Security
Headlines
HeadlinesLatestCVEs

Tag

#google

Bumblebee Malware Buzzes Into Cyberattack Fray

The sophisticated Bumblebee downloader is being used in ongoing email-borne attacks that could lead to ransomware infections.

DARKReading
Open in Source
#web#mac#google#git#backdoor#perl#auth#sap
Hackers fool major tech companies into handing over data of women and minors to abuse

Law enforcement believes that these hackers duping major tech companies are teenagers. But they are causing severe harm. The post Hackers fool major tech companies into handing over data of women and minors to abuse appeared first on Malwarebytes Labs.

Fake USA for UNHCR site wants your Ukraine donations in Bitcoin

Scammers are disguising their phishing page as a donation hub for Ukrainian refugees. The post Fake USA for UNHCR site wants your Ukraine donations in Bitcoin appeared first on Malwarebytes Labs.

CVE-2022-28101: HTML Injection Leading to RCE in Turtl - Cyber Citadel

Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing attackers to execute HTML injection.

Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of organizations.

Cybercriminals Using New Malware Loader 'Bumblebee' in the Wild

Cybercriminal actors previously observed delivering BazaLoader and IcedID as part of their malware campaigns are said to have transitioned to a new loader called Bumblebee that's under active development. "Based on the timing of its appearance in the threat landscape and use by multiple cybercriminal groups, it is likely Bumblebee is, if not a direct replacement for BazaLoader, then a new,

Doppler Takes on Secrets Management

The startup is the latest company to try to solve the problem of organizing and sharing secrets.

CVE-2022-24891: esapi-java-legacy/esapi4java-core-2.3.0.0-release-notes.txt at develop · ESAPI/esapi-java-legacy

ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause "javascript:" URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the "onsiteURL" regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers' release notes and security bulletin.

Cybersecurity, Big Data & Automation Tools: What Marketers Need To Know

By Owais Sultan The cybersecurity threats that organizations face today are primarily associated with brand damage, trust issues, and significant financial… This is a post from HackRead.com Read the original post: Cybersecurity, Big Data & Automation Tools: What Marketers Need To Know

Synopsys to Acquire WhiteHat Security from NTT

Acquisition expands security software-as-a-service capabilities.