Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2023-40902: founded-0-days/ac10/SetIpMacBind/1.md at main · peris-navince/founded-0-days

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind.

CVE
Open in Source
#vulnerability#mac#git
CVE-2023-40896: founded-0-days/ac8/SetIpMacBind/1.md at main · peris-navince/founded-0-days

Tenda AC8 v4 US_AC8V4.0si_V16.03.34.06_cn was discovered to contain a stack overflow via parameter list and bindnum at /goform/SetIpMacBind.

Russian Hackers Employ Telekopye Toolkit in Broad Phishing Attacks

By Deeba Ahmed Meet Telekopye, a new phishing toolkit that uses a Telegram bot to carry out its operations. This is a post from HackRead.com Read the original post: Russian Hackers Employ Telekopye Toolkit in Broad Phishing Attacks

The Last Hour Before Yevgeny Prigozhin's Plane Crash

Russia tightly controls its information space—making it hard to get accurate information out of the country. But open source data provides some clues about the crash.

GHSA-q4pp-j36h-3gqg: Minimal `basti` IAM Policy Allows Shell Access

### Summary The provided Minimal IAM Policy for `bastic connect` does not include `ssm:SessionDocumentAccessCheck`. This results in the ability to get a shell session on the bastion, not just the intended access for Port Forwarding. ### Details `basti connect` is designed to "securely connect to your RDS/Aurora/Elasticache/EC2 instances", using a bastion instance "with [AWS Session Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html) port forwarding capability to make the target available on your localhost." The [Minimal IAM Policy](https://github.com/BohdanPetryshyn/basti#minimal-iam-permissions) allows port forwarding via the following statement: ``` { "Effect": "Allow", "Action": "ssm:StartSession", "Resource": [ "arn:aws:ssm:*:*:document/AWS-StartPortForwardingSessionToRemoteHost", "arn:aws:ec2:<your-region>:<your-account-id>:instance/<your-basti-instance-id>" ] } ``` This statement does no...

Lazarus Group's infrastructure reuse leads to discovery of new malware

Lazarus Group appears to be changing its tactics, increasingly relying on open-source tools and frameworks in the initial access phase of their attacks, as opposed to strictly employing them in the post-compromise phase.

Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT

This is the third documented campaign attributed to this actor in less than a year, with the actor reusing the same infrastructure throughout these operations.

Why The Chainsmokers Invest in—and Party With—Niche Cybersecurity Companies

Musician Alex Pall spoke with WIRED about his VC firm, the importance of raising cybersecurity awareness in a rapidly digitizing world, and his surprise that hackers know how to go hard.