InfoSec News Feeds
Aggregated InfoSec News
Packetstorm
- The Not-So-Silent Typeon 26 April 2024 at 4:14 PM
Whitepaper called The not-so-silent type - Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers.
- Ubuntu Security Notice USN-6754-1on 26 April 2024 at 4:13 PM
Ubuntu Security Notice 6754-1 - It was discovered that nghttp2 incorrectly handled the HTTP/2 implementation. A remote attacker could possibly use this issue to cause nghttp2 to consume resources, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was […]
- Ubuntu Security Notice USN-6753-1on 26 April 2024 at 4:13 PM
Ubuntu Security Notice 6753-1 - Thomas Neil James Shadwell discovered that CryptoJS was using an insecure cryptographic default configuration. A remote attacker could possibly use this issue to expose sensitive information.
THN
- Severe Flaws Disclosed in Brocade SANnav SAN...by info@thehackernews.com (The Hacker News) on 26 April 2024 at 3:03 PM
Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who […]
- 10 Critical Endpoint Security Tips You Should Knowby info@thehackernews.com (The Hacker News) on 26 April 2024 at 11:46 AM
In today's digital world, where connectivity is rules all, endpoints serve as the gateway to a business’s digital kingdom. And because of this, endpoints are one of hackers' favorite targets. According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints […]
- New 'Brokewell' Android Malware Spread Through...by info@thehackernews.com (The Hacker News) on 26 April 2024 at 11:42 AM
Fake browser updates are being used to push a previously undocumented Android malware called Brokewell. "Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware," Dutch security firm ThreatFabric said in an analysis […]
PortSwigger
- We’re going teetotal: It’s goodbye to The...on 2 March 2023 at 3:05 PM
PortSwigger today announces that The Daily Swig is closing down
- Bug Bounty Radar // The latest bug bounty...on 28 February 2023 at 8:15 PM
New web targets for the discerning hacker
- Indian transport ministry flaws potentially...on 28 February 2023 at 3:15 PM
Armed with personal data fragments, a researcher could also access 185 million citizens’ PII
Security Affaris
- Experts warn of an ongoing malware campaign...by Pierluigi Paganini on 26 April 2024 at 2:40 PM
A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites WordPress security scanner WPScan warns that threat actors are exploiting a critical SQL injection vulnerability in the plugin WordPress Automatic to inject malware into […]
- Cryptocurrencies and cybercrime: A critical...by Pierluigi Paganini on 26 April 2024 at 12:45 PM
As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector Cryptocurrencies have revolutionized the financial world, offering new investment opportunities and decentralized transactions. However, as cryptocurrencies have grown in […]
- Kaiser Permanente data breach may have impacted...by Pierluigi Paganini on 26 April 2024 at 12:24 PM
Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals in the United States. Kaiser Permanente is an American integrated managed care consortium, it is made up of three distinct but interdependent groups of entities: the Kaiser […]
HackerOne
- Accelerate Find-to-Fix Cycles With Haiby Martijn Russchen on 25 April 2024 at 7:00 PM
You can now streamline and enhance your vulnerability management process with HackerOne’s in-platform GenAI copilot, Hai.
- Hack My Career: Meet Frances Hby Marina Briones on 24 April 2024 at 8:10 PM
- SOC 2 and Pentesting: What You Need to Knowby HackerOne Pentest Delivery Team on 24 April 2024 at 5:00 PM
Learn about the importance of SOC 2 Type II compliance and how to address it with methodology-driven pentesting.
WeLiveSecurity
- What makes Starmus unique? – A Q&A with...on 24 April 2024 at 10:02 AM
The director of the Apollo 11 movie shares his views about the role of technology in addressing pressing global challenges as well as why he became involved with Starmus.
- How technology drives progress – A Q&A with...on 23 April 2024 at 2:33 PM
We spoke to Michel Mayor about the importance of public engagement with science and fostering responsibility among the youth for the preservation of our changing planet
- The vision behind Starmus – A Q&A with the...on 23 April 2024 at 10:36 AM
Dr. Israelian talks about Starmus's vision and mission, the importance of inspiring and engaging audiences, and the strong sense of community within the Starmus universe
TheRegister
- Cops cuff man for allegedly framing colleague...by Thomas Claburn on 25 April 2024 at 10:43 PM
Athletics boss accused of deep-faking Baltimore school principal Baltimore police have arrested Dazhon Leslie Darien, the former athletic director of Pikesville High School (PHS), for allegedly impersonating the school's principal using AI software to make it seem as if he made racist and […]
- Two cuffed in Samourai Wallet crypto dirty money...by Connor Jones on 25 April 2024 at 6:15 PM
Suspects in Portugal and the US said to have laundered over $100M Two men alleged to be co-founders of cryptocurrency biz Samourai Wallet face serious charges and potentially decades in US prison over claims they owned a product that facilitated the laundering of over $100 million in criminal […]
- Russia, Iran pose most aggressive threat to 2024...by Connor Jones on 25 April 2024 at 2:34 PM
Google security crew reveal ‘the four Ds’ to be on the watch for It may come as a surprise to absolutely nobody that experts say, in revealing the most prevalent and likely tactics to meddle with elections this year, that state-sponsored cybercriminals pose the biggest threat.…
Security Week
- Powerful ‘Brokewell’ Android Trojan Allows...by Ionut Arghire on 26 April 2024 at 3:08 PM
A new Android trojan named Brokewell can steal user’s sensitive information and allows attackers to take over devices. The post Powerful ‘Brokewell’ Android Trojan Allows Attackers to Takeover Devices appeared first on SecurityWeek.
- Over 1,400 CrushFTP Instances Vulnerable to...by Ionut Arghire on 26 April 2024 at 2:44 PM
More than 1,400 CrushFTP servers remain vulnerable to an actively exploited zero-day for which PoC has been published. The post Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day appeared first on SecurityWeek.
- Self-Spreading PlugX USB Drive Malware Plagues...by Ionut Arghire on 26 April 2024 at 2:41 PM
More than 90,000 unique IPs are still infected with a PlugX worm variant that spreads via infected flash drives. The post Self-Spreading PlugX USB Drive Malware Plagues Over 90k IP Addresses appeared first on SecurityWeek.
Exploit-DB Updates
- [remote] Palo Alto PAN-OS < v11.1.2-h3 -...on 21 April 2024 at 1:00 AM
Palo Alto PAN-OS < v11.1.2-h3 - Command Injection and Arbitrary File Creation
- [webapps] Laravel Framework 11 - Credential...on 21 April 2024 at 1:00 AM
Laravel Framework 11 - Credential Leakage
- [webapps] FlatPress v1.3 - Remote Command...on 21 April 2024 at 1:00 AM
FlatPress v1.3 - Remote Command Execution
- [webapps] WordPress Plugin Background Image...on 21 April 2024 at 1:00 AM
WordPress Plugin Background Image Cropper v1.2 - Remote Code Execution
- [webapps] SofaWiki 3.9.2 - Remote Command...on 21 April 2024 at 1:00 AM
SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated)
- [webapps] Flowise 1.6.5 - Authentication Bypasson 21 April 2024 at 1:00 AM
Flowise 1.6.5 - Authentication Bypass
ABOUT US
RiSec represents an autonomous, non-profit alliance comprising of individuals dedicated to enhancing cybersecurity awareness and education. Read more
Contact us: security@realinfosec.net
Social
Subscribe for weekly updates
Copyright © RiSec 2023 All rights reserved.
All trademarks, logos, images and brand names are the property of their respective owners.