Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Meta Uncovers Massive Social Media Cyber Espionage Operations Across South Asia

Three different threat actors leveraged hundreds of elaborate fictitious personas on Facebook and Instagram to target individuals located in South Asia as part of disparate attacks. "Each of these APTs relied heavily on social engineering to trick people into clicking on malicious links, downloading malware or sharing personal information across the internet," Guy Rosen, chief information

The Hacker News
#web#android#windows#apple#google#microsoft#wordpress#auth#The Hacker News
World Password Day must die

Categories: News Critical technology should not require an annual pep talk to function correctly. (Read more...) The post World Password Day must die appeared first on Malwarebytes Labs.

The one and only password tip you need

Categories: News I was asked to write a list of password tips. It's a short list. (Read more...) The post The one and only password tip you need appeared first on Malwarebytes Labs.

Meta Takes Down Malware Campaign That Used ChatGPT as a Lure to Steal Accounts

Meta said it took steps to take down more than 1,000 malicious URLs from being shared across its services that were found to leverage OpenAI's ChatGPT as a lure to propagate about 10 malware families since March 2023. The development comes against the backdrop of fake ChatGPT web browser extensions being increasingly used to steal users' Facebook account credentials with an aim to run

CVE-2023-25438: MilleGPG5 5.9.2 Local Privilege Escalation ≈ Packet Storm

An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalated privileges via modifying specific files.

RHSA-2023:2107: Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.9 security and bug fix update

The Migration Toolkit for Containers (MTC) 1.7.9 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41724: A flaw was found in Golang Go, where it is vulnerable to a denial of service caused when processing large TLS handshake records. By sending specially-crafted TLS handshake records, a remote, authenticated attacker can cause a denial of service condition. * CVE-2022-41725: A flaw was found in Go, where it is vulnerable to a denial of service caused by...

Databricks Platform Cluster Isolation Bypass

The Databricks Platform as of 2023-01-26 suffered from a cluster isolation bypass vulnerability through insecure defaults and shared storage.

Gentoo Linux Security Advisory 202305-10

Gentoo Linux Security Advisory 202305-10 - Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 109.0.5414.74-r1>= are affected.

Chinese Hacker Group Earth Longzhi Resurfaces with Advanced Malware Tactics

A Chinese state-sponsored hacking outfit has resurfaced with a new campaign targeting government, healthcare, technology, and manufacturing entities based in Taiwan, Thailand, the Philippines, and Fiji after more than six months of no activity. Trend Micro attributed the intrusion set to a cyber espionage group it tracks under the name Earth Longzhi, which is a subgroup within APT41 (aka HOODOO

Google Is Rolling Out Passkeys, the Password-Killing Tech, to All Accounts

The tech industry’s transition to passkeys gets its first massive boost with the launch of the alternative login scheme for Google’s billions of users.