InfoSec News Feeds
Aggregated InfoSec News
Packetstorm
- Faraday 5.4.1on 25 July 2024 at 2:30 PM
Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use […]
- Ubuntu Security Notice USN-6914-1on 25 July 2024 at 2:25 PM
Ubuntu Security Notice 6914-1 - Filip Hejsek discovered that the phpCAS library included in OCS Inventory was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account.
- Ubuntu Security Notice USN-6913-1on 25 July 2024 at 2:25 PM
Ubuntu Security Notice 6913-1 - Filip Hejsek discovered that phpCAS was using HTTP headers to determine the service URL used to validate tickets. A remote attacker could possibly use this issue to gain access to a victim's account on a vulnerable CASified service. This security update introduces an […]
THN
- This AI-Powered Cybercrime Service Bundles...by info@thehackernews.com (The Hacker News) on 26 July 2024 at 2:17 PM
A Spanish-speaking cybercrime group named GXC Team has been observed bundling phishing kits with malicious Android applications, taking malware-as-a-service (MaaS) offerings to the next level. Singaporean cybersecurity company Group-IB, which has been tracking the e-crime actor since January 2023, […]
- Offensive AI: The Sine Qua Non of Cybersecurityby info@thehackernews.com (The Hacker News) on 26 July 2024 at 12:00 PM
"Peace is the virtue of civilization. War is its crime. Yet it is often in the furnace of war that the sharpest tools of peace are forged." - Victor Hugo. In 1971, an unsettling message started appearing on several computers that comprised ARPANET, the precursor to what we now know as the Internet. […]
- U.S. DoJ Indicts North Korean Hacker for...by info@thehackernews.com (The Hacker News) on 26 July 2024 at 9:55 AM
The U.S. Department of Justice (DoJ) on Thursday unsealed an indictment against a North Korean military intelligence operative for allegedly carrying out ransomware attacks against healthcare facilities in the country and funneling the payments to orchestrate additional intrusions into defense, […]
PortSwigger
- We’re going teetotal: It’s goodbye to The...on 2 March 2023 at 3:05 PM
PortSwigger today announces that The Daily Swig is closing down
- Bug Bounty Radar // The latest bug bounty...on 28 February 2023 at 8:15 PM
New web targets for the discerning hacker
- Indian transport ministry flaws potentially...on 28 February 2023 at 3:15 PM
Armed with personal data fragments, a researcher could also access 185 million citizens’ PII
Security Affaris
- A bug in Chrome Password Manager caused user...by Pierluigi Paganini on 26 July 2024 at 10:58 PM
Google addressed a Chrome’s Password Manager bug that caused user credentials to disappear temporarily for more than 18 hours. Google has addressed a bug in Chrome’s Password Manager that caused user credentials to disappear temporarily. An 18-hour outage impacted Google Chrome’s Password […]
- BIND updates fix four high-severity DoS bugs in...by Pierluigi Paganini on 26 July 2024 at 12:07 PM
The Internet Systems Consortium (ISC) released BIND security updates that fixed several remotely exploitable DoS bugs in the DNS software suite. The Internet Systems Consortium (ISC) released security updates for BIND that address DoS vulnerabilities that could be remotely exploited. An attacker […]
- Terrorist Activity is Accelerating in Cyberspace...by Pierluigi Paganini on 26 July 2024 at 7:54 AM
Terrorist groups are increasingly using cyberspace and digital communication channels to plan and execute attacks. Yesterday Federal Bureau of Investigation (FBI) Director Christopher Wray expressed growing concerns over the potential for a coordinated foreign terrorist attack in the United States. […]
HackerOne
- Lessons from HackerOne’s First Recharge Weekby debbie@hackerone.com on 26 July 2024 at 9:42 PM
- HIPAA and Pentesting: What You Need to Knowby HackerOne Pentest Delivery Team on 24 July 2024 at 10:27 PM
Learn how to maintain compliance with HIPAA security standards through pentesting.
- Hack My Career: Meet Naz Bozdemirby Marina Briones on 24 July 2024 at 6:36 PM
WeLiveSecurity
- Building cyber-resilience: Lessons learned from...on 23 July 2024 at 1:23 PM
Organizations, including those that weren’t struck by the CrowdStrike incident, should resist the temptation to attribute the IT meltdown to exceptional circumstances
- The tap-estry of threats targeting Hamster Kombat...on 23 July 2024 at 10:00 AM
ESET researchers have discovered threats abusing the success of the Hamster Kombat clicker game
- Cursed tapes: Exploiting the EvilVideo...on 22 July 2024 at 10:00 AM
ESET researchers discovered a zero-day Telegram for Android exploit that allows sending malicious files disguised as videos
TheRegister
- Malware crew Stargazers Goblin used 3,000 GitHub...by Matthew Connatser on 26 July 2024 at 2:34 AM
May even have targeted other malware gangs, and infosec researchers Infosec researchers have discovered a network of over three thousand malicious GitHub accounts used to spread malware, targeting groups including gamers, malware researchers, and even other threat actors who themselves seek to […]
- Beware of fake CrowdStrike domains pumping out...by Jessica Lyons on 25 July 2024 at 11:30 PM
PSA: Only accept updates via official channels ... ironically enough CrowdStrike is the latest lure being used to trick Windows users into downloading and running the notorious Lumma infostealing malware, according to the security shop's threat intel team, which spotted the scam just days after the […]
- Uncle Sam accuses telco IT pro of decade-long...by Connor Jones on 25 July 2024 at 6:15 PM
Beijing has a long history of recruiting US residents to carry out various espionage activities The US is looking to prosecute a Chinese immigrant over claims he has been drip-feeding information of interest to Beijing since at least 2012.…
Security Week
- IAM for MSPs Provider Evo Security Raises $6...by Ionut Arghire on 26 July 2024 at 3:27 PM
TechOperators leads a $6 million Series A funding round for Evo Security, a provider of IAM solutions for MSPs. The post IAM for MSPs Provider Evo Security Raises $6 Million appeared first on SecurityWeek.
- Progress Patches Critical Telerik Report Server...by Ionut Arghire on 26 July 2024 at 2:43 PM
Progress Software calls attention to a critical remote code execution flaw in the Telerik Report Server product. The post Progress Patches Critical Telerik Report Server Vulnerability appeared first on SecurityWeek.
- Threat Actors Exploit Fresh ServiceNow...by Ionut Arghire on 26 July 2024 at 12:24 PM
Threat actors have started exploiting critical-severity vulnerabilities in ServiceNow shortly after public disclosure. The post Threat Actors Exploit Fresh ServiceNow Vulnerabilities in Attacks appeared first on SecurityWeek.
Exploit-DB Updates
- [local] Bonjour Service 'mDNSResponder.exe' -...on 16 July 2024 at 1:00 AM
Bonjour Service 'mDNSResponder.exe' - Unquoted Service Path Privilege Escalation
- [webapps] Xhibiter NFT Marketplace 1.10.2 - SQL...on 1 July 2024 at 1:00 AM
Xhibiter NFT Marketplace 1.10.2 - SQL Injection
- [webapps] Customer Support System 1.0 - Stored XSSon 1 July 2024 at 1:00 AM
Customer Support System 1.0 - Stored XSS
- [webapps] Microweber 2.0.15 - Stored XSSon 1 July 2024 at 1:00 AM
Microweber 2.0.15 - Stored XSS
- [webapps] Azon Dominator Affiliate Marketing...on 1 July 2024 at 1:00 AM
Azon Dominator Affiliate Marketing Script - SQL Injection
- [webapps] Poultry Farm Management System v1.0 -...on 26 June 2024 at 1:00 AM
Poultry Farm Management System v1.0 - Remote Code Execution (RCE)
ABOUT US
RiSec represents an autonomous, non-profit alliance comprising of individuals dedicated to enhancing cybersecurity awareness and education. Read more
Contact us: security@realinfosec.net
Social
Subscribe for weekly updates
Copyright © RiSec 2023 All rights reserved.
All trademarks, logos, images and brand names are the property of their respective owners.