Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

CVE-2023-21618: Adobe Security Bulletin

Adobe Substance 3D Designer version 12.4.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

CVE
#vulnerability#mac#windows
PyLoad 0.5.0 Remote Code Execution

PyLoad version 0.5.0 suffers from an unauthenticated remote code execution vulnerability.

URLs have always been a great hiding place for threat actors

The information leak threats are certainly new, but the education and messaging from security evangelists (and even just anyone trying to educate an older or less security-savvy family member) doesn’t change.

'Shampoo' ChromeLoader Variant Difficult to Wash Out

A new version of the infamous browser extension is spreading through files on websites offering pirated wares and leverages unique persistence mechanisms.

Borderless Data vs. Data Sovereignty: Can They Co-Exist?

Organizations that remain compliant with data-sovereignty regulations while enabling cross-border data sharing gain significant competitive advantage because they can make quick, agile, and informed decisions.

Warning: GravityRAT Android Trojan Steals WhatsApp Backups and Deletes Files

An updated version of an Android remote access trojan dubbed GravityRAT has been found masquerading as messaging apps BingeChat and Chatico as part of a narrowly targeted campaign since June 2022. "Notable in the newly discovered campaign, GravityRAT can exfiltrate WhatsApp backups and receive commands to delete files," ESET researcher Lukáš Štefanko said in a new report published today. "The

New Supply Chain Attack Exploits Abandoned S3 Buckets to Distribute Malicious Binaries

In what's a new kind of software supply chain attack aimed at open source projects, it has emerged that threat actors could seize control of expired Amazon S3 buckets to serve rogue binaries without altering the modules themselves. "Malicious binaries steal the user IDs, passwords, local machine environment variables, and local host name, and then exfiltrates the stolen data to the hijacked

New Report Reveals Shuckworm's Long-Running Intrusions on Ukrainian Organizations

The Russian threat actor known as Shuckworm has continued its cyber assault spree against Ukrainian entities in a bid to steal sensitive information from compromised environments. Targets of the recent intrusions, which began in February/March 2023, include security services, military, and government organizations, Symantec said in a new report shared with The Hacker News. "In some cases, the

CVE-2023-2847: [CA8447] Customer Advisory: Local privilege escalation vulnerability in ESET products for Linux and macOS fixed

During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privileges due to improper privilege management to trigger actions with root privileges. ESET remedied this possible attack vector and has prepared new builds of its products that are no longer susceptible to this vulnerability.