Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

VPNs Persist Despite Zero-Trust Fervor

Most organizations still rely on virtual private networks for secure remote access.

DARKReading
#vulnerability#mac#auth#sap
China-Linked ToddyCat APT Pioneers Novel Spyware

ToddyCat's Samurai and Ninja tools are designed to give attackers persistent and deep access on compromised networks, security vendor says.

RIG Exploit Kit Replaces Raccoon Stealer Trojan With Dridex

After the Raccoon Stealer Trojan disappeared, the RIG Exploit Kit seamlessly adopted Dridex for credential theft.

The Power and Pitfalls of AI for US Intelligence

Artificial intelligence use is booming, but it's not the secret weapon you might imagine.

Ubuntu Security Notice USN-5489-1

Ubuntu Security Notice 5489-1 - Alexander Bulekov discovered that QEMU incorrectly handled floppy disk emulation. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly leak sensitive information. It was discovered that QEMU incorrectly handled NVME controller emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.

CVE-2021-40511: Home - OBDA Systems

OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka “billion laughs”) attack allowing denial of service.

Why Financial Institutions Must Double Down on Open Source Investments

Open source is here to stay, and it's imperative that CIOs have a mature, open source engagement strategy, across consumption, contribution, and funding as a pillar of digital transformation.

DFSCoerce, a new NTLM relay attack, can take control over a Windows domain

A researcher has posted a PoC for yet another NTLM relay attack method dubbed DFSCoerce. It is high time to retire NTLM. The post DFSCoerce, a new NTLM relay attack, can take control over a Windows domain appeared first on Malwarebytes Labs.

CVE-2022-32973: [R2] Nessus Version 10.2.0 Fixes Multiple Vulnerabilities

An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges.

CVE-2022-22979: CVE-2022-22979 | Security

In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework.