Apache Solr versions 6.0.0 through 8.11.2 and versions 9.0.0 up to 9.4.1 are affected by an unrestricted file upload vulnerability which can result in remote code execution in the context of the user running Apache Solr. When Apache Solr creates a Collection, it will use a specific directory as the […]
Ubuntu Security Notice 6748-1 - It was discovered that Sanitize incorrectly handled noscript elements under certain circumstances. An attacker could possibly use this issue to execute a cross-site scripting attack. This issue only affected Ubuntu 22.04 LTS. It was discovered that Sanitize […]
Ubuntu Security Notice 6747-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. […]
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) from at least 2016 to April […]
Cybersecurity researchers have discovered an ongoing attack campaign that's leveraging phishing emails to deliver malware called SSLoad. The campaign, codenamed FROZEN#SHADOW by Securonix, also involves the deployment of Cobalt Strike and the ConnectWise ScreenConnect remote desktop […]
Security vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users' keystrokes to nefarious actors. The findings come from the Citizen Lab, which discovered weaknesses in eight of nine apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, […]
PortSwigger today announces that The Daily Swig is closing down
New web targets for the discerning hacker
Armed with personal data fragments, a researcher could also access 185 million citizens’ PII
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute backdoors and cryptocurrency miners. Avast researchers discovered and analyzed a malware campaign that exploited the update mechanism of the eScan antivirus to distribute backdoors and crypto miners. […]
The Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their role in cyberattacks against the U.S.. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) imposed sanctions on four Iranian nationals for their involvement in […]
A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all day and severely impacted the council’s operations The Leicester City Council suffered a cyber attack that severely impacted the authority’s services in March and led to the leak […]
Who is an ethical hacker, what is a bug bounty program, and why is human-powered security the best method for strengthening your security posture?
Capital One and 52 highly skilled global ethical hackers came together for the organization's second live hacking event with HackerOne.
Rafael de Carvalho shares tips for code reviews, how to optimize delivery, and providing effective feedback.
What are the risks and consequences of having your health data exposed and what are the steps to take if it happens to you?
What are some of the most common giveaway signs that the person behind the screen or on the other end of the line isn’t who they claim to be?
From promoting questionable content to posing security risks, inappropriate ads present multiple dangers for children. Here’s how to help them stay safe.
Their holiday options are now far more restricted The US has charged and sanctioned four Iranian nationals for their alleged roles in various attacks on US companies and government departments, all of whom are claimed to have worked for fake companies linked to Iran's military.…
That said, good ol' American healthcare system so elaborately costly, some are forced to avoid altogether UnitedHealth Group, the parent of ransomware-struck Change Healthcare, delivered some very unwelcome news for customers today as it continues to recover from the massively expensive side and […]
City council says it lost control after shutting down systems It's become somewhat cliché in cybersecurity reporting to speculate whether an organization will have the resources to "keep the lights on" after an attack. But the opposite turns out to be true with Leicester City Council following its […]
As a security industry, we need to focus our energies on those professionals among us who know how to walk the walk. The post Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon appeared first on SecurityWeek.
A North Korea-linked threat actor hijacked the update mechanism of eScan antivirus to deploy backdoors and cryptocurrency miners. The post North Korean Hackers Hijack Antivirus Updates for Malware Delivery appeared first on SecurityWeek.
Irish startup Tines raises $50 million in new venture capital funding as investors make big bets on automation and orchestration startups. The post Tines Bags $50 Million Funding for Security Workflow Automation appeared first on SecurityWeek.
Palo Alto PAN-OS < v11.1.2-h3 - Command Injection and Arbitrary File Creation
Laravel Framework 11 - Credential Leakage
FlatPress v1.3 - Remote Command Execution
WordPress Plugin Background Image Cropper v1.2 - Remote Code Execution
SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated)
Flowise 1.6.5 - Authentication Bypass
RiSec represents an autonomous, non-profit alliance comprising of individuals dedicated to enhancing cybersecurity awareness and education. Read more
Contact us: security@realinfosec.net
Copyright © RiSec 2023 All rights reserved.
All trademarks, logos, images and brand names are the property of their respective owners.