Security
Headlines
HeadlinesLatestCVEs

Tag

#sap

CVE-2022-34917: Apache Kafka

A security vulnerability has been identified in Apache Kafka. It affects all releases since 2.8.0. The vulnerability allows malicious unauthenticated clients to allocate large amounts of memory on brokers. This can lead to brokers hitting OutOfMemoryException and causing denial of service. Example scenarios: - Kafka cluster without authentication: Any clients able to establish a network connection to a broker can trigger the issue. - Kafka cluster with SASL authentication: Any clients able to establish a network connection to a broker, without the need for valid SASL credentials, can trigger the issue. - Kafka cluster with TLS authentication: Only clients able to successfully authenticate via TLS can trigger the issue. We advise the users to upgrade the Kafka installations to one of the 3.2.3, 3.1.2, 3.0.2, 2.8.2 versions.

CVE
#sql#vulnerability#ios#dos#apache#rce#ldap#log4j#auth#sap#ssl
Uber: Lapsus$ Targeted External Contractor With MFA Bombing Attack

The ride-sharing giant says a member of the notorious Lapsus$ hacking group started the attack by compromising an external contractor's credentials, as researchers parse the incident for takeaways.

Rockstar Games Confirms 'Grand Theft Auto 6' Breach

The Take-Two Interactive subsidiary acknowledges an attack on its systems, where an attacker downloaded "early development footage for the next Grand Theft Auto" and other assets.

Uber Hacker Targets Rockstar Games, Leaks Trove of GTA 6 Data

By Waqas Rockstar Games has acknowledged the breach stating that the company is "extremely disappointed" to have any details of their next game shared with the public in such a way. This is a post from HackRead.com Read the original post: Uber Hacker Targets Rockstar Games, Leaks Trove of GTA 6 Data

The Uber Hack’s Devastation Is Just Starting to Reveal Itself

An alleged teen hacker claims to have gained deep access to the company’s systems, but the full picture of the breach is still coming into focus.

Botched Crypto Mugging Lands Three U.K. Men in Jail

Three men in the United Kingdom were arrested this month after police responding to an attempted break-in at a residence stopped their car as they fled the scene. The authorities found weapons and a police uniform in the trunk, and say the trio intended to assault a local man and force him to hand over virtual currencies.

Hacker Pwns Uber Via Compromised VPN Account

A teen hacker reportedly social-engineered an Uber employee to hand over an MFA code to unlock the corporate VPN, before burrowing deep into Uber's cloud and code repositories.

SAP SAPControl Web Service Interface Local Privilege Escalation

SAPControl Web Service Interface (sapstartsrv) suffers from a privilege escalation vulnerability via a race condition.

SAP SAProuter Improper Access Control

SAP SAProuter suffers from an improper access control vulnerability where permitting loopback traffic can lead to unexpected behavior.

North Korean Hackers Spreading Trojanized Versions of PuTTY Client Application

A threat with a North Korea nexus has been found leveraging a "novel spear phish methodology" that involves making use of trojanized versions of the PuTTY SSH and Telnet client. Google-owned threat intelligence firm Mandiant attributed the new campaign to an emerging threat cluster it tracks under the name UNC4034. "UNC4034 established communication with the victim over WhatsApp and lured them