Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated […]
There is an integer overflow in dav1d when decoding an AV1 video with large width/height. The integer overflow may result in an out-of-bounds write.
Ubuntu Security Notice 6696-1 - Yi Yang discovered that the Hotspot component of OpenJDK 8 incorrectly handled array accesses in the C1 compiler. An attacker could possibly use this issue to cause a denial of service, execute arbitrary code or bypass Java sandbox restrictions. It was discovered […]
A new elaborate attack campaign has been observed employing PowerShell and VBScript malware to infect Windows systems and harvest sensitive information. Cybersecurity company Securonix, which dubbed the campaign DEEP#GOSU, said it's likely associated with the North Korean state-sponsored group […]
Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated attackers to gain remote code execution on susceptible servers. Tracked as CVE-2024-25153, the shortcoming carries a CVSS score of 9.8 out of a […]
Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate information theft. "It uses an unorthodox HTML smuggling technique where the malicious payload is […]
PortSwigger today announces that The Daily Swig is closing down
New web targets for the discerning hacker
Armed with personal data fragments, a researcher could also access 185 million citizens’ PII
Technology giant Fujitsu announced it had suffered a cyberattack that may have resulted in the theft of customer information. Japanese technology giant Fujitsu on Friday announced it had suffered a malware attack, threat actors may have stolen personal and customer information. The company revealed […]
A critical vulnerability in WordPress miniOrange’s Malware Scanner and Web Application Firewall plugins can allow site takeover. On March 1st, 2024, WordPress security firm Wordfence received a submission for a Privilege Escalation vulnerability in miniOrange’s Malware Scanner as part of the […]
Resecurity reported about the increasing wave of cyber incidents targeting the aerospace and aviation sectors. The experts emphasized the importance of rigorous cybersecurity risk assessments for airports and proactive threat intelligence in the context of the activity of major ransomware groups […]
Triage and validation are at the heart of any bug bounty or Vulnerability Disclosure Program (VDP). Despite their central role, not all triage teams and workflows are created equal.
Shift left is dead. What now?
Healthcare organizations remain firmly in attackers' crosshairs, representing 20 percent of all victims of ransomware attacks among critical infrastructure entities in the US in 2023
We break down the fundamentals of threat intelligence and its role in anticipating and countering emerging threats
Here are a few tips for secure file transfers and what else to consider when sharing sensitive documents so that your data remains safe
Virtual gunslingers forcibly became cheaters via mystery means Updated Esports pros competing in the Apex Legends Global Series (ALGS) Pro League tournament were forced to abandon their match today due to a suspected cyberattack.…
875 workers liberated after falling for promises of lucrative work, nine arrested Filipino police rescued 875 "workers" – including 504 foreigners – in a raid late last week on a firm that posed as an online gaming company but in reality operated a forced labor camp that housed romance scam […]
Imagine trying to trick folks into buying $500 of unnecessary repairs – and they turn out to be federal agents A pair of tech support businesses accused of swindling marks out of their hard-earned cash have agreed to cough up a $26 million settlement following an undercover probe by the FTC.…
UK’s NCSC releases security guidance for OT organizations considering migrating their SCADA solutions to the cloud. The post UK Government Releases Cloud SCADA Security Guidance appeared first on SecurityWeek.
Fujitsu says hackers infected internal systems with malware, stole personal and customer information. The post Fujitsu Data Breach Impacts Personal, Customer Information appeared first on SecurityWeek.
The networking giant paid $157 per share in cash for Splunk, a powerhouse in data analysis, security and observability tools, in a deal first announced in September 2023. The post Cisco Completes $28 Billion Acquisition of Splunk appeared first on SecurityWeek.
TYPO3 11.5.24 - Path Traversal (Authenticated)
WEBIGniter v28.7.23 - Stored XSS
Gibbon LMS < v26.0.00 - Authenticated RCE
ZoneMinder Snapshots < 1.37.33 - Unauthenticated RCE
Backdrop CMS 1.23.0 - Stored XSS
Atlassian Confluence < 8.5.3 - Remote Code Execution
RiSec represents an autonomous, non-profit alliance comprising of individuals dedicated to enhancing cybersecurity awareness and education. Read more
Contact us: security@realinfosec.net
Copyright © RiSec 2023 All rights reserved.
All trademarks, logos, images and brand names are the property of their respective owners.