Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

Cybersecurity hotlines at colleges could go a long way toward filling the skills gap

These clinics offers pro-bono cybersecurity services — like incident response, general advice and ransomware defense — to community organizations, non-profits and small businesses that normally couldn’t afford to pay a private company for these same services.

TALOS
Open in Source
#sql#vulnerability#web#mac#microsoft#cisco#intel#rce#auth#zero_day
2 More Apple Zero-Days Exploited in Ongoing iOS Spy Campaign

The zero-day security bugs are being used to deploy the sophisticated but "odd" TriangleDB spying implant on targeted iOS devices.

Advantech R-SeeNet

1. EXECUTIVE SUMMARY ​CVSS v3 9.8 ​ATTENTION: Exploitable remotely/low attack complexity ​Vendor: Advantech ​Equipment: R-SeeNet ​Vulnerability: Hard Coded Password, External Control of File Name or Path 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could allow an attacker to authenticate as a valid user or access files on the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​Advantech reports these vulnerabilities affects the following R-SeeNet monitoring application: ​R-SeeNet: versions 2.4.22 and prior 3.2 VULNERABILITY OVERVIEW ​3.2.1 USE OF HARD-CODED CREDENTIALS CWE-798 ​Advantech R-SeeNet is installed with a hidden root-level user that is not available in the users list. This hidden user has a password that cannot be changed by users. ​CVE-2023-2611 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). 3.2.2 ​EXTERNAL CONTROL OF FILE NAME OR PATH CWE-73 ​...

Malwarebytes only vendor to win every MRG Effitas award in 2022 & 2023

Categories: Business Dive into where we prevented more than the rest and how we were able to do it. (Read more...) The post Malwarebytes only vendor to win every MRG Effitas award in 2022 & 2023 appeared first on Malwarebytes Labs.

Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari

Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild. This includes a pair of zero-days that have been weaponized in a mobile surveillance campaign called Operation Triangulation that has been active since 2019. The exact threat actor behind the campaign is not known.

New DoJ Cyber Prosecution Team Will Go After Nation-State Threat Actors

The US Department of Justice adds litigators under its National Security Division to take on sophisticated cyber threats from adversarial nation-states.

Avast, Norton Parent Latest Victim of MOVEit Data Breach Attacks

Gen Digital, the parent company of the security companies, is the latest victim in a rash of Cl0p attacks on the bug in the MOVEit transfer software, leading to employee data being revealed.

Fresh Ransomware Gangs Emerge as Market Leaders Decline

The ransomware landscape is energized with the emergence of smaller groups and new tactics, while established gangs like LockBit see fewer victims.

Data Breach at New BreachForums: 4,000 members’ data leaked

By Waqas BreachForums is a recently resurfaced alternative to the popular hacker and cybercrime forum, Breach Forums, which is now defunct. This is a post from HackRead.com Read the original post: Data Breach at New BreachForums: 4,000 members’ data leaked

US dangles $10 million reward for information about Cl0p ransomware gang

Categories: News Categories: Ransomware Tags: Cl0p Tags: ransomware Tags: RFJ Tags: 10 million Tags: MOVEit Rewards for Justice (RFJ) is offering a reward of up to $10 million for information the Cl0p ransomware gang is acting at the direction or under the control of a foreign government. (Read more...) The post US dangles $10 million reward for information about Cl0p ransomware gang appeared first on Malwarebytes Labs.