InfoSec News Feeds
Aggregated InfoSec News
Packetstorm
- Ubuntu Security Notice USN-6757-2on 3 May 2024 at 3:34 PM
Ubuntu Security Notice 6757-2 - USN-6757-1 fixed vulnerabilities in PHP. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.10. This update fixes the problem. It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable. An attacker […]
- Ubuntu Security Notice USN-6762-1on 3 May 2024 at 3:33 PM
Ubuntu Security Notice 6762-1 - It was discovered that GNU C Library incorrectly handled netgroup requests. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. It was discovered that GNU C Library might allow […]
- SOPlanning 1.52.00 SQL Injectionon 3 May 2024 at 3:31 PM
SOPlanning version 1.52.00 suffers from a remote SQL injection vulnerability in projects.php.
THN
- Expert-Led Webinar - Uncovering Latest DDoS...by info@thehackernews.com (The Hacker News) on 3 May 2024 at 1:53 PM
In today's rapidly evolving digital landscape, the threat of Distributed Denial of Service (DDoS) attacks looms more significant than ever. As these cyber threats grow in sophistication, understanding and countering them becomes crucial for any business seeking to protect its online presence. To […]
- Hackers Increasingly Abusing Microsoft Graph API...by info@thehackernews.com (The Hacker News) on 3 May 2024 at 1:35 PM
Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection. This is done to "facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, […]
- New Guide Explains How to Eliminate the Risk of...by info@thehackernews.com (The Hacker News) on 3 May 2024 at 11:42 AM
SaaS applications are dominating the corporate landscape. Their increased use enables organizations to push the boundaries of technology and business. At the same time, these applications also pose a new security risk that security leaders need to address, since the existing security stack does […]
PortSwigger
- We’re going teetotal: It’s goodbye to The...on 2 March 2023 at 3:05 PM
PortSwigger today announces that The Daily Swig is closing down
- Bug Bounty Radar // The latest bug bounty...on 28 February 2023 at 8:15 PM
New web targets for the discerning hacker
- Indian transport ministry flaws potentially...on 28 February 2023 at 3:15 PM
Armed with personal data fragments, a researcher could also access 185 million citizens’ PII
Security Affaris
- LockBit published data stolen from Simone Veil...by Pierluigi Paganini on 3 May 2024 at 9:58 PM
LockBit ransomware operators have published sensitive data allegedly stolen from the Simone Veil hospital in Cannes. In April, a cyber attack hit the Hospital Simone Veil in Cannes (CHC-SV), impacting medical procedures and forcing personnel to return to pen and paper. Non-urgent surgical […]
- Russia-linked APT28 and crooks are still using...by Pierluigi Paganini on 3 May 2024 at 7:39 PM
The Ubiquiti EdgeRouter botnet is still used by Russia-linked group APT28 and cybercriminals organizations. Trend Micro researchers reported that the EdgeRouter botnet, called Moobot, used by the APT28 group is still active and is also used by cyber criminal organizations. In January, the Federal […]
- Dirty stream attack poses billions of Android...by Pierluigi Paganini on 3 May 2024 at 2:17 PM
Microsoft devised an attack technique, dubbed ‘Dirty Stream,’ impacting widely used Android applications, billions of installations are at risk. Microsoft is warning Android users about a new attack technique, named Dirty Stream, that can allow threat actors to take control of apps and steal […]
HackerOne
- HackerOne’s Spring Day of Serviceby Marina Briones on 2 May 2024 at 9:44 PM
- CREST and Pentesting: What You Need to Knowby HackerOne Pentest Delivery Team on 2 May 2024 at 5:00 PM
Learn the importance of using a CREST-certified and approved security partner for your pentest engagements.
- HackerOne and Zoom Select EverythingALS as the...by HackerOne on 1 May 2024 at 5:00 PM
HackerOne has partnered with Zoom to select EverythingALS as the Hack For Good donation option for ALS Awareness Month.
WeLiveSecurity
- Adding insult to injury: crypto recovery scamson 2 May 2024 at 10:30 AM
Once your crypto has been stolen, it is extremely difficult to get back – be wary of fake promises to retrieve your funds and learn how to avoid becoming a victim twice over
- MDR: Unlocking the power of enterprise-grade...on 30 April 2024 at 10:30 AM
Faced with expanding attack surfaces and a barrage of threats, businesses of all sizes are increasingly looking to unlock the manifold capabilities of enterprise-grade security
- How space exploration benefits life on Earth: Q&A...on 29 April 2024 at 8:27 PM
We spoke to Astronomy magazine editor-in-chief David Eicher about key challenges facing our planet, the importance of space exploration for humanity, and the possibility of life beyond Earth
TheRegister
- Europol op shutters 12 scam call centers and...by Jessica Lyons on 3 May 2024 at 6:34 AM
Cops prevented crims from bilking victims out of more than €10m - but couldn't stop crime against art A Europol-led operation dubbed “Pandora” has shut down a dozen phone scam centers, and arrested 21 suspects. The cops reckon the action prevented criminals from bilking victims out of more […]
- Florida man gets 6 years behind bars for flogging...by Matthew Connatser on 2 May 2024 at 9:58 PM
Operation busted after dodgy devices ended up at Air Force Miami resident Onur Aksoy has been sentenced to six and a half years in prison for running a multi-million-dollar operation selling fake Cisco equipment that ended up in the US military.…
- Federal frenzy to patch gaping GitLab account...by Connor Jones on 2 May 2024 at 3:15 PM
Warning comes exactly a year after the vulnerability was introduced The US Cybersecurity and Infrastructure Security Agency (CISA) is forcing all federal agencies to patch a critical vulnerability in GitLab's Community and Enterprise editions, confirming it is very much under "active exploit."…
Security Week
- Microsoft Overhauls Cybersecurity Strategy After...by Ryan Naraine on 3 May 2024 at 6:47 PM
Microsoft security chief Charlie Bell pledges significant reforms and a strategic shift to prioritize security above all other product features. The post Microsoft Overhauls Cybersecurity Strategy After Scathing CSRB Report appeared first on SecurityWeek.
- LayerX Raises $26 Million for Browser Security...by Ionut Arghire on 3 May 2024 at 3:38 PM
Israeli startup LayerX Security banks $25 million in new financing as investors continue to pour money into secure web browsing technologies. The post LayerX Raises $26 Million for Browser Security Platform appeared first on SecurityWeek.
- US Says North Korean Hackers Exploiting Weak...by Ionut Arghire on 3 May 2024 at 3:24 PM
The US government warns of a North Korean threat actor abusing weak email DMARC settings to hide spear-phishing attacks. The post US Says North Korean Hackers Exploiting Weak DMARC Settings appeared first on SecurityWeek.
Exploit-DB Updates
- [remote] Palo Alto PAN-OS < v11.1.2-h3 -...on 21 April 2024 at 1:00 AM
Palo Alto PAN-OS < v11.1.2-h3 - Command Injection and Arbitrary File Creation
- [webapps] Laravel Framework 11 - Credential...on 21 April 2024 at 1:00 AM
Laravel Framework 11 - Credential Leakage
- [webapps] FlatPress v1.3 - Remote Command...on 21 April 2024 at 1:00 AM
FlatPress v1.3 - Remote Command Execution
- [webapps] WordPress Plugin Background Image...on 21 April 2024 at 1:00 AM
WordPress Plugin Background Image Cropper v1.2 - Remote Code Execution
- [webapps] SofaWiki 3.9.2 - Remote Command...on 21 April 2024 at 1:00 AM
SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated)
- [webapps] Flowise 1.6.5 - Authentication Bypasson 21 April 2024 at 1:00 AM
Flowise 1.6.5 - Authentication Bypass
ABOUT US
RiSec represents an autonomous, non-profit alliance comprising of individuals dedicated to enhancing cybersecurity awareness and education. Read more
Contact us: security@realinfosec.net
Social
Subscribe for weekly updates
Copyright © RiSec 2023 All rights reserved.
All trademarks, logos, images and brand names are the property of their respective owners.