Security
Headlines
HeadlinesLatestCVEs

Tag

#web

INTERPOL Arrests 1,000 and Dismantles Cybercrime Networks Across Africa

Group-IB collaborated with INTERPOL and AFRIPO in a major crackdown on cybercrime in Africa for “Operation Serengeti.” This…

HackRead
Open in Source
#web#ddos#intel#auth
Hacker in Snowflake Extortions May Be a U.S. Soldier

Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect -- a prolific hacker known as Kiberphant0m -- remains at large and continues to publicly extort victims. However, this person's identity may not remain a secret for long: A careful review of Kiberphant0m's daily chats across multiple cybercrime personas suggests they are a U.S. Army soldier who is or was recently stationed in South Korea.

GHSA-7p9f-6x8j-gxxp: CRI-O: Maliciously structured checkpoint file can gain arbitrary node access

### Impact ### Patches 1.31.1, 1.30.6, 1.29.8 ### Workarounds set `enable_criu_support = false` ### References _Are there any links users can visit to find out more?_

'RomCom' APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor

The innocuously named Russian-sponsored cyber threat actor has combined critical and serious vulnerabilities in Windows and Firefox products in a zero-click code execution exploit.

Geico, Travelers Fined $11.3M for Lax Data Security

New York state regulators punish insurers after cybercriminals illegally access customer info they then used to file scam unemployment claims during the COVID-19 pandemic.

GHSA-hh33-46q4-hwm2: Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion

### Impact Existing lakeFS users who have issued credentials to users who have been deleted. Creating a new user with the same username, that user will inherit all of the previous user's credentials lakeFS needs to delete user credentials upon user deletion. ### Patches _Has the problem been patched? What versions should users upgrade to?_ ### Workarounds A possible workaround will be not to reuse usernames that were previously deleted ### References _Are there any links users can visit to find out more?_

Is Bitcoin Still a Secure and Reliable Trading Option? 

Cryptocurrencies are a relatively new asset class, and over the years, they have continued to be the subject…

AWS Rolls Out Updates to Amazon Cognito

Amazon Web Services' identity and access management platform has added new features that help developers implement secure, scalable, and customizable authentication solutions for their applications.

OpenSea Phishers Aim to Drain Crypto Wallets of NFT Enthusiasts

Cyberattackers have been targeting the online NFT marketplace with emails claiming to make an offer to a targeted user; in reality, clicking on a malicious link takes victims to a crypto-draining site.

GHSA-rmv2-8jjc-23xw: TCPDF Local File Inclusion vulnerability

Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through <img> src tag, potentially exposing sensitive information.