Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

How to Master the Kill Chain Before Your Attackers Do

In the always-changing world of cyberattacks, preparedness is key.

DARKReading
Open in Source
#vulnerability#web#mac#git#auth
What's Your AppSec Personality?

It's time to decide which role to play to best serve your organization's security needs: an auditor, a lawyer, or a developer.

CVE-2022-34043: Vuln/Nomachine-Incorrect-Folder-Permission at main · ycdxsb/Vuln

Incorrect permissions for the folder C:\ProgramData\NoMachine\var\uninstall of Nomachine v7.9.2 allows attackers to perform a DLL hijacking attack and execute arbitrary code.

New YTStealer Malware Aims to Hijack Accounts of YouTube Content Creators

Cybersecurity researchers have documented a new information-stealing malware that targets YouTube content creators by plundering their authentication cookies. Dubbed "YTStealer" by Intezer, the malicious tool is likely believed to be sold as a service on the dark web, with it distributed using fake installers that also drop RedLine Stealer and Vidar. "What sets YTStealer aside from other

5 Surprising Cyberattacks AI Stopped This Year

See how these novel, sophisticated, or creative threats used techniques such as living off the land to evade detection from traditional defensive measures — but were busted by AI.

Forced Chrome extensions get removed, keep reappearing

Malwarebytes found a family of forced Chrome extensions that can't be removed because of a policy change that tells users "Your browser is managed". The post Forced Chrome extensions get removed, keep reappearing appeared first on Malwarebytes Labs.

Internet Safety Month: Everything you need to know about Omegle

Chatting with strangers piqued millions of internet users’ interest during the pandemic. Omegle made this possible. Is my child safe to use it though? The post Internet Safety Month: Everything you need to know about Omegle appeared first on Malwarebytes Labs.

New 'FabricScape' Bug in Microsoft Azure Service Fabric Impacts Linux Workloads

Cybersecurity researchers from Palo Alto Networks Unit 42 disclosed details of a new security flaw affecting Microsoft's Service Fabric that could be exploited to obtain elevated permissions and seize control of all nodes in a cluster. The issue, which has been dubbed FabricScape (CVE-2022-30137), could be exploited on containers that are configured to have runtime access. It has been remediated

CISA Warns of Active Exploitation of 'PwnKit' Linux Vulnerability in the Wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week moved to add a Linux vulnerability dubbed PwnKit to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. The issue, tracked as CVE-2021-4034 (CVSS score: 7.8), came to light in January 2022 and concerns a case of local privilege escalation in polkit's pkexec utility, which allows an

Service Fabric Privilege Escalation from Containerized Workloads on Linux

Under Coordinated Vulnerability Disclosure (CVD), cloud-security vendor Palo Alto Networks informed Microsoft of an issue affecting Service Fabric (SF) Linux clusters (CVE-2022-30137). The vulnerability enables a bad actor, with access to a compromised container, to escalate privileges and gain control of the resource’s host SF node and the entire cluster. Though the bug exists on … Service Fabric Privilege Escalation from Containerized Workloads on Linux Read More »