Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

ScarCruft's Evolving Arsenal: Researchers Reveal New Malware Distribution Techniques

The North Korean advanced persistent threat (APT) actor dubbed ScarCruft is using weaponized Microsoft Compiled HTML Help (CHM) files to download additional malware. According to multiple reports from AhnLab Security Emergency response Center (ASEC), SEKOIA.IO, and Zscaler, the findings are illustrative of the group's continuous efforts to refine and retool its tactics to sidestep detection. "

The Hacker News
#web#mac#microsoft#git#intel#backdoor#The Hacker News
The TikTok CEO’s Face-Off With Congress Is Doomed

On Thursday, Shou Zi Chew will meet a rare united front in the US Congress against the Chinese-owned social media app that has lawmakers in a tizzy.

CVE-2023-1168

An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX.

CVE-2023-28725: Changelog | GENERAL BYTES

General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the /batm/app/admin/standalone/deployments directory, aka BATM-4780, as exploited in the wild in March 2023. This is fixed in 20221118.48 and 20230120.44.

Cyberpion Rebrands As IONIX

IONIX illuminates exploitable risks across the real attack surface and its digital supply chain providing security teams with critical focus to accelerate risk reduction.

Cybersecurity Skills Shortage, Recession Fears Drive 'Upskilling' Training Trend

For companies, training an existing worker is cheaper than hiring, while for employees, training brings job security and more interesting work.

CVE-2022-37337: TALOS-2022-1596 || Cisco Talos Intelligence Group

A command execution vulnerability exists in the access control functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.