Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Snowflake Account Attacks Driven by Exposed Legitimate Credentials

Credential management gets a boost with the latest infostealers' extortion campaign built on info stolen from cloud storage systems.

DARKReading
Open in Source
#web#git#intel#auth
Rite Aid says 2.2 million people affected in data breach

Rite Aid has started notifying 2.2 million people that were affected by data breach that was part of a June ransomware attack.

FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums

The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground forums to likely advertise a tool known to be used by ransomware groups like Black Basta. "AvNeutralizer (aka AuKill), a highly specialized tool developed by FIN7 to tamper with security solutions, has been marketed in the criminal underground and used by multiple

China-linked APT17 Targets Italian Companies with 9002 RAT Malware

A China-linked threat actor called APT17 has been observed targeting Italian companies and government entities using a variant of a known malware referred to as 9002 RAT. The two targeted attacks took place on June 24 and July 2, 2024, Italian cybersecurity company TG Soft said in an analysis published last week. "The first campaign on June 24, 2024 used an Office document, while the second

IDF Has Rebuffed 3B Cyberattacks Since Oct. 7, Colonel Claims

Israel's military computer systems have been under constant barrage in recent months.

GHSA-w799-v85j-88pg: Skupper uses a static cookie secret for the openshift oauth-proxy

A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie.

Microsoft: Scattered Spider Widens Web With RansomHub & Qilin

The gang already uses varied tools in its attacks, such as phishing, SIM swapping, and MFA fatigue.

GHSA-4xqq-m2hx-25v8: REXML denial of service vulnerability

### Impact The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. ### Patches The REXML gem 3.3.2 or later include the patches to fix these vulnerabilities. ### Workarounds Don't parse untrusted XMLs. ### References * https://github.com/ruby/rexml/security/advisories/GHSA-vg3r-rm7w-2xgh : This is a similar vulnerability * https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908/