Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2023-38418: myF5

The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE
#mac
Perch CMS 3.2 Cross Site Scripting

Perch CMS version 3.2 suffers from a persistent cross site scripting vulnerability.

Russian Cyber Adversary BlueCharlie Alters Infrastructure in Response to Disclosures

A Russa-nexus adversary has been linked to 94 new domains, suggesting that the group is actively modifying its infrastructure in response to public disclosures about its activities. Cybersecurity firm Recorded Future linked the new infrastructure to a threat actor it tracks under the name BlueCharlie, a hacking crew that's broadly known by the names Blue Callisto, Callisto (or Calisto),

Industrial Control Systems Vulnerabilities Soar: Over One-Third Unpatched in 2023

About 34% of security vulnerabilities impacting industrial control systems (ICSs) that were reported in the first half of 2023 have no patch or remediation, registering a significant increase from 13% the previous year. According to data compiled by SynSaber, a total of 670 ICS product flaws were reported via the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in the first half of

Top Industries Significantly Impacted by Illicit Telegram Networks

In recent years the rise of illicit activities conducted within online messaging platforms has become a growing concern for countless industries. One of the most notable platforms that has been host to many malicious actors and nefarious activities has been Telegram. Thanks to its accessibility, popularity, and user anonymity, Telegram has attracted a large number of threat actors driven by

Researchers Uncover AWS SSM Agent Misuse as a Covert Remote Access Trojan

Cybersecurity researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows the AWS Systems Manager Agent (SSM Agent) to be run as a remote access trojan on Windows and Linux environments "The SSM agent, a legitimate tool used by admins to manage their instances, can be re-purposed by an attacker who has achieved high privilege access on an endpoint with

CVE-2023-4016: procps-ng / procps · GitLab

Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.