Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Nespresso Domain Hijacked in Phishing Attack Targeting Microsoft Logins

By Waqas Coffee with Double Brew of Trouble! This is a post from HackRead.com Read the original post: Nespresso Domain Hijacked in Phishing Attack Targeting Microsoft Logins

HackRead
Open in Source
#vulnerability#web#mac#microsoft#git#auth#wifi
0G and OnePiece Labs Collaborate to Create Crypto x AI Incubator

By Owais Sultan 0G Labs and One Piece Labs have announced the launch of the first incubator for startups working at… This is a post from HackRead.com Read the original post: 0G and OnePiece Labs Collaborate to Create Crypto x AI Incubator

Ubuntu Security Notice USN-6728-3

Ubuntu Security Notice 6728-3 - USN-6728-1 fixed vulnerabilities in Squid. The fix for CVE-2023-5824 caused Squid to crash in certain environments on Ubuntu 20.04 LTS and was disabled in USN-6728-2. The problematic fix for CVE-2023-5824 has now been corrected and reinstated in this update.

Gambio Online Webshop 4.9.2.0 Remote Code Execution

A remote code execution vulnerability in Gambio online webshop versions 4.9.2.0 and below allows remote attackers to run arbitrary commands via an unauthenticated HTTP POST request. The identified vulnerability within Gambio pertains to an insecure deserialization flaw, which ultimately allows an attacker to execute remote code on affected systems. The insecure deserialization vulnerability in Gambio poses a significant risk to affected systems. As it allows remote code execution, adversaries could exploit this flaw to execute arbitrary commands, potentially resulting in complete system compromise, data exfiltration, or unauthorized access to sensitive information.

Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution

This Metasploit module exploits two vulnerabilities in Palo Alto Networks PAN-OS that allow an unauthenticated attacker to create arbitrarily named files and execute shell commands. Configuration requirements are PAN-OS with GlobalProtect Gateway or GlobalProtect Portal enabled and telemetry collection on (default). Multiple versions are affected. Payloads may take up to one hour to execute, depending on how often the telemetry service is set to run.

Palo Alto PAN-OS Command Execution / Arbitrary File Creation

Palo Alto PAN-OS versions prior to 11.1.2-h3 command injection and arbitrary file creation exploit.

“Substantial proportion” of Americans may have had health and personal data stolen in Change Healthcare breach

UnitedHealth has made an announcement about the stolen data in the ransomware attack on subsidiary Change Healthcare.

Lessons for CISOs From OWASP's LLM Top 10

It's time to start regulating LLMs to ensure they're accurately trained and ready to handle business deals that could affect the bottom line.

GitHub Comments Abused to Spread Malware in Fake Microsoft Repositories

By Deeba Ahmed Hackers are exploiting GitHub comments to spread malware disguised as Microsoft software downloads tricking users into downloading malware. This is a post from HackRead.com Read the original post: GitHub Comments Abused to Spread Malware in Fake Microsoft Repositories

Suspected CoralRaider continues to expand victimology using three information stealers

Talos also discovered a new PowerShell command-line argument embedded in the LNK file to bypass anti-virus products and download the final payload into the victims’ host.