Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Kernel Live Patch Security Notice LSN-0106-1

In the Linux kernel, vulnerabilities in netfilter, tls, and tty have been resolved.

Packet Storm
Open in Source
#vulnerability#web#google#microsoft#amazon#ubuntu#linux#oracle#aws#ibm#ssl
Ubuntu Security Notice USN-6969-1

Ubuntu Security Notice 6969-1 - It was discovered that Cacti did not properly apply checks to the "Package Import" feature. An attacker could possibly use this issue to perform arbitrary code execution. This issue only affected Ubuntu 24.04 LTS, Ubuntu 22.04 LTS, Ubuntu 20.04 LTS and Ubuntu 18.04 LTS. It was discovered that Cacti did not properly sanitize values when using javascript based API. A remote attacker could possibly use this issue to inject arbitrary javascript code resulting into cross-site scripting vulnerability. This issue only affected Ubuntu 24.04 LTS.

Akuvox Smart Intercom/Doorphone Unauthenticated Stream Disclosure

Akuvox Smart Intercom/Doorphone suffers from an unauthenticated live stream disclosure when requesting video.cgi endpoint on port 8080. Many versions are affected.

Simple Machines Forum 2.1.4 Code Injection

Simple Machines Forum version 2.1.4 suffers from an authenticated code injection vulnerability.

“We will hold them accountable”: General Motors sued for selling customer driving data to third parties

The Texas Attorney General is suing GM for selling driving data to third parties where they would end up in the hands of insurance companies.

Anatomy of an Attack

In today's rapidly evolving cyber threat landscape, organizations face increasingly sophisticated attacks targeting their applications. Understanding these threats and the technologies designed to combat them is crucial. This article delves into the mechanics of a common application attack, using the infamous Log4Shell vulnerability as an example, and demonstrates how Application Detection and

Iranian Cyber Group TA453 Targets Jewish Leader with New AnvilEcho Malware

Iranian state-sponsored threat actors have been observed orchestrating spear-phishing campaigns targeting a prominent Jewish figure starting in late July 2024 with the goal of delivering a new intelligence-gathering tool called AnvilEcho. Enterprise security company Proofpoint is tracking the activity under the name TA453, which overlaps with activity tracked by the broader cybersecurity

Web Browser Stored Credentials

Microsoft introduced Data Protection Application Programming Interface (DPAPI) in Windows environments as a method to encrypt and decrypt sensitive data such as credentials using the… Continue reading → Web Browser Stored Credentials

Web Browser Stored Credentials

Microsoft introduced Data Protection Application Programming Interface (DPAPI) in Windows environments as a method to encrypt and decrypt sensitive data such as credentials using the… Continue reading → Web Browser Stored Credentials

Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America

Cybersecurity researchers have shed light on a threat actor known as Blind Eagle that has persistently targeted entities and individuals in Colombia, Ecuador, Chile, Panama, and other Latin American nations. Targets of these attacks span several sectors, including governmental institutions, financial companies, energy and oil and gas companies. "Blind Eagle has demonstrated adaptability in