4168 matches found
From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022
As many as 55 zero-day vulnerabilities were exploited in the wild in 2022, with most of the flaws discovered in software from Microsoft, Google, and Apple. While this figure represents a decrease from the year before, when a staggering 81 zero-days were weaponized, it still represents a significa...
From Ransomware to Cyber Espionage: 55 Zero-Day Vulnerabilities Weaponized in 2022
As many as 55 zero-day vulnerabilities were exploited in the wild in 2022, with most of the flaws discovered in software from Microsoft, Google, and Apple. While this figure represents a decrease from the year before, when a staggering 81 zero-days were weaponized, it still represents a significa...
DotRunpeX: The Malware That Infects Systems with Multiple Families
By Deeba Ahmed Researchers suspect that the malware may be operated by Russian-speaking groups, given the references to the language in its code. This is a post from HackRead.com Read the original post: DotRunpeX: The Malware That Infects Systems with Multiple Families...
SUSE SLES15: docker / docker-bash-completion / docker-fish-completion / etc (SUSE-SU-2023:0795-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:0795-1 advisory. Docker was updated to 20.10.23-ce. See upstream changelog at https://docs.docker.com/engine/release-notes/201023 Docker was...
KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks
In the last year, geopolitical tension has led to an uptick of reported cybercrime events fueled by hacktivist groups. The US Cybersecurity and Infrastructure Security Agency CISA published an advisory to warn organizations about these attacks and teamed with the FBI on a distributed...
KillNet and affiliate hacktivist groups targeting healthcare with DDoS attacks
In the last year, geopolitical tension has led to an uptick of reported cybercrime events fueled by hacktivist groups. The US Cybersecurity and Infrastructure Security Agency CISA published an advisory to warn organizations about these attacks and teamed with the FBI on a distributed...
Multiple Hacker Groups Exploit 3-Year-Old Vulnerability to Breach U.S. Federal Agency
Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S. The disclosure comes from a joint advisory issued by the Cybersecurity and Infrastructure Security Agency CISA, Federal...
Siemens RUGGEDCOM CROSSBOW Access Control Error Vulnerability (CNVD-2023-17662)
An access control error vulnerability exists in Siemens RUGGEDCOM CROSSBOW, a secure access management solution designed to provide NERC CIP-compliant access to intelligent electronic devices, which stems from a failure of the affected application's client-side query handler to check for...
Fedora 37 : stargz-snapshotter (2023-ee472c698c)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ee472c698c advisory. Release of stargz snapshotter v0.14.2 https://github.com/containerd/stargz- snapshotter/releases/tag/v0.14.2 This release uses containerd v1.7.0-rc....
Fedora 36 : containerd (2023-aadd08ab96)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-aadd08ab96 advisory. Update containerd to 1.16.19 - Mitigates CVE-2023-25153 / GHSA-259w-8hf6-59c2 - Mitigates CVE-2023-25173 / GHSA-hmfx-3pcx-653p Tenable has extracted...
Fedora 37 : containerd (2023-05b39bc048)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-05b39bc048 advisory. Update containerd to 1.16.19 - Mitigates CVE-2023-25153 / GHSA-259w-8hf6-59c2 - Mitigates CVE-2023-25173 / GHSA-hmfx-3pcx-653p Tenable has extracted...
[SECURITY] Fedora 38 Update: sudo-1.9.13-1.p2.fc38
Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...
Design/Logic Flaw
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.2. The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to...
CVE-2023-27310
A vulnerability has been identified in RUGGEDCOM CROSSBOW All versions V5.2. The client query handler of the affected application fails to check for proper permissions when assigning groups to user accounts. This could allow an authenticated remote attacker to assign administrative groups to...
PT-2023-1880 · Siemens · Ruggedcom Crossbow
Name of the Vulnerable Software and Affected Versions: RUGGEDCOM CROSSBOW versions prior to V5.2 Description: A vulnerability has been identified in the client query handler of the affected application, which fails to check for proper permissions when assigning groups to user accounts. This could...
Siemens RUGGEDCOM CROSSBOW 安全漏洞
An access control error vulnerability exists in Siemens RUGGEDCOM CROSSBOW, a secure access management solution designed to provide NERC CIP-compliant access to intelligent electronic devices, which stems from a failure of the affected application's client-side query handler to check for...
Actors, Threats and Vulnerabilities 6 March to 12 March 2023
For a detailed threat digest, download the pdf file here Summary For a detailed threat digest, download the pdf file here Last week, HiveForce Labs discovered three threat actors. One of them is a Russian group called TA499, which has a history of conducting different cyberattacks such as...
Fedora 38 : containerd (2023-cd000ea847)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-cd000ea847 advisory. Update containerd to 1.16.19 - Mitigates CVE-2023-25153 / GHSA-259w-8hf6-59c2 - Mitigates CVE-2023-25173 / GHSA-hmfx-3pcx-653p Tenable has extracted...
FAQ: Transitioning to the highly anticipated new revision of ISO 27001
For a group like Coalfire Certification that lives and breathes these standards daily, it has been an exciting few months monitoring the progress of this publication and its review through the various ISO working groups...
Hackers leak DC Health Link data with Congress Members’ details
By Habiba Rashid The data contains personal and medical details of several members of the U.S. Congress, which are now circulating on Russian hacker forums as well as on Telegram groups. This is a post from HackRead.com Read the original post: Hackers leak DC Health Link data with Congress Member...