Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

Gamaredon Group Launches Cyberattacks Against Ukraine Using Telegram

The Russian state-sponsored cyber espionage group known as Gamaredon has continued its digital onslaught against Ukraine, with recent attacks leveraging the popular messaging app Telegram to strike military and law enforcement sectors in the country. "The Gamaredon group's network infrastructure relies on multi-stage Telegram accounts for victim profiling and confirmation of geographic location,

The Hacker News
Open in Source
#mac#microsoft#cisco#git#intel#php#The Hacker News
OpenAI’s ChatGPT Can Create Polymorphic Malware

By Waqas The researchers managed to create the Polymorphic malware by bypassing the content filters in ChatGPT by using an authoritative tone. This is a post from HackRead.com Read the original post: OpenAI’s ChatGPT Can Create Polymorphic Malware

CVE-2023-23691: DSA-2023-018: Dell PowerVault ME5 Security Update for a Client Desync Attack Vulnerability

Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability. An unauthenticated attacker could potentially exploit this vulnerability to force a victim's browser to desynchronize its connection with the website, typically leading to XSS and DoS.

CVE-2022-48191: Security Bulletin: Trend Micro Maximum Security Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

A vulnerability exists in Trend Micro Maximum Security 2022 (17.7) wherein a low-privileged user can write a known malicious executable to a specific location and in the process of removal and restoral an attacker could replace an original folder with a mount point to an arbitrary location, allowing a escalation of privileges on an affected system.

PayPal Notifies 35,000 Users of Data Breach

By Habiba Rashid According to PayPal, hackers managed to access the personal information of 34,942 users; however, no transactions were performed from the breached accounts. This is a post from HackRead.com Read the original post: PayPal Notifies 35,000 Users of Data Breach

EmojiDeploy Attack Chain Targets Misconfigured Azure Service

Multiple misconfigurations in a service that underpins many Azure features could have allowed an attacker to remotely compromise a cloud user's system.

New Microsoft Azure Vulnerability Uncovered — Experts Warn of RCE Attacks

A new critical remote code execution (RCE) flaw discovered impacting multiple services related to Microsoft Azure could be exploited by a malicious actor to completely take control of a targeted application. "The vulnerability is achieved through CSRF (cross-site request forgery) on the ubiquitous SCM service Kudu," Ermetic researcher Liv Matan said in a report shared with The Hacker News. "By

Cybercriminals Target Telecom Provider Networks

The growing use of mobile devices for MFA and the proliferation of 5G and VoIP in general could result in more attacks in future, experts say.

New Research Delves into the World of Malicious LNK Files and Hackers Behind Them

Cybercriminals are increasingly leveraging malicious LNK files as an initial access method to download and execute payloads such as Bumblebee, IcedID, and Qakbot. A recent study by cybersecurity experts has shown that it is possible to identify relationships between different threat actors by analyzing the metadata of malicious LNK files, uncovering information such as the specific tools and

Following the LNK metadata trail

While tracking some prevalent commodity malware threat actors, Talos observed the popularization of malicious LNK files as their initial access method to download and execute payloads. A closer look at the LNK files illustrates how their metadata could be used to identify and track new campaigns.