Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Black Hat Asia: ‘If democracy is to survive, technology will have to be tamed’

Indian tech policy expert Samir Saran says it’s not too late to ‘course-correct’ after a ‘challenging decade’ for liberal democracies

PortSwigger
Open in Source
#mac#git#alibaba#auth
CVE-2022-30407: bug_report/SQLi-1.md at main · k0xx11/bug_report

Pharmacy Sales And Inventory System v1.0 is vulnerable to SQL Injection via /pharmacy-sales-and-inventory-system/manage_user.php?id=.

Log4Shell Exploit Threatens Enterprise Data Lakes, AI Poisoning

A brand-new attack vector lays open enterprise data lakes, threatening grave consequences for AI use cases like telesurgery or autonomous cars.

Ukrainian hacker jailed for selling account credentials on the dark web

Botnet operator had thousands of hacked credential listings, according to the DoJ

Threat Actors Use Telegram to Spread ‘Eternity’ Malware-as-a-Service

An account promoting the project—which offers a range of threat activity from info-stealing to crypto-mining to ransomware as individual modules—has more than 500 subscribers.

How One Company Helps Keep Russia’s TV Propaganda Machine Online

Russia is using satellites controlled by French operator Eutelsat to broadcast state-run programming. A grassroots group is pushing for that to stop.

New Saitama backdoor Targeted Official from Jordan's Foreign Ministry

A spear-phishing campaign targeting Jordan's foreign ministry has been observed dropping a new stealthy backdoor dubbed Saitama. Researchers from Malwarebytes and Fortinet FortiGuard Labs attributed the campaign to an Iranian cyber espionage threat actor tracked under the moniker APT34, citing resemblances to past campaigns staged by the group. "Like many of these attacks, the email contained a

CVE-2022-29218

RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems (with platforms ending in numbers, like `arm64-darwin-21`) to be temporarily replaced in the CDN cache by a malicious package. The bug has been patched, and is believed to have never been exploited, based on an extensive review of logs and existing gems by rubygems. The easiest way to ensure that an application has not been exploited by this vulnerability is to verify all downloaded .gems checksums match the checksum recorded in the RubyGems.org database. RubyGems.org has been patched and is no longer vulnerable to this issue.

Transforming SQL Queries Bypasses WAF Security

A team of university researchers finds a machine learning-based approach to generating HTTP requests that slip past Web application firewalls.

A Guide to Using VPNs on Your Smartphone 

By Waqas A VPN these days is a must as we know it. The recent growth of VPN use has… This is a post from HackRead.com Read the original post: A Guide to Using VPNs on Your Smartphone