InfoSec News Feeds
Aggregated InfoSec News
Packetstorm
- Ubuntu Security Notice USN-6750-1on 25 April 2024 at 3:28 PM
Ubuntu Security Notice 6750-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security […]
- Ubuntu Security Notice USN-6743-3on 25 April 2024 at 3:27 PM
Ubuntu Security Notice 6743-3 - Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.
- Ubuntu Security Notice USN-6657-2on 25 April 2024 at 3:26 PM
Ubuntu Security Notice 6657-2 - USN-6657-1 fixed several vulnerabilities in Dnsmasq. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Dnsmasq incorrectly handled validating […]
THN
- North Korea's Lazarus Group Deploys New Kaolin...by info@thehackernews.com (The Hacker News) on 25 April 2024 at 5:47 PM
The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT. The malware could, "aside from standard RAT functionality, change the last write timestamp of a selected file and load any received […]
- Network Threats: A Step-by-Step Attack...by info@thehackernews.com (The Hacker News) on 25 April 2024 at 12:13 PM
Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration. See how attackers remain undetected with the simplest tools and why you need multiple choke points in your defense strategy. Surprisingly, most network attacks are not exceptionally […]
- DOJ Arrests Founders of Crypto Mixer Samourai for...by info@thehackernews.com (The Hacker News) on 25 April 2024 at 11:21 AM
The U.S. Department of Justice (DoJ) on Wednesday announced the arrest of two co-founders of a cryptocurrency mixer called Samourai and seized the service for allegedly facilitating over $2 billion in illegal transactions and for laundering more than $100 million in criminal proceeds. To that […]
PortSwigger
- We’re going teetotal: It’s goodbye to The...on 2 March 2023 at 3:05 PM
PortSwigger today announces that The Daily Swig is closing down
- Bug Bounty Radar // The latest bug bounty...on 28 February 2023 at 8:15 PM
New web targets for the discerning hacker
- Indian transport ministry flaws potentially...on 28 February 2023 at 3:15 PM
Armed with personal data fragments, a researcher could also access 185 million citizens’ PII
Security Affaris
- CISA adds Cisco ASA and FTD and CrushFTP VFS...by Pierluigi Paganini on 25 April 2024 at 9:17 PM
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Cisco Talos this week warned that […]
- CISA adds Microsoft Windows Print Spooler flaw to...by Pierluigi Paganini on 25 April 2024 at 2:33 PM
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-38028 Microsoft Windows Print Spooler Privilege Escalation vulnerability to its Known Exploited […]
- DOJ arrested the founders of crypto mixer...by Pierluigi Paganini on 25 April 2024 at 2:11 PM
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer Samourai. The U.S. Department of Justice (DoJ) has arrested two co-founders of the cryptocurrency mixer Samourai and seized the service. The allegations include claims of facilitating over $2 […]
HackerOne
- Hack My Career: Meet Frances Hby Marina Briones on 24 April 2024 at 8:10 PM
- SOC 2 and Pentesting: What You Need to Knowby HackerOne Pentest Delivery Team on 24 April 2024 at 5:00 PM
Learn about the importance of SOC 2 Type II compliance and how to address it with methodology-driven pentesting.
- Human-Powered Security: The Value of Ethical...by HackerOne on 23 April 2024 at 5:19 PM
Who is an ethical hacker, what is a bug bounty program, and why is human-powered security the best method for strengthening your security posture?
WeLiveSecurity
- What makes Starmus unique? – A Q&A with...on 24 April 2024 at 10:02 AM
The director of the Apollo 11 movie shares his views about the role of technology in addressing pressing global challenges as well as why he became involved with Starmus.
- How technology drives progress – A Q&A with...on 23 April 2024 at 2:33 PM
We spoke to Michel Mayor about the importance of public engagement with science and fostering responsibility among the youth for the preservation of our changing planet
- The vision behind Starmus – A Q&A with the...on 23 April 2024 at 10:36 AM
Dr. Israelian talks about Starmus's vision and mission, the importance of inspiring and engaging audiences, and the strong sense of community within the Starmus universe
TheRegister
- Cops cuff man for allegedly framing colleague...by Thomas Claburn on 25 April 2024 at 10:43 PM
Athletics boss accused of deep-faking Baltimore school principal Baltimore police have arrested Dazhon Leslie Darien, the former athletic director of Pikesville High School (PHS), for allegedly impersonating the school's principal using AI software to make it seem as if he made racist and […]
- Two cuffed in Samourai Wallet crypto dirty money...by Connor Jones on 25 April 2024 at 6:15 PM
Suspects in Portugal and the US said to have laundered over $100M Two men alleged to be co-founders of cryptocurrency biz Samourai Wallet face serious charges and potentially decades in US prison over claims they owned a product that facilitated the laundering of over $100 million in criminal […]
- Russia, Iran pose most aggressive threat to 2024...by Connor Jones on 25 April 2024 at 2:34 PM
Google security crew reveal ‘the four Ds’ to be on the watch for It may come as a surprise to absolutely nobody that experts say, in revealing the most prevalent and likely tactics to meddle with elections this year, that state-sponsored cybercriminals pose the biggest threat.…
Security Week
- Predictive Security Startup BforeAI Raises $15...by Ionut Arghire on 25 April 2024 at 4:47 PM
Predictive attack intelligence and risk protection startup BforeAI has raised $15 million in a Series A funding round led by SYN Ventures. The post Predictive Security Startup BforeAI Raises $15 Million appeared first on SecurityWeek.
- Palo Alto Networks Shares Remediation Advice for...by Eduard Kovacs on 25 April 2024 at 2:24 PM
Palo Alto Networks has shared remediation instructions for organizations whose firewalls have been hacked via CVE-2024-3400. The post Palo Alto Networks Shares Remediation Advice for Hacked Firewalls appeared first on SecurityWeek.
- Autodesk Drive Abused in Phishing Attacks by Ionut Arghire on 25 April 2024 at 1:25 PM
A new phishing campaign abuses compromised email accounts and targets corporate users with PDF files hosted on Autodesk Drive. The post Autodesk Drive Abused in Phishing Attacks appeared first on SecurityWeek.
Exploit-DB Updates
- [remote] Palo Alto PAN-OS < v11.1.2-h3 -...on 21 April 2024 at 1:00 AM
Palo Alto PAN-OS < v11.1.2-h3 - Command Injection and Arbitrary File Creation
- [webapps] Laravel Framework 11 - Credential...on 21 April 2024 at 1:00 AM
Laravel Framework 11 - Credential Leakage
- [webapps] FlatPress v1.3 - Remote Command...on 21 April 2024 at 1:00 AM
FlatPress v1.3 - Remote Command Execution
- [webapps] WordPress Plugin Background Image...on 21 April 2024 at 1:00 AM
WordPress Plugin Background Image Cropper v1.2 - Remote Code Execution
- [webapps] SofaWiki 3.9.2 - Remote Command...on 21 April 2024 at 1:00 AM
SofaWiki 3.9.2 - Remote Command Execution (RCE) (Authenticated)
- [webapps] Flowise 1.6.5 - Authentication Bypasson 21 April 2024 at 1:00 AM
Flowise 1.6.5 - Authentication Bypass
ABOUT US
RiSec represents an autonomous, non-profit alliance comprising of individuals dedicated to enhancing cybersecurity awareness and education. Read more
Contact us: security@realinfosec.net
Social
Subscribe for weekly updates
Copyright © RiSec 2023 All rights reserved.
All trademarks, logos, images and brand names are the property of their respective owners.