Fedora: Security Advisory for clang (FEDORA-2023-67f0f8d186)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

New Report Exposes Operation Triangulation's Spyware Implant Targeting iOS Devices

More details have emerged about the spyware implant that's delivered to iOS devices as part of a campaign called Operation Triangulation. Kaspersky, which discovered the operation after becoming one of the targets at the start of the year, said the malware has a lifespan of 30 days, after which i...

Dissecting TriangleDB, a Triangulation spyware implant

Over the years, there have been multiple cases when iOS devices were infected with targeted spyware such as Pegasus, Predator, Reign and others. Often, the process of infecting a device involves launching a chain of different exploits, e.g. for escaping the iMessage sandbox while processing a...

LockBit ransomware on Mac: Should we worry?

One of the big headlines over the weekend is LockBit, the high-profile Russian ransomware gang, decided to expand its portfolio of potential victims by creating and releasing its first macOS payload, potentially triggering members of the Apple community to panic. But have no fear: Apple security...

K77323091: Objective Systems ASN1C Compiler vulnerability CVE-2016-5080

Security Advisory Description Integer overflow in the rtxMemHeapAlloc function in asn1rta.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service heap-based buffer overflow, on a system running an application...

gcc-toolset-12-gcc bug fix update

An update is available for gcc-toolset-12-gcc. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GCC Toolset 12 is a compiler toolset that provides recent versions...

gcc bug fix and enhancement update

An update is available for gcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ad...

Acronis TrueImage XPC Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Acronis TrueImage XPC Privilege Escalation', 'Description' = %q Acronis TrueImage versions 2019 update 1 through 2021 update 1 are vulnerable to...

Low: mingw-gcc security and bug fix update

The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fixes: gcc: uncontrolled recursion in libiberty/rust-demangle.c CVE-2021-46195 For more details about the security issues, including the impact, a CVSS score,...

The art and science behind Microsoft threat hunting: Part 1

At Microsoft, we define threat hunting as the practice of actively looking for cyberthreats that have covertly or not so covertly penetrated an environment. This involves looking beyond the known alerts or malicious threats to discover new potential threats and vulnerabilities. Why do incident...

gcc bug fix and enhancement update

An update is available for gcc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ad...

GHSA-VMQ9-CM7M-4P8P Improper Neutralization of Input During Web Page Generation in Dojo Dojo Objective Harness

Dojo Dojo Objective Harness DOH version prior to version 1.14 contains a Cross Site Scripting XSS vulnerability in unit.html and testsDOH/base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliv...

Improper Neutralization of Input During Web Page Generation in Dojo Dojo Objective Harness

Dojo Dojo Objective Harness DOH version prior to version 1.14 contains a Cross Site Scripting XSS vulnerability in unit.html and testsDOH/base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliv...

FORCEDENTRY: Sandbox Escape

Posted by Ian Beer & Samuel Groß of Google Project Zero We want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit with us, and Apple’s Security Engineering and Architecture SEAR group for collaborating with us on the technical analysis. Any editorial opinions reflected below ar...

New Variant of Chinese Gimmick Malware Targeting macOS Users

Researchers have disclosed details of a newly discovered macOS variant of a malware implant developed by a Chinese espionage threat actor known to strike attack organizations across Asia. Attributing the attacks to a group tracked as Storm Cloud, cybersecurity firm Volexity characterized the new...

RLSA-2021:4386 Low: gcc security and bug fix update

The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fixes: libiberty: Integer overflow in demangletemplate function CVE-2018-20673 For more details about the security issues, including the impact, a CVSS score,...

Low: gcc security and bug fix update

The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fixes: libiberty: Integer overflow in demangletemplate function CVE-2018-20673 For more details about the security issues, including the impact, a CVSS score,...

Nimplant - A Cross-Platform Implant Written In Nim

Nimplant is a cross-platform Linux & Windows implant written in Nim as a fun project to learn about Nim and see what it can bring to the table for red team tool development. Currently, Nimplant lacks extensive evasive tradecraft; however, overtime Nimplant will become much more sophisticated...

Mythic - A Collaborative, Multi-Platform, Red Teaming Framework

A cross-platform, post-exploit, red teaming framework built with python3, docker, docker-compose, and a web browser UI. It's designed to provide a collaborative and user friendly interface for operators, managers, and reporting throughout red teaming. Details Check out a series of YouTube videos...

What You Need to Know About SOX Compliance

By Waqas Achieving SOX compliance is not an extremely difficult objective, but many companies may find it tricky. Let's dig deeper! This is a post from HackRead.com Read the original post: What You Need to Know About SOX Compliance...