Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

GitLab warns zero-click vulnerability could lead to account takeovers

GitLab has warned about a critical vulnerability that allows an attacker to change passwords without user interaction.

Malwarebytes
Open in Source
#vulnerability#web#git#auth
Hackers Weaponize Windows Flaw to Deploy Crypto-Siphoning Phemedrone Stealer

Threat actors have been observed leveraging a now-patched security flaw in Microsoft Windows to deploy an open-source information stealer called Phemedrone Stealer. “Phemedrone targets web browsers and data from cryptocurrency wallets and messaging apps such as Telegram, Steam, and Discord,” Trend Micro researchers Peter Girnus, Aliakbar Zahravi, and Simon Zuckerbraun said. “It also

GHSA-62cf-jvpp-48q6: Drupal Denial of Service vulnerability

Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition.

Patch management needs a revolution, part 2: The flood of vulnerabilities

This is the second part of Vincent Danen’s “Patch management needs a revolution” series. The first post can be read here.When I started working in the security field over 20 years ago, CVE (Common Vulnerabilities and Exposures) had just been created. In 1999, MITRE, a US-based Federally Funded Research and Development Corporation (FFRDC) was established to advance national security, creating the CVE program as a way of cataloging vulnerabilities so that any single vulnerability could be distinguished from another. It was a few years before it gained wider adoption and longer yet to be co

Windows Defender SmartScreen Vulnerability Exploited with Phemedrone Stealer

By Deeba Ahmed Attackers Leveraging Windows Vulnerability in Phemedrone Malware Campaign for Enhanced Stealth. This is a post from HackRead.com Read the original post: Windows Defender SmartScreen Vulnerability Exploited with Phemedrone Stealer

3 Ransomware Group Newcomers to Watch in 2024

The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 4,368 cases.  Figure 1: Year over year victims per quarter The rollercoaster ride from explosive growth in 2021 to a momentary dip in 2022 was just a teaser—2023 roared back with the same fervor as 2021, propelling existing groups and ushering in a wave of formidable

Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows

Cybersecurity researchers have disclosed a security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be exploited to execute any file on the underlying operating system. The remote code execution vulnerability has been codenamed MyFlaw by the Guardio Labs research team owing to the fact that it takes advantage of a feature called My Flow that makes it

Gentoo Linux Security Advisory 202401-18

Gentoo Linux Security Advisory 202401-18 - A vulnerability has been found in zlib that can lead to a heap-based buffer overflow. Versions greater than or equal to 1.2.13-r2 are affected.

Gentoo Linux Security Advisory 202401-17

Gentoo Linux Security Advisory 202401-17 - A vulnerability has been found in libgit2 which could result in privilege escalation. Versions greater than or equal to 1.4.4 are affected.

Korenix JetNet Series Unauthenticated Access

Korenix JetNet Series allows TFTP without authentication and also allows for unauthenticated firmware upgrades.