Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

Warning: Fake GitHub Repos Delivering Malware as PoCs

By Waqas According to researchers, these fake accounts on GitHub and Twitter are spreading malware that infects both Windows- and Linux-based systems. This is a post from HackRead.com Read the original post: Warning: Fake GitHub Repos Delivering Malware as PoCs

HackRead
Open in Source
#web#windows#google#microsoft#linux#git#backdoor#auth#zero_day#chrome#sap
Active exploitation of the MOVEit Transfer vulnerability — CVE-2023-34362 — by Clop ransomware group

The Clop ransomware group has claimed responsibility for exploiting the vulnerability to deploy a previously unseen web shell, LemurLoot.

Third MOVEit Transfer Vulnerability Disclosed by Progress Software

MOVEit has created a patch to fix the issue and urges customers to take action to protect their environments, as Cl0p attacks continue to mount, including on government targets.

MOVEit discloses THIRD critical vulnerability

Categories: Exploits and vulnerabilities Categories: News Categories: Ransomware Tags: Progress Tags: Moveit Tags: CVE-2023-34362 Tags: CVE-2023-35036 Tags: Cl0p Progress has released an advisory about yet another MOVEit Transfer vulnerability while new victims of the first one keep emerging. (Read more...) The post MOVEit discloses THIRD critical vulnerability appeared first on Malwarebytes Labs.

Attackers Create Synthetic Security Researchers to Steal IP

Threat groups created a fake security company, "High Sierra," with faux exploits and fake profiles for security researchers on GitHub and elsewhere, aiming to get targets to install their malware.

Fake security researchers push malware files on GitHub

Categories: News Tags: GitHub Tags: malware Tags: repository Tags: security researcher Tags: fake Tags: download Tags: scam Tags: twitter Tags: social We take a look at reports of fake security researchers offering up malware downloads via GitHub repositories. (Read more...) The post Fake security researchers push malware files on GitHub appeared first on Malwarebytes Labs.

CVE-2023-33307: Fortiguard

A null pointer dereference in Fortinet FortiOS before 7.2.5 and before 7.0.11, FortiProxy before 7.2.3 and before 7.0.9 allows attacker to denial of sslvpn service via specifically crafted request in network parameter.

Third Flaw Uncovered in MOVEit Transfer App Amidst Cl0p Ransomware Mass Attack

Progress Software on Thursday disclosed a third vulnerability impacting its MOVEit Transfer application, as the Cl0p cybercrime gang deployed extortion tactics against affected companies. The new flaw, which is yet to be assigned a CVE identifier, also concerns an SQL injection vulnerability that "could lead to escalated privileges and potential unauthorized access to the environment." The

Critical Barracuda ESG Zero-Day Linked to Novel Chinese APT

A PRC-aligned actor used a trio of custom malware to take advantage of inherent weaknesses in edge appliances.

URLs have always been a great hiding place for threat actors

The information leak threats are certainly new, but the education and messaging from security evangelists (and even just anyone trying to educate an older or less security-savvy family member) doesn’t change.