IntelBroker hackers claims to have breached a leading cybersecurity company (revenue: $1.8 billion). The hacker is selling access to stolen data, including sensitive credentials and critical logs, for $20,000 in cryptocurrency. This is a post from HackRead.com Read the original post: IntelBroker Hacker Claims Breach of Top Cybersecurity Firm, Selling Access
### Impact Some specifically configured Spin applications that use `self` requests without a specified URL authority can be induced to make requests to arbitrary hosts via the `Host` HTTP header. If an application's manifest contains a component with configuration such as ```toml allowed_outbound_hosts = ["http://self", "https://self"] ``` and code such as ```rust let res: Response = spin_sdk::http::send( Request::new(Method::Get, "/") // Note: the request URI does not contain a URL authority ).await?; ``` Then that application can be induced to send an outgoing request to another host (leading the app to process the response assuming it comes from another component in the same application). This can be induced with a request such as ```shell curl -H"Host: google.com:80" localhost:3000 # Assuming the application is served on localhost:3000 ``` > Note: If using a SDK that does not use `wasi:http/outgoing-handler`, the port can be omitted from the URL. #### Vulnerable Conf...
An internal email from FBI deputy director Paul Abbate, obtained by WIRED, tells employees to search for “US persons” in a controversial spy program's database that investigators have repeatedly misused.
By Deeba Ahmed Is your WordPress site using LiteSpeed Cache? A recent surge in malicious JavaScript injections targets vulnerable versions. Learn how to identify the signs of infection and prevent future attacks. Patch, scan, and secure your WordPress site today! This is a post from HackRead.com Read the original post: LiteSpeed Cache Plugin XSS Vulnerability Affects 1.8M WordPress Sites
Despite Cyber Army of Russia’s claims of swaying US “minds and hearts,” experts say the cyber sabotage group appears to be hyping its hacking for a domestic audience.
By Deeba Ahmed Over 1.2 million records were exposed in a major data breach at UK security firm Amberstone. Learn the potential impact, what to do if affected, and how to stay secure. This is a post from HackRead.com Read the original post: Major UK Security Provider Leaks Trove of Guard and Suspect Data