π’ Royal Mail ransom note leaked, LockBitβs role remains uncertain π’
π Read
via "ITPro".
The prolific ransomware operation has denied involvement but researchers remain scepticalπ Read
via "ITPro".
ITPro
Royal Mail ransom note leaked, LockBitβs role remains uncertain
The prolific ransomware operation has denied involvement but researchers remain sceptical
π’ Microsoft releases scripts to restore shortcuts deleted in faulty Windows Defender update π’
π Read
via "ITPro".
However, some users have resorted to creating their own fixes as theyβve encountered Microsoftβs to be problematicπ Read
via "ITPro".
ITPro
Microsoft releases scripts to restore shortcuts deleted in faulty Windows Defender update
However, some users have resorted to creating their own fixes as theyβve encountered Microsoftβs to be problematic
π’ 'Highly evasive' polymorphic malware generated using ChatGPT π’
π Read
via "ITPro".
Researchers at CyberArk Labs developed a novel method to generate malware using text that goes largely undetected by signature-based antimalware productsπ Read
via "ITPro".
ITPro
Security experts develop method of generating 'highly evasive' polymorphic malware using ChatGPT
Researchers at CyberArk Labs developed a novel method to generate malware using text that goes largely undetected by signature-based antimalware products
π’ Google Ads malvertising campaign prompts questions around Search security π’
π Read
via "ITPro".
A leading security researcher has called into question why Google still allows malware links to top search resultsπ Read
via "ITPro".
ITPro
Google Ads malvertising campaign prompts questions around Search security
A leading security researcher has called into question why Google still allows malware links to top search results
π’ Meta sues βdata scraping for hireβ service that collected info on 600k users π’
π Read
via "ITPro".
Meta says tackling data scraping will require a βcollective effortβ from platforms and policymakersπ Read
via "ITPro".
ITPro
Meta sues βdata scraping for hireβ service that collected info on 600k users
Meta says tackling data scraping will require a βcollective effortβ from platforms and policymakers
π’ Windows Defender update deletes Start Menu, Taskbar, Desktop shortcuts π’
π Read
via "ITPro".
For now, it appears that administrators will have to manually recreate their shortcuts once the issue has been fixedπ Read
via "ITPro".
ITPro
Windows Defender update deletes Start Menu, Taskbar, Desktop shortcuts
For now, it appears that administrators will have to manually recreate their shortcuts once the issue has been fixed
π’ Hack The Box set to triple workforce and widen global expansion π’
π Read
via "ITPro".
CEO Haris Pylarinos told IT Pro the startup plans to accelerate international expansion and continue driving security skills awarenessπ Read
via "ITPro".
ITPro
Hack The Box to triple workforce and drive global expansion in wake of Series B success
CEO Haris Pylarinos told IT Pro the startup plans to accelerate international expansion and continue driving security skills awareness
π’ T-Mobile breach leaves customers vulnerable to phishing π’
π Read
via "ITPro".
T-Mobile confirmed that while customer information was exposed, no financial data or company systems were compromisedπ Read
via "ITPro".
ITPro
T-Mobile customers at heightened risk of phishing attacks in wake of data breach
T-Mobile confirmed that while customer information was exposed, no financial data or company systems were compromised
π’ Businesses must overhaul βoutdatedβ recruitment mindset to tackle dearth of privacy expertise π’
π Read
via "ITPro".
Like many other disciplines within IT, businesses are struggling to fill crucial positions for months at a time - an issue somewhat of their own makingπ Read
via "ITPro".
ITPro
Businesses must overhaul βoutdatedβ recruitment mindset to tackle dearth of privacy expertise
Like many other disciplines within IT, businesses are struggling to fill crucial positions for months at a time - an issue somewhat of their own making
βΌ CVE-2023-22617 βΌ
π Read
via "National Vulnerability Database".
A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode. This is fixed in 4.8.1.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24059 βΌ
π Read
via "National Vulnerability Database".
Grand Theft Auto V for PC allows attackers to achieve partial remote code execution or modify files on a PC, as exploited in the wild in January 2023.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24058 βΌ
π Read
via "National Vulnerability Database".
Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. NOTE: 2.5.5 is a version from 2014.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0435 βΌ
π Read
via "National Vulnerability Database".
Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48281 βΌ
π Read
via "National Vulnerability Database".
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24070 βΌ
π Read
via "National Vulnerability Database".
app/View/AuthKeys/authkey_display.ctp in MISP through 2.4.167 has an XSS in authkey add via a Referer field.π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2023-23314 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file upload vulnerability in the /api/upload component of zdir v3.2.0 allows attackers to execute arbitrary code via a crafted .ssh file.π Read
via "National Vulnerability Database".
π2π₯1
βΌ CVE-2022-46959 βΌ
π Read
via "National Vulnerability Database".
An issue in the component /admin/backups/work-dir of Sonic v1.0.4 allows attackers to execute a directory traversal.π Read
via "National Vulnerability Database".
π₯1
βΌ CVE-2023-24068 βΌ
π Read
via "National Vulnerability Database".
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the attachments.noindex directory. Client mechanisms fail to validate modifications of existing cached files, resulting in an attacker's ability to insert malicious code into pre-existing attachments or replace them completely. A threat actor can forward the existing attachment in the corresponding conversation to external groups, and the name and size of the file will not change, allowing the malware to masquerade as another file.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24069 βΌ
π Read
via "National Vulnerability Database".
Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages from the attachments.noindex directory. Cached attachments are not effectively cleared. In some cases, even after a self-initiated file deletion, an attacker can still recover the file if it was previously replied to in a conversation. (Local filesystem access is needed by the attacker.)π Read
via "National Vulnerability Database".
ποΈ AWS patches bypass bug in CloudTrail API monitoring tool ποΈ
π Read
via "The Daily Swig".
Threat actors poking around AWS environments and API calls could stay under the radarπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
AWS patches bypass bug in CloudTrail API monitoring tool
Threat actors poking around AWS environments and API calls could stay under the radar
βΌ CVE-2023-0440 βΌ
π Read
via "National Vulnerability Database".
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository healthchecks/healthchecks prior to v2.6.π Read
via "National Vulnerability Database".