InfoSec News Feeds
Aggregated InfoSec News
Packetstorm
- Ubuntu Security Notice USN-5991-1on 31 March 2023 at 4:16 PM
Ubuntu Security Notice 5991-1 - It was discovered that the System V IPC implementation in the Linux kernel did not properly handle large shared memory counts. A local attacker could use this to cause a denial of service. It was discovered that a use-after-free vulnerability existed in the SGI GRU […]
- Ubuntu Security Notice USN-5990-1on 31 March 2023 at 4:16 PM
Ubuntu Security Notice 5990-1 - It was discovered that musl did not handle certain i386 math functions properly. An attacker could use this vulnerability to cause a denial of service or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, and Ubuntu 18.04 […]
- Ubuntu Security Notice USN-5989-1on 31 March 2023 at 4:08 PM
Ubuntu Security Notice 5989-1 - Tao Lyu discovered that GlusterFS did not properly handle certain event notifications. An attacker could possibly use this issue to cause a denial of service.
THN
- Winter Vivern APT Targets European Government...by info@thehackernews.com (The Hacker News) on 31 March 2023 at 3:07 PM
The advanced persistent threat (APT) actor known as Winter Vivern is now targeting officials in Europe and the U.S. as part of an ongoing cyber espionage campaign. "TA473 since at least February 2023 has continuously leveraged an unpatched Zimbra vulnerability in publicly facing webmail portals […]
- Cyber Police of Ukraine Busted Phishing Gang...by info@thehackernews.com (The Hacker News) on 31 March 2023 at 1:01 PM
The Cyber Police of Ukraine, in collaboration with law enforcement officials from Czechia, has arrested several members of a cybercriminal gang that set up phishing sites to target European users. Two of the apprehended affiliates are believed to be organizers, with 10 others detained in other […]
- Deep Dive Into 6 Key Steps to Accelerate Your...by info@thehackernews.com (The Hacker News) on 31 March 2023 at 12:47 PM
Organizations rely on Incident response to ensure they are immediately aware of security incidents, allowing for quick action to minimize damage. They also aim to avoid follow on attacks or future related incidents. The SANS Institute provides research and education on information security. In […]
PortSwigger
- We’re going teetotal: It’s goodbye to The...on 2 March 2023 at 3:05 PM
PortSwigger today announces that The Daily Swig is closing down
- Bug Bounty Radar // The latest bug bounty...on 28 February 2023 at 8:15 PM
New web targets for the discerning hacker
- Indian transport ministry flaws potentially...on 28 February 2023 at 3:15 PM
Armed with personal data fragments, a researcher could also access 185 million citizens’ PII
Security Affaris
- Hackers are actively exploiting a flaw in the...by Pierluigi Paganini on 31 March 2023 at 9:16 PM
Threat actors are actively exploiting a high-severity flaw in the Elementor Pro WordPress plugin used by more than eleven million websites WordPress security firm PatchStack warns of a high-severity vulnerability in the Elementor Pro WordPress plugin that is currently being exploited by threat […]
- Cyber Police of Ukraine arrested members of a...by Pierluigi Paganini on 31 March 2023 at 2:37 PM
The Cyber Police of Ukraine, with law enforcement officials from Czechia, has arrested several members of a gang responsible for $4.33 million scam. The Cyber Police of Ukraine, with the support of law enforcement officials from the Czech Republic, has arrested several members of a cybercriminal […]
- Russian APT group Winter Vivern targets email...by Pierluigi Paganini on 31 March 2023 at 10:52 AM
Russian hacking group Winter Vivern has been actively exploiting Zimbra flaws to steal the emails of NATO and diplomats. A Russian hacking group, tracked Winter Vivern (aka TA473), has been actively exploiting vulnerabilities (CVE-2022-27926) in unpatched Zimbra instances to gain access to the […]
HackerOne
- Cyber Regulations Can Make Our Nation Saferby Ilona Cohen on 29 March 2023 at 10:00 PM
- HackerOne Assets Deep Dive: Asset Inventoryby Naz Bozdemir on 28 March 2023 at 5:00 PM
- Ambassador Spotlight: hipotermiaby HackerOne on 24 March 2023 at 5:00 PM
WeLiveSecurity
- Avoiding data backup failures – Week in...by Editor on 31 March 2023 at 2:00 PM
Today is World Backup Day, but maybe we also need a "did you test your backups" day? The post Avoiding data backup failures – Week in security with Tony Anscombe appeared first on WeLiveSecurity
- World Backup Day: Avoiding a data disaster is a...by Márk Szabó on 31 March 2023 at 10:30 AM
By failing to prepare you are preparing to fail. Make sure you're able to bounce back if, or when, a data disaster strikes. The post World Backup Day: Avoiding a data disaster is a forever topic appeared first on WeLiveSecurity
- ESET Research Podcast: A year of fighting...by ESET Research on 30 March 2023 at 10:30 AM
ESET experts share their insights on the cyber-elements of the first year of the war in Ukraine and how a growing number of destructive malware variants tried to rip through critical Ukrainian systems The post ESET Research Podcast: A year of fighting rockets, soldiers, and wipers in Ukraine […]
TheRegister
- Do you use comms software from 3CX? What to do...by Laura Dobberstein on 30 March 2023 at 5:25 PM
Miscreants hit downstream customers with infostealers Two security firms have found what they believe to be a supply chain attack on communications software maker 3CX – and the vendor's boss is advising users to switch to the progressive web app until the 3CX desktop client is updated.…
- The most important email conversation you will...by Elizabeth Coles on 30 March 2023 at 10:14 AM
Securing your business against BEC Webinar Business email compromise (BEC) is possibly the worst of cybercrimes because it abuses trust. It feeds on relationships carefully nurtured over decades and erodes a confidence which is foundational to cooperation, and progress.…
- FTX cryptovillain Sam Bankman-Fried charged with...by Laura Dobberstein on 29 March 2023 at 11:24 AM
Court gives him new rules: Use one laptop, while living with the 'rents. US authorities have charged FTX co-founder Sam Bankman-Fried (aka SBF) with attempting to bribe Chinese officials with $40 million worth of cryptocurrency in exchange for unfreezing trading accounts.…
Security Week
- FDA Announces New Cybersecurity Requirements for...by Eduard Kovacs on 31 March 2023 at 3:50 PM
The FDA is asking medical device manufacturers to provide cybersecurity-related information when submitting an application for a new product. The post FDA Announces New Cybersecurity Requirements for Medical Devices appeared first on SecurityWeek.
- Report: Chinese State-Sponsored Hacking Group...by Associated Press on 31 March 2023 at 3:37 PM
Chinese hacking group linked previously to attacks on U.S. state government computers is still “highly active” The post Report: Chinese State-Sponsored Hacking Group Highly Active appeared first on SecurityWeek.
- Votiro Raises $11.5 Million to Prevent File-Borne...by Ionut Arghire on 31 March 2023 at 1:56 PM
Votiro raised $11.5 million in a Series A investment round led by Harvest Lane Asset Management. The post Votiro Raises $11.5 Million to Prevent File-Borne Threats appeared first on SecurityWeek.
Exploit-DB Updates
- [webapps] rconfig 3.9.7 - Sql Injection...on 31 March 2023 at 1:00 AM
rconfig 3.9.7 - Sql Injection (Authenticated)
- [webapps] Spitfire CMS 1.0.475 - PHP Object...on 31 March 2023 at 1:00 AM
Spitfire CMS 1.0.475 - PHP Object Injection
- [webapps] Judging Management System v1.0 -...on 31 March 2023 at 1:00 AM
Judging Management System v1.0 - Authentication Bypass
- [webapps] Judging Management System v1.0 - Remote...on 31 March 2023 at 1:00 AM
Judging Management System v1.0 - Remote Code Execution (RCE)
- [webapps] WooCommerce v7.1.0 - Remote Code...on 31 March 2023 at 1:00 AM
WooCommerce v7.1.0 - Remote Code Execution(RCE)
- [webapps] Cacti v1.2.22 - Remote Command...on 31 March 2023 at 1:00 AM
Cacti v1.2.22 - Remote Command Execution (RCE)