Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Capital One Joins Open Source Security Foundation

OpenSSF welcomes Capital One as a premier member affirming its commitment to strengthening the open source software supply chain.

DARKReading
Open in Source
#vulnerability#google#microsoft#linux#cisco#red_hat#nodejs#js#git#oracle#kubernetes#intel#perl#vmware#aws#ericsson#huawei#ibm#dell
CVE-2022-32742: Samba - Security Announcement Archive

A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).

SolarWinds Hackers Using New Post-Exploitation Backdoor ‘MagicWeb’

By Deeba Ahmed Microsoft has warned that the new post-compromise backdoor MagicWeb lets hackers "authenticate as anyone." This is a post from HackRead.com Read the original post: SolarWinds Hackers Using New Post-Exploitation Backdoor ‘MagicWeb’

Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers

The threat actor behind the SolarWinds supply chain attack has been linked to yet another "highly targeted" post-exploitation malware that could be used to maintain persistent access to compromised environments. Dubbed MagicWeb by Microsoft's threat intelligence teams, the development reiterates Nobelium's commitment to developing and maintaining purpose-built capabilities. Nobelium is the tech

PyPI Repository Warns Python Project Maintainers About Ongoing Phishing Attacks

The Python Package Index, PyPI, on Wednesday sounded the alarm about an ongoing phishing campaign that aims to steal developer credentials and inject malicious updates to legitimate packages. "This is the first known phishing attack against PyPI," the maintainers of the official third-party software repository said in a series of tweets. The social engineering attack entails sending

LockBit ransomware gang blames victim for DDoS attack on its website

By Deeba Ahmed LockBit Ransomware Gang claims its leak site was hit by a massive DDoS attack allegedly carried out by security company Entrust. This is a post from HackRead.com Read the original post: LockBit ransomware gang blames victim for DDoS attack on its website

CISA: Just-Disclosed Palo Alto Networks Firewall Bug Under Active Exploit

The bug tracked as CVE-2022-0028 allows attackers to hijack firewalls without authentication, in order to mount DDoS hits on their targets of choice.

CVE-2021-4028: LKML: Greg Kroah-Hartman: [PATCH 5.10 22/93] RDMA/cma: Do not change route.addr.src_addr.ss_family

A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.

Acronis' Midyear Cyberthreats Report Finds Ransomware Is the No. 1 Threat to Organizations, Projects Damages to Exceed $30 Billion by 2023

Increasing complexity in IT continues to lead to breaches and compromises, highlighting the need for more holistic approaches to cyber protection.

CyberRatings.org Announces New Web Browser Test Results for 2022

Three of the world's leading browsers were measured for phishing and malware protection, with time to block and protection over time as key metrics in test scores.