InfoSec News Feeds
Aggregated InfoSec News
Packetstorm
- Apache Solr Backup/Restore API Remote Code...on 24 April 2024 at 4:23 PM
Apache Solr versions 6.0.0 through 8.11.2 and versions 9.0.0 up to 9.4.1 are affected by an unrestricted file upload vulnerability which can result in remote code execution in the context of the user running Apache Solr. When Apache Solr creates a Collection, it will use a specific directory as the […]
- Ubuntu Security Notice USN-6748-1on 24 April 2024 at 4:20 PM
Ubuntu Security Notice 6748-1 - It was discovered that Sanitize incorrectly handled noscript elements under certain circumstances. An attacker could possibly use this issue to execute a cross-site scripting attack. This issue only affected Ubuntu 22.04 LTS. It was discovered that Sanitize […]
- Ubuntu Security Notice USN-6747-1on 24 April 2024 at 4:20 PM
Ubuntu Security Notice 6747-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. […]
THN
- U.S. Treasury Sanctions Iranian Firms and...by info@thehackernews.com (The Hacker News) on 24 April 2024 at 2:43 PM
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) from at least 2016 to April […]
- Researchers Detail Multistage Attack Hijacking...by info@thehackernews.com (The Hacker News) on 24 April 2024 at 2:36 PM
Cybersecurity researchers have discovered an ongoing attack campaign that's leveraging phishing emails to deliver malware called SSLoad. The campaign, codenamed FROZEN#SHADOW by Securonix, also involves the deployment of Cobalt Strike and the ConnectWise ScreenConnect remote desktop […]
- Major Security Flaws Expose Keystrokes of Over 1...by info@thehackernews.com (The Hacker News) on 24 April 2024 at 10:36 AM
Security vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users' keystrokes to nefarious actors. The findings come from the Citizen Lab, which discovered weaknesses in eight of nine apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, […]
PortSwigger
- We’re going teetotal: It’s goodbye to The...on 2 March 2023 at 3:05 PM
PortSwigger today announces that The Daily Swig is closing down
- Bug Bounty Radar // The latest bug bounty...on 28 February 2023 at 8:15 PM
New web targets for the discerning hacker
- Indian transport ministry flaws potentially...on 28 February 2023 at 3:15 PM
Armed with personal data fragments, a researcher could also access 185 million citizens’ PII
Security Affaris
- Hackers hijacked the eScan Antivirus update...by Pierluigi Paganini on 24 April 2024 at 2:52 PM
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners. […]
- US offers a $10 million reward for information...by Pierluigi Paganini on 24 April 2024 at 8:12 AM
The Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their role in cyberattacks against the U.S.. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) imposed sanctions on four Iranian nationals for their involvement in […]
- The street lights in Leicester City cannot be...by Pierluigi Paganini on 24 April 2024 at 7:41 AM
A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all day and severely impacted the council’s operations The Leicester City Council suffered a cyber attack that severely impacted the authority’s services in March and led to the leak […]
HackerOne
- Human-Powered Security: The Value of Ethical...by HackerOne on 23 April 2024 at 5:19 PM
Who is an ethical hacker, what is a bug bounty program, and why is human-powered security the best method for strengthening your security posture?
- Capital One Teams Up With Top-Tier Ethical...by HackerOne on 22 April 2024 at 5:42 PM
Capital One and 52 highly skilled global ethical hackers came together for the organization's second live hacking event with HackerOne.
- Code Reviews, Small Moments, Big Impactsby Rafael de Carvalho on 18 April 2024 at 6:08 PM
Rafael de Carvalho shares tips for code reviews, how to optimize delivery, and providing effective feedback.
WeLiveSecurity
- Protecting yourself after a medical data breach...on 19 April 2024 at 2:14 PM
What are the risks and consequences of having your health data exposed and what are the steps to take if it happens to you?
- The many faces of impersonation fraud: Spot an...on 18 April 2024 at 10:30 AM
What are some of the most common giveaway signs that the person behind the screen or on the other end of the line isn’t who they claim to be?
- The ABCs of how online ads can impact...on 16 April 2024 at 10:30 AM
From promoting questionable content to posing security risks, inappropriate ads present multiple dangers for children. Here’s how to help them stay safe.
TheRegister
- US charges Iranians with cyber snooping on...by Connor Jones on 24 April 2024 at 3:01 PM
Their holiday options are now far more restricted The US has charged and sanctioned four Iranian nationals for their alleged roles in various attacks on US companies and government departments, all of whom are claimed to have worked for fake companies linked to Iran's military.…
- UnitedHealth admits IT security breach could...by Paul Kunert on 23 April 2024 at 1:30 PM
That said, good ol' American healthcare system so elaborately costly, some are forced to avoid altogether UnitedHealth Group, the parent of ransomware-struck Change Healthcare, delivered some very unwelcome news for customers today as it continues to recover from the massively expensive side and […]
- Leicester streetlights take ransomware attack...by Connor Jones on 23 April 2024 at 12:05 PM
City council says it lost control after shutting down systems It's become somewhat cliché in cybersecurity reporting to speculate whether an organization will have the resources to "keep the lights on" after an attack. But the opposite turns out to be true with Leicester City Council following its […]
Security Week
- Navigating Vendor Speak: A Security...by Joshua Goldfarb on 24 April 2024 at 4:08 PM
As a security industry, we need to focus our energies on those professionals among us who know how to walk the walk. The post Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon appeared first on SecurityWeek.
- North Korean Hackers Hijack Antivirus Updates for...by Ionut Arghire on 24 April 2024 at 3:44 PM
A North Korea-linked threat actor hijacked the update mechanism of eScan antivirus to deploy backdoors and cryptocurrency miners. The post North Korean Hackers Hijack Antivirus Updates for Malware Delivery appeared first on SecurityWeek.
- Tines Bags $50 Million Funding for Security...by Ryan Naraine on 24 April 2024 at 2:11 PM
Irish startup Tines raises $50 million in new venture capital funding as investors make big bets on automation and orchestration startups. The post Tines Bags $50 Million Funding for Security Workflow Automation appeared first on SecurityWeek.
Exploit-DB Updates
- [remote] Palo Alto PAN-OS < v11.1.2-h3 -...on 21 April 2024 at 1:00 AM
Palo Alto PAN-OS < v11.1.2-h3 - Command Injection and Arbitrary File Creation
- [webapps] Laravel Framework 11 - Credential...on 21 April 2024 at 1:00 AM
Laravel Framework 11 - Credential Leakage
- [webapps] FlatPress v1.3 - Remote Command...on 21 April 2024 at 1:00 AM
FlatPress v1.3 - Remote Command Execution
- [webapps] WordPress Plugin Background Image...on 21 April 2024 at 1:00 AM
WordPress Plugin Background Image Cropper v1.2 - Remote Code Execution
- [webapps] SofaWiki 3.9.2 - Remote Command...on 21 April 2024 at 1:00 AM
SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated)
- [webapps] Flowise 1.6.5 - Authentication Bypasson 21 April 2024 at 1:00 AM
Flowise 1.6.5 - Authentication Bypass
ABOUT US
RiSec represents an autonomous, non-profit alliance comprising of individuals dedicated to enhancing cybersecurity awareness and education. Read more
Contact us: security@realinfosec.net
Social
Subscribe for weekly updates
Copyright © RiSec 2023 All rights reserved.
All trademarks, logos, images and brand names are the property of their respective owners.