Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Millions of iOS and Android Users at Risk as Popular Apps Expose Cloud Keys

Millions of iOS and Android users are at risk after Symantec discovered that popular apps contain hardcoded, unencrypted…

HackRead
Open in Source
#vulnerability#web#ios#android#apple#google#aws#auth#chrome#wifi
Think You’re Secure? 49% of Enterprises Underestimate SaaS Risks

It may come as a surprise to learn that 34% of security practitioners are in the dark about how many SaaS applications are deployed in their organizations. And it’s no wonder—the recent AppOmni 2024 State of SaaS Security Report reveals that only 15% of organizations centralize SaaS security within their cybersecurity teams. These statistics not only highlight a critical security blind spot,

Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks

Threat actors have been observed abusing Amazon S3 (Simple Storage Service) Transfer Acceleration feature as part of ransomware attacks designed to exfiltrate victim data and upload them to S3 buckets under their control. "Attempts were made to disguise the Golang ransomware as the notorious LockBit ransomware," Trend Micro researchers Jaromir Horejsi and Nitesh Surana said. "However, such is

GHSA-hhxg-rvc9-8726: camaleon_cms affected by cross site scripting

Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field.

Strengthen DevSecOps with Red Hat Trusted Software Supply Chain

As organizations start deploying advanced monitoring capabilities to protect their production environment from cyber attacks, attackers are finding it increasingly difficult to break in and compromise systems. As a result, they are now leveraging alternate approaches to infiltrate systems by secretly injecting malware into the software supply chain. This illicit code allows them to turn a software component into a Trojan horse of sorts, resulting in software infected with malicious code which allows cyber criminals to open the "doors to the kingdom" from the inside.A recent report from BlackBe

ABB Cylon Aspect 3.08.01 (logCriticalLookup.php) Unauthenticated Log Disclosure

The ABB BMS/BAS controller suffers from an unauthenticated log information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose the webserver's log file containing system information running on the device.

ABB Cylon Aspect 3.08.01 (throttledLog.php) Unauthenticated Log Disclosure

The ABB BMS/BAS controller suffers from an unauthenticated log information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose the webserver's log file containing system information running on the device.

Samsung Zero-Day Vuln Under Active Exploit, Google Warns

If exploited, bad actors can execute arbitrary code while evading detection thanks to a renamed process.

OPA for Windows Vulnerability Exposes NTLM Hashes

The vulnerability affects all versions prior to v0.68.0 and highlights the risks organizations assume when consuming open source software and code.