InfoSec News Feeds
Aggregated InfoSec News
Packetstorm
- JetBrains TeamCity Unauthenticated Remote Code...on 29 September 2023 at 3:45 PM
This Metasploit module exploits an authentication bypass vulnerability to achieve unauthenticated remote code execution against a vulnerable JetBrains TeamCity server. All versions of TeamCity prior to version 2023.05.4 are vulnerable to this issue. The vulnerability was originally discovered by […]
- Ubuntu Security Notice USN-6386-2on 29 September 2023 at 3:41 PM
Ubuntu Security Notice 6386-2 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It […]
- Gentoo Linux Security Advisory 202309-14on 29 September 2023 at 3:41 PM
Gentoo Linux Security Advisory 202309-14 - Multiple vulnerabilities have been found in libarchive, the worst of which could result in denial of service. Versions greater than or equal to 3.7.1 are affected.
THN
- Cybercriminals Using New ASMCrypt Malware Loader...by info@thehackernews.com (The Hacker News) on 29 September 2023 at 5:43 PM
Threat actors are selling a new crypter and loader called ASMCrypt, which has been described as an "evolved version" of another loader malware known as DoubleFinger. "The idea behind this type of malware is to load the final payload without the loading process or the payload itself being detected […]
- Lazarus Group Impersonates Recruiter from Meta to...by info@thehackernews.com (The Hacker News) on 29 September 2023 at 1:10 PM
The North Korea-linked Lazarus Group has been linked to a cyber espionage attack targeting an unnamed aerospace company in Spain in which employees of the firm were approached by the threat actor posing as a recruiter for Meta. "Employees of the targeted company were contacted by a fake recruiter […]
- Post-Quantum Cryptography: Finally Real in...by info@thehackernews.com (The Hacker News) on 29 September 2023 at 12:48 PM
Most people are barely thinking about basic cybersecurity, let alone post-quantum cryptography. But the impact of a post-quantum world is coming for them regardless of whether or not it's keeping them up tonight. Today, many rely on encryption in their daily lives to protect their fundamental […]
PortSwigger
- We’re going teetotal: It’s goodbye to The...on 2 March 2023 at 3:05 PM
PortSwigger today announces that The Daily Swig is closing down
- Bug Bounty Radar // The latest bug bounty...on 28 February 2023 at 8:15 PM
New web targets for the discerning hacker
- Indian transport ministry flaws potentially...on 28 February 2023 at 3:15 PM
Armed with personal data fragments, a researcher could also access 185 million citizens’ PII
Security Affaris
- Chinese threat actors stole around 60,000 emails...by Pierluigi Paganini on 29 September 2023 at 12:08 PM
China-linked threat actors stole around 60,000 emails from U.S. State Department after breaching Microsoft’s Exchange email platform in May. China-linked hackers who breached Microsoft’s email platform in May have stolen tens of thousands of emails from U.S. State Department accounts, a Senate […]
- Misconfigured WBSC server leaks thousands of...by Pierluigi Paganini on 29 September 2023 at 8:37 AM
The World Baseball Softball Confederation (WBSC) left open a data repository exposing nearly 50,000 files, some of which were highly sensitive, the Cybernews research team has discovered. On June 5th, our researchers discovered a misconfigured Amazon Web Services (AWS) bucket storing nearly 48,000 […]
- CISA adds JBoss RichFaces Framework flaw to its...by Pierluigi Paganini on 29 September 2023 at 6:20 AM
US CISA added the flaw CVE-2018-14667 in Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added the critical flaw CVE-2018-14667 (CVSS score 9.8) affecting Red Hat JBoss RichFaces Framework to its Known […]
HackerOne
- Why This Moment In Cybersecurity Needs Hackers To...by alice@hackerone.com on 21 September 2023 at 11:00 PM
- Ethical Hacking: Unveiling the Power of Hacking...by Marten Mickos on 12 September 2023 at 5:11 PM
HackerOne CEO Marten Mickos joins the Amazon Web Services podcast, Conversations With Leaders.
- The Hacker Perspective on Generative AI and...by Michiel Prins on 7 September 2023 at 6:10 PM
HackerOne spoken with several experienced hackers in the space to get their perspectives on the most important considerations for Generative AI and cybersecurity.
WeLiveSecurity
- 5 of the top programming languages for...on 27 September 2023 at 10:30 AM
While far from all roles in security explicitly demand coding skills, it’s challenging to envision a career in this field that wouldn’t derive substantial advantages from at least a basic understanding of fundamental coding principles
- Can open-source software be secure?on 26 September 2023 at 10:31 AM
Or, is mass public meddling just opening the door for problems? And how does open-source software compare to proprietary software in terms of security?
- ESET's cutting-edge threat research at LABScon...on 22 September 2023 at 10:42 PM
Two ESET malware researchers took to the LABScon stage this year to deconstruct sophisticated attacks conducted by two well-known APT groups
TheRegister
- PhD student guilty of 3D-printing 'kamikaze'...by Jessica Lyons Hardcastle on 29 September 2023 at 8:31 PM
'Research purposes' excuse didn't fly A PhD student has been found guilty of building a potentially deadly drone for Islamic State terrorists, in part using his home 3D printer.…
- MOVEit breach delivers bundle of 3.4 million baby...by Paul Kunert on 26 September 2023 at 3:30 PM
Progress Software vulnerability ID'd in enormous burglary at Ontario's BORN Canada's Better Outcomes Registry & Network (BORN) fears a MOVEit breach allowed cybercriminals to copy 3.4 million people's childcare health records dating back more than a decade.…
- US govt IT help desk techie 'leaked top secrets'...by Jessica Lyons Hardcastle on 21 September 2023 at 11:10 PM
National defense files can earn you $55K … and espionage charges A US government worker has been arrested and charged with spying for Ethiopia, according to court documents unsealed Thursday.…
Security Week
- AWS Using MadPot Decoy System to Disrupt APTs,...by Ryan Naraine on 29 September 2023 at 5:41 PM
AWS says an internal threat intel decoy system called MadPot has successfully trapped nation state-backed APTs like Volt Typhoon and Sandworm. The post AWS Using MadPot Decoy System to Disrupt APTs, Botnets appeared first on SecurityWeek.
- Generative AI Startup Nexusflow Raises $10.6...by Ionut Arghire on 29 September 2023 at 4:22 PM
Nexusflow scores funding to build an open-source LLM that can deliver high accuracy when retrieving data from multiple security sources. The post Generative AI Startup Nexusflow Raises $10.6 Million appeared first on SecurityWeek.
- In Other News: RSA Encryption Attack, Meta AI...by SecurityWeek News on 29 September 2023 at 4:03 PM
Noteworthy stories that might have slipped under the radar: new RSA encryption attack, Meta’s AI privacy safeguards, and ShinyHunters hackers’ guilty plea. The post In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea appeared first on SecurityWeek.
Exploit-DB Updates
- [webapps] Wp2Fac - OS Command Injectionon 8 September 2023 at 1:00 AM
Wp2Fac - OS Command Injection
- [webapps] WordPress Plugin Elementor 3.5.5 -...on 8 September 2023 at 1:00 AM
WordPress Plugin Elementor 3.5.5 - Iframe Injection
- [remote] GOM Player 2.3.90.5360 - Remote Code...on 8 September 2023 at 1:00 AM
GOM Player 2.3.90.5360 - Remote Code Execution (RCE)
- [webapps] soosyze 2.0.0 - File Uploadon 8 September 2023 at 1:00 AM
soosyze 2.0.0 - File Upload
- [remote] Techview LA-5570 Wireless Gateway Home...on 8 September 2023 at 1:00 AM
Techview LA-5570 Wireless Gateway Home Automation Controller - Multiple Vulnerabilities
- [webapps] Axigen < 10.3.3.47, 10.2.3.12 -...on 8 September 2023 at 1:00 AM
Axigen < 10.3.3.47, 10.2.3.12 - Reflected XSS
ABOUT US
RiSec represents an autonomous, non-profit alliance comprising of individuals dedicated to enhancing cybersecurity awareness and education. Read more
Contact us: security@realinfosec.net
Social
Subscribe for weekly updates
Copyright © RiSec 2023 All rights reserved.
All trademarks, logos, images and brand names are the property of their respective owners.