Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Discover Why Proactive Web Security Outsmarts Traditional Antivirus Solutions

In a rapidly evolving digital landscape, it's crucial to reevaluate how we secure web environments. Traditional antivirus-approach solutions have their merits, but they're reactive. A new report delves into the reasons for embracing proactive web security solutions, ensuring you stay ahead of emerging threats.  To learn more, download the full report here. The New Paradigm If you’ve been relying

The Hacker News
Open in Source
#xss#vulnerability#web#js#git#intel#perl#log4j#zero_day#The Hacker News
GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability

The recently disclosed critical security flaw impacting Apache ActiveMQ is being actively exploited by threat actors to distribute a new Go-based botnet called GoTitan as well as a .NET program known as PrCtrl Rat that's capable of remotely commandeering the infected hosts. The attacks involve the exploitation of a remote code execution bug (CVE-2023-46604, CVSS score: 10.0) that has been

Critical Vulns Found in Ray Open Source Framework for AI/ML Workloads

Anyscale has dismissed the vulnerabilities as non-issues, according to researchers who reported the bugs to the company.

A Civil Rights Firestorm Erupts Around a Looming Surveillance Power Grab

Dozens of advocacy groups are pressuring the US Congress to abandon plans to ram through the renewal of a controversial surveillance program that they say poses an “alarming threat to civil rights.”

Ukraine Hacks Russia’s Aviation Agency, Claims “Aviation Cannibalism”

By Deeba Ahmed In a press release, Ukraine’s intelligence agency referred to the hacking as a “successful complex special operation in cyberspace.”  This is a post from HackRead.com Read the original post: Ukraine Hacks Russia’s Aviation Agency, Claims “Aviation Cannibalism”

Fight or Flight: How to Keep Cyberattacks From Taking Off

As industries around the world act to mitigate the increase in cyber threats, the aviation sector should be leading the cybersecurity uprising, explains William "Hutch" Hutchison, CEO of SimSpace.

Ransomware gangs and Living Off the Land (LOTL) attacks: A deep dive

Dive deep into into the intersection of two of today's most dangerous threats.

CVE-2023-49314: Baixar o aplicativo Asana para dispositivos móveis e computador • Asana

Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack.

Hunters Security: Google Workspace Vulnerable to Takeover Due to Domain-Wide Delegation Flaw

By Owais Sultan Dubbed "DeleFriend," the vulnerability enables attackers to manipulate GCP and Google Workspace delegations without needing the high-privilege Super Admin role on Workspace. This is a post from HackRead.com Read the original post: Hunters Security: Google Workspace Vulnerable to Takeover Due to Domain-Wide Delegation Flaw

Ubuntu Security Notice USN-6502-2

Ubuntu Security Notice 6502-2 - Ivan D Barrera, Christopher Bednarz, Mustafa Ismail, and Shiraz Saleem discovered that the InfiniBand RDMA driver in the Linux kernel did not properly check for zero-length STAG or MR registration. A remote attacker could possibly use this to execute arbitrary code. Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service.