Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign

A threat actor named Matrix has been linked to a widespread distributed denial-of-service (DoD) campaign that leverages vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet. "This operation serves as a comprehensive one-stop shop for scanning, exploiting vulnerabilities, deploying malware, and setting up shop kits, showcasing a

The Hacker News
Open in Source
#vulnerability#ddos#dos#botnet#The Hacker News
Hacker in Snowflake Extortions May Be a U.S. Soldier

Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect -- a prolific hacker known as Kiberphant0m -- remains at large and continues to publicly extort victims. However, this person's identity may not remain a secret for long: A careful review of Kiberphant0m's daily chats across multiple cybercrime personas suggests they are a U.S. Army soldier who is or was recently stationed in South Korea.

ABB Cylon Aspect 3.08.01 (vstatConfigurationDownload.php) Config Download

The ABB BMS/BAS controller suffers from an unauthenticated configuration download vulnerability. This can be exploited to download the CSV DB that contains the configuration mappings information via the VMobileImportExportServlet by directly calling the vstatConfigurationDownload.php script.

GHSA-7p9f-6x8j-gxxp: CRI-O: Maliciously structured checkpoint file can gain arbitrary node access

### Impact ### Patches 1.31.1, 1.30.6, 1.29.8 ### Workarounds set `enable_criu_support = false` ### References _Are there any links users can visit to find out more?_

'RomCom' APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor

The innocuously named Russian-sponsored cyber threat actor has combined critical and serious vulnerabilities in Windows and Firefox products in a zero-click code execution exploit.

Geico, Travelers Fined $11.3M for Lax Data Security

New York state regulators punish insurers after cybercriminals illegally access customer info they then used to file scam unemployment claims during the COVID-19 pandemic.

Explained: the Microsoft connected experiences controversy

Microsoft connected experiences have been the subject of heated online discussions. So what are they, and do they train AI with my data?

Salt Typhoon Builds Out Malware Arsenal With GhostSpider

The APT, aka Earth Estries, is one of China's most effective threat actors, performing espionage for sometimes years on end against telcos, ISPs, and governments before being detected.

GHSA-hh33-46q4-hwm2: Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion

### Impact Existing lakeFS users who have issued credentials to users who have been deleted. Creating a new user with the same username, that user will inherit all of the previous user's credentials lakeFS needs to delete user credentials upon user deletion. ### Patches _Has the problem been patched? What versions should users upgrade to?_ ### Workarounds A possible workaround will be not to reuse usernames that were previously deleted ### References _Are there any links users can visit to find out more?_

Automating Data Encryption and Security Audits for Continuous Protection

Protecting sensitive data is critical for businesses facing constant cyber threats. Automating encryption, audits, and access control strengthens security and reduces human error.