Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

How the Ukraine War Opened a Fault Line in Cybercrime, Possibly Forever

Infighting, conscription, emigration. The war in Ukraine has pitted cybercriminals against one another like no other event before it.

DARKReading
Open in Source
#web#git#intel#auth
Ubuntu Security Notice USN-5886-1

Ubuntu Security Notice 5886-1 - Erik C. Bjorge discovered that some Intel Atom and Intel Xeon Scalable Processors did not properly implement access controls for out-of-band management. This may allow a privileged network-adjacent user to potentially escalate privileges. Cfir Cohen, Erdem Aktas, Felix Wilhelm, James Forshaw, Josh Eads, Nagaraju Kodalapura Nagabhushana Rao, Przemyslaw Duda, Liron Shacham and Ron Anderson discovered that some Intel Xeon Processors used incorrect default permissions in some memory controller configurations when using Intel Software Guard Extensions. This may allow a privileged local user to potentially escalate privileges.

CVE-2023-1068: Download Read More Excerpt Link <= 1.6.0 - Cross-Site Request Forgery to Settings Update — Wordfence Intelligence Community Edition

The Download Read More Excerpt Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.0. This is due to missing or incorrect nonce validation on the read_more_excerpt_link_menu_options() function. This makes it possible for unauthenticated attackers to update he plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

News Corp: Hackers sat undetected on its network for 2 years

By Waqas Rupert Murdoch's News Corp revealed a data breach in 2022, but it turns out that hackers had been in the media giant's network two years prior. This is a post from HackRead.com Read the original post: News Corp: Hackers sat undetected on its network for 2 years

CVE-2023-26545

In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.

3 Ways Artificial Intelligence Is Transforming the Stock Market Landscape (and Making It More Secure)

By Owais Sultan The AI software market has rapidly grown over the past few years. And, based on expert forecasts, it’s… This is a post from HackRead.com Read the original post: 3 Ways Artificial Intelligence Is Transforming the Stock Market Landscape (and Making It More Secure)

CVE-2023-1029: WP Meta SEO <= 4.5.3 - Cross-Site Request Forgery via 'regenerateSitemaps' — Wordfence Intelligence Community Edition

The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the regenerateSitemaps function. This makes it possible for unauthenticated attackers to regenerate Sitemaps via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Who’s Behind the Botnet-Based Service BHProxies?

A security firm has discovered that a five-year-old crafty botnet known as Mylobot appears to be powering a residential proxy service called BHProxies, which offers paying customers the ability to route their web traffic anonymously through compromised computers. Here’s a closer look at Mylobot, and a deep dive into who may be responsible for operating the BHProxies service.

Evaluating the Cyberwar Set Off by Russian Invasion of Ukraine

Preparation and cooperation helped to mitigate the worst of the digital damage, amid cyber sorties from all sides.

TikTok Ban Hits EU Commission Phones as Cybersecurity Worries Mount

Employees of the EU Commission are no longer allowed to use the TikTok app thanks to concerns over data security.