Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

CVE-2023-3262: The Threat Lurking in Data Centers – Hack Power Management Systems, Take All the Power

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.

CVE
Open in Source
#vulnerability#web#google#microsoft#amazon#ddos#git#backdoor#rce#perl#botnet#aws#buffer_overflow#hard_coded_credentials#auth#zero_day#postgres
A New Attack Reveals Everything You Type With 95 Percent Accuracy

A pair of major data breaches rock the UK, North Korea hacks a Russian missile maker, and Microsoft’s Chinese Outlook breach sparks new problems.

GitHub’s Hardcore Plan to Roll Out Two-Factor Authentication (2FA)

GitHub has spent two years researching and slowly rolling out its multifactor authentication system. Soon it will be mandatory for all 100 million users—with no opt-out.

Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116

Google has announced plans to add support for quantum-resistant encryption algorithms in its Chrome browser, starting with version 116. "Chrome will begin supporting X25519Kyber768 for establishing symmetric secrets in TLS, starting in Chrome 116, and available behind a flag in Chrome 115," Devon O'Brien said in a post published Thursday. Kyber was chosen by the U.S. Department of Commerce's

Ransomware review: August 2023

Categories: Threat Intelligence July saw one of the highest number of ransomware attacks in 2023 at 441. At the forefront of these attacks is, once again, Cl0p. (Read more...) The post Ransomware review: August 2023 appeared first on Malwarebytes Labs.

CVE-2023-38333: Security Updates - CVE Details - CVE-2023-38333

Zoho ManageEngine Applications Manager through 16530 allows reflected XSS while logged in.

CVE-2023-38248: Adobe Security Bulletin

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

August Patch Tuesday stops actively exploited attack chain and more

Categories: Exploits and vulnerabilities Categories: News Microsoft has announced patches for 87 vulnerabilities this month, including two that are being actively exploited. (Read more...) The post August Patch Tuesday stops actively exploited attack chain and more appeared first on Malwarebytes Labs.

What is commercial spyware?

As the victims of commercial spyware are highly targeted individuals, the sobering truth is that some attackers have the means to be able to spend six figures to compromise a single target.

CVE-2023-38213: Adobe Security Bulletin

Adobe Dimension version 3.4.9 is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.