Security
Headlines
HeadlinesLatestCVEs

Tag

#sap

Malicious Ads on Google Target Chinese Users with Fake Messaging Apps

Chinese-speaking users have been targeted by malicious Google ads for restricted messaging apps like Telegram as part of an ongoing malvertising campaign. "The threat actor is abusing Google advertiser accounts to create malicious ads and pointing them to pages where unsuspecting users will download Remote Administration Trojan (RATs) instead," Malwarebytes' Jérôme Segura said in a

The Hacker News
#web#mac#windows#google#microsoft#git#intel#sap#The Hacker News
Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP!

The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution (RCE). The issue, assigned the CVE identifier CVE-2024-23897, has been described as an arbitrary file read vulnerability through the

Cyber Threat Landscape: 7 Key Findings and Upcoming Trends for 2024

The 2023/2024 Axur Threat Landscape Report provides a comprehensive analysis of the latest cyber threats. The information combines data from the platform's surveillance of the Surface, Deep, and Dark Web with insights derived from the in-depth research and investigations conducted by the Threat Intelligence team. Discover the full scope of digital threats in the Axur Report 2023/2024. Overview

GHSA-c3c6-f2ww-xfr2: Apache Airflow: pickle deserialization vulnerability in XComs

Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.

GHSA-vm5m-qmrx-fw8w: Apache Airflow: Bypass permission verification to read code of other dags

Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.

Red Hat Security Advisory 2024-0376-03

Red Hat Security Advisory 2024-0376-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

GHSA-wj6h-64fc-37mp: Minerva timing attack on P-256 in python-ecdsa

python-ecdsa has been found to be subject to a Minerva timing attack on the P-256 curve. Using the `ecdsa.SigningKey.sign_digest()` API function and timing signatures an attacker can leak the internal nonce which may allow for private key discovery. Both ECDSA signatures, key generation, and ECDH operations are affected. ECDSA signature verification is unaffected. The python-ecdsa project considers side channel attacks out of scope for the project and there is no planned fix.

Apple iOS 17.3: How to Turn on iPhone's New Stolen Device Protection

Apple’s iOS 17.3 introduces Stolen Device Protection to iPhones, which could stop phone thieves from taking over your accounts. Here’s how to enable it right now.

Bind For Cleaning Blood And Bullet Marks In Counter-Strike 2

By Owais Sultan One of the most needed functions in the CS console has always been a command that allows you… This is a post from HackRead.com Read the original post: Bind For Cleaning Blood And Bullet Marks In Counter-Strike 2

The Fake Fix: New Chae$ 4.1 Malware Hides in Driver Downloads

By Deeba Ahmed The latest Chae$ 4.1 sends a direct message to the cybersecurity researchers at Morphisec within the source code. This is a post from HackRead.com Read the original post: The Fake Fix: New Chae$ 4.1 Malware Hides in Driver Downloads