Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers

Microsoft has disclosed that it's detected a spike in credential-stealing attacks conducted by the Russian state-affiliated hacker group known as Midnight Blizzard. The intrusions, which made use of residential proxy services to obfuscate the source IP address of the attacks, target governments, IT service providers, NGOs, defense, and critical manufacturing sectors, the tech giant's threat

The Hacker News
Open in Source
#vulnerability#web#windows#microsoft#git#java#intel#zero_day#The Hacker News
Malvertising: A stealthy precursor to infostealers and ransomware attacks

Categories: Business Malvertising, the practice of using online ads to spread malware, can have dire consequences—and the problem only seems to be growing. (Read more...) The post Malvertising: A stealthy precursor to infostealers and ransomware attacks appeared first on Malwarebytes Labs.

Update Your iPhone Right Now to Fix 2 Apple Zero Days

Plus: Discord has a child predator problem, fears rise of China spying from Cuba, and hackers try to blackmail Reddit.

CVE-2023-3197: MStore API <= 4.0.1 - Unauthenticated SQL Injection — Wordfence Intelligence

The MStore API plugin for WordPress is vulnerable to Unauthenticated Blind SQL Injection via the 'id' parameter in versions up to, and including, 4.0.1 due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE-2023-35154: Account validation bypass

Knowage is an open source analytics and business intelligence suite. Starting in version 6.0.0 and prior to version 8.1.8, an attacker can register and activate their account without having to click on the link included in the email, allowing them access to the application as a normal user. This issue has been patched in version 8.1.8.

Silobreaker Unveils Geopolitical Threat Intelligence Capabilities With RANE at Infosecurity Europe 2023

Integration provides threat intel teams with an early warning system for geopolitical events that could trigger cyberattacks.

NSA: BlackLotus BootKit Patching Won't Prevent Compromise

It's unclear why the NSA issued in-depth mitigation guidance for the software boot threat now, but orgs should take steps to harden their environments.

Suspicious Smartwatches Mailed to US Army Personnel

Unknown senders have been shipping smartwatches to service members, leading to questions regarding what kind of ulterior motive is at play, malware or otherwise.

CVE-2023-33565: Analyzing Security Vulnerability and Forensic Investigation of ROS2: A Case Study | Proceedings of the 8th International Conference on Robotics and Artificial Intelligence

ROS2 (Robot Operating System 2) Foxy Fitzroy ROS_VERSION=2 and ROS_PYTHON_VERSION=3 are vulnerable to Denial-of-Service (DoS) attacks. A malicious user potentially exploited the vulnerability remotely and crashed the ROS2 nodes.

Patched OpenSSH Exploited for IoT, Linux Cryptomining

By Deeba Ahmed According to Microsoft, the new campaign is ongoing and uses a backdoor to install a patched version of OpenSSH to hijack targeted devices. This is a post from HackRead.com Read the original post: Patched OpenSSH Exploited for IoT, Linux Cryptomining