Security
Headlines
HeadlinesLatestCVEs

Tag

#pdf

North Korean Hackers Weaponizing Open-Source Software in Latest Cyber Attacks

A "highly operational, destructive, and sophisticated nation-state activity group" with ties to North Korea has been weaponizing open source software in their social engineering campaigns aimed at companies around the world since June 2022. Microsoft's threat intelligence teams, alongside LinkedIn Threat Prevention and Defense, attributed the intrusions with high confidence to Zinc, which is

The Hacker News
Open in Source
#google#microsoft#intel#backdoor#pdf#ssh#sap#The Hacker News
CVE-2022-41842: Download Xpdf and XpdfReader

An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.

CVE-2022-41844: segmemtation fault at xpdf-4.04/xpdf/AcroForm.cc:538 - forum.xpdfreader.com

An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.

What is User Flow and how to make one?

By Owais Sultan User Flow is a technique that allows you to quickly map the entire flow of screens on your… This is a post from HackRead.com Read the original post: What is User Flow and how to make one?

CVE-2022-40407: Security issues - Chamilo LMS

A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.

Researchers Uncover Covert Attack Campaign Targeting Military Contractors

A new covert attack campaign singled out multiple military and weapons contractor companies with spear-phishing emails to trigger a multi-stage infection process designed to deploy an unknown payload on compromised machines. The highly-targeted intrusions, dubbed STEEP#MAVERICK by Securonix, also targeted a strategic supplier to the F-35 Lightning II fighter aircraft. "The attack was carried out

CVE-2022-38222: [BUG] use-after-free in pdfimages,xpdf-4.04 - forum.xpdfreader.com

There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.

Sophisticated Covert Cyberattack Campaign Targets Military Contractors

Malware used in the STEEP#MAVERICK campaign features rarely seen obfuscation, anti-analysis, and evasion capabilities.

CVE-2022-40942: vulnerability/stack overflow via compare_parentcontrol_time.pdf at main · Rumble0x0/vulnerability

Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time.

Time to Change Our Flawed Approach to Security Awareness

Defend against phishing attacks with more than user training. Measure users' suspicion levels along with cognitive and behavioral factors, then build a risk index and use the information to better protect those who are most vulnerable.