Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic

The infamous cryptocurrency miner group called 8220 Gang has been observed using a new crypter called ScrubCrypt to carry out cryptojacking operations. According to Fortinet FortiGuard Labs, the attack chain commences with successful exploitation of susceptible Oracle WebLogic servers to download a PowerShell script that contains ScrubCrypt. Crypters are a type of software that can encrypt,

The Hacker News
Open in Source
#vulnerability#web#mac#windows#microsoft#apache#oracle#auth#The Hacker News
CVE-2023-27986: security - Shell command and Emacs Lisp code injection in emacsclient-mail.desktop

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters.

CVE-2023-26948: Background arbitrary file reading vulnerability 2 · Issue #5 · keheying/onekeyadmin

onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download.

BlackLotus UEFI bootkit Can Bypass Secure Boot on Windows

By Deeba Ahmed Security firm ESET’s cybersecurity researchers have shared their analysis of the world’s first UEFI bootkit being used in… This is a post from HackRead.com Read the original post: BlackLotus UEFI bootkit Can Bypass Secure Boot on Windows

CVE-2023-26956: Background development assistant arbitrary file reading vulnerability · Issue #4 · keheying/onekeyadmin

onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code.

Phishing Attack Uses UAC Bypass to Drop Remcos RAT Malware

By Deeba Ahmed Currently, scammers are using DBatLoader malware loader to distribute Remcos RAT to businesses and institutions across Eastern Europe. This is a post from HackRead.com Read the original post: Phishing Attack Uses UAC Bypass to Drop Remcos RAT Malware

CVE-2023-1275: bug_report/XSS-1.md at main · blairting/bug_report

A vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0. This vulnerability affects unknown code of the file /osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php of the component CAPTCHA Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222598 is the identifier assigned to this vulnerability.

AI-Powered 'BlackMamba' Keylogging Attack Evades Modern EDR Security

Researchers warn that polymorphic malware created with ChatGPT and other LLMs will force a reinvention of security automation.