Saturday, April 20, 2024

InfoSec News Feeds

Packetstorm

  • Debian Security Advisory 5665-1
    on 18 April 2024 at 4:54 PM

    Debian Linux Security Advisory 5665-1 - Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.

  • Debian Security Advisory 5664-1
    on 18 April 2024 at 4:54 PM

    Debian Linux Security Advisory 5664-1 - Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid […]

  • Elber Wayber Analog/Digital Audio STL 4.00...
    on 18 April 2024 at 4:53 PM

    Elber Wayber Analog/Digital Audio STL version 4.00 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.

THN

PortSwigger

Security Affaris

  • MITRE revealed that nation-state actors breached...
    by Pierluigi Paganini on 19 April 2024 at 10:54 PM

    The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by exploiting Ivanti VPN zero-days. In April 2024, MITRE disclosed a security breach in one of its research and prototyping networks. The security team at the organization promptly launched an […]

  • FBI chief says China is preparing to attack US...
    by Pierluigi Paganini on 19 April 2024 at 10:16 AM

    China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher Wray. FBI Director Christopher Wray warned this week that China-linked threat actors are preparing an attack against U.S. critical infrastructure, Reuters reported. According […]

  • United Nations Development Programme (UNDP)...
    by Pierluigi Paganini on 19 April 2024 at 7:52 AM

    The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack and the subsequent theft of data. The United Nations Development Programme (UNDP) is investigating an alleged ransomware attack that resulted in data theft. The United Nations […]

HackerOne

WeLiveSecurity

TheRegister

  • Sacramento airport goes no-fly after AT&T...
    by Brandon Vigliarolo on 19 April 2024 at 9:30 PM

    Police say this appears to be a 'deliberate act.' Sacramento International Airport (SMF) suffered hours of flight delays yesterday after what appears to be an intentional cutting of an AT&T internet cable serving the facility.…

  • Cybercriminals threaten to leak all 5 million...
    by Connor Jones on 19 April 2024 at 12:28 PM

    It’s the second time the World-Check list has fallen into the wrong hands The World-Check database used by businesses to verify the trustworthiness of users has fallen into the hands of cybercriminals.…

  • Ransomware feared as IT 'issues' force Octapharma...
    by Jessica Lyons on 18 April 2024 at 11:27 PM

    Source blames BlackSuit infection – as separately ISP Frontier confirms cyberattack Updated  Octapharma Plasma has blamed IT "network issues" for the ongoing closure of its 150-plus centers across the US. It's feared a ransomware infection may be the root cause of the medical firm's ailment.…

Security Week

  • BreachRx Raises $6.5M to Revamp Incident Response...
    by Ryan Naraine on 19 April 2024 at 6:14 PM

    Investors make an early-stage $6.5 million bet on BreachRx, a startup promising to shield cybersecurity executives from personal liability. The post BreachRx Raises $6.5M to Revamp Incident Response Reporting Systems appeared first on SecurityWeek.

  • Threat-Intelligence Startup VulnCheck Closes $8M...
    by SecurityWeek News on 19 April 2024 at 3:36 PM

    VulnCheck banks $8 million in early stage capital to build 'exploit intelligence' technologies and services. The post Threat-Intelligence Startup VulnCheck Closes $8M Seed Financing appeared first on SecurityWeek.

  • In Other News: OSS Backdooring Attempts, Botnet...
    by SecurityWeek News on 19 April 2024 at 2:24 PM

    Noteworthy stories that might have slipped under the radar: OpenSSF and OpenJS incidents similar to XZ backdoor, Moldovan botnet operator charged, US automotive company targeted by FIN7. The post In Other News: OSS Backdooring Attempts, Botnet Operator Charged, Automotive Firm Attack appeared first […]

Exploit-DB Updates