Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

New Report: Inside the High Risk of Third-Party SaaS Apps

A new report from Adaptive Shield looks at the how volume of applications being connected to the SaaS stack and the risk they represent to company data.

DARKReading
#google#microsoft#intel#auth
Experts Identify Fully-Featured Info Stealer and Trojan in Python Package on PyPI

A malicious Python package uploaded to the Python Package Index (PyPI) has been found to contain a fully-featured information stealer and remote access trojan. The package, named colourfool, was identified by Kroll's Cyber Threat Intelligence team, with the company calling the malware Colour-Blind. "The 'Colour-Blind' malware points to the democratization of cybercrime that could lead to an

Internet Explorer users still targeted by RIG exploit kit

Categories: News Tags: RIG EK Tags: exploit kit Tags: MakeMoney Tags: Internet Explorer Tags: Jerome Segura The RIG Exploit Kit is one of the last major exploit kits that still targets the legacy Internet Explorer browser. (Read more...) The post Internet Explorer users still targeted by RIG exploit kit appeared first on Malwarebytes Labs.

CVE-2023-26046: feat: unescape any HTML entities · kitabisa/teler-waf@d1d49cf

teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute arbitrary JavaScript code on the victim's browser and compromise the security of the web application. The vulnerability exists due to teler-waf failure to properly sanitize and filter HTML entities in user input. An attacker can exploit this vulnerability to bypass common web attack threat rules in teler-waf and launch cross-site scripting (XSS) attacks. The attacker can execute arbitrary JavaScript code on the victim's browser and steal sensitive information, such as login credentials and session tokens, or take control of the victim's browser and perform malicious actions. This issue has been fixed in version 0.1.1.

Forescout Addresses Modern SecOps Challenges With Launch of Forescout XDR

New eXtended Detection and Response Solution is 450X more efficient than typical SOCs at converting telemetry and logs into actionable alerts.

CVE-2023-23005: mm/demotion: fix NULL vs IS_ERR checking in memory_tier_init · torvalds/linux@4a625ce

** DISPUTED ** In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). NOTE: this is disputed by third parties because there are no realistic cases in which a user can cause the alloc_memory_type error case to be reached.

What Happened in That Cyberattack? With Some Cloud Services, You May Never Know

More cyberattackers are targeting organizations' cloud environments, but some cloud services, such as Google Cloud Platform's storage, fail to create adequate logs for forensics.

AI voice cracks telephone banking voice recognition

Categories: News Tags: AI Tags: voice Tags: generated Tags: synthetic Tags: bank Tags: banking Tags: telephone Tags: login Tags: account Now that we have freely available artificial intelligence happily replicating people’s voices, could it be a security risk? (Read more...) The post AI voice cracks telephone banking voice recognition appeared first on Malwarebytes Labs.