EulerOS 2.0 SP12 : python-paramiko (EulerOS-SA-2024-1750)

According to the versions of the python-paramiko package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to...

Teslas Can Still Be Stolen With a Cheap Radio Hack—Despite New Keyless Tech

Ultra-wideband radio has been heralded as the solution for “relay attacks” that are used to steal cars in seconds. But researchers found Teslas equipped with it are as vulnerable as ever...

mngd.tech Cross Site Scripting vulnerability OBB-3928697

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Cybercriminals Exploiting Microsoft's Quick Assist Feature in Ransomware Attacks

The Microsoft Threat Intelligence team said it has observed a threat actor it tracks under the name Storm-1811 abusing the client management tool Quick Assist to target users in social engineering attacks. "Storm-1811 is a financially motivated cybercriminal group known to deploy Black Basta...

Threat actors misusing Quick Assist in social engineering attacks leading to ransomware

June 2024 update: At the end of May 2024, Microsoft Threat Intelligence observed Storm-1811 using Microsoft Teams as another vector to contact target users. Microsoft assesses that the threat actor uses Teams to send messages and initiate calls in an attempt to impersonate IT or help desk...

EulerOS Virtualization 2.11.0 : libssh2 (EulerOS-SA-2024-1629)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacke...

Cybrosys Techno Solutions Text Commander 安全漏洞

Cybrosys Techno Solutions Text Commander is an application from Cybrosys Techno Solutions. A security vulnerability exists in Cybrosys Techno Solutions Text Commander versions 16.0 through 16.0.1. A remote attacker can exploit the vulnerability to gain privileges via the data parameter of...

Watch out for tech support scams lurking in sponsored search results

This blog post was written based on research carried out by Jérôme Segura. A campaign using sponsored search results is targeting home users and taking them to tech support scams. Sponsored search results are the ones that are listed at the top of search results and are labelled "Sponsored". They...

C2-Cloud - The C2 Cloud Is A Robust Web-Based C2 Framework, Designed To Simplify The Life Of Penetration Testers

The C2 Cloud is a robust web-based C2 framework, designed to simplify the life of penetration testers. It allows easy access to compromised backdoors, just like accessing an EC2 instance in the AWS cloud. It can manage several simultaneous backdoor sessions with a user-friendly interface. C2 Clou...

The US Government Is Asking Big Tech to Promise Better Cybersecurity

The Biden administration is asking tech companies to sign a pledge, obtained by WIRED, to improve their digital security, including reduced default password use and improved vulnerability disclosures...

Fedora 40 : doctl (2023-0355346550)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-0355346550 advisory. Automatic update for doctl-1.102.0-3.fc40. Changelog Sun Dec 31 2023 Mikel Olasagasti Uranga - Update to 1.102.0 - Closes rhbz2255468 rhbz2255083 Tenable has...

School Employee Allegedly Framed a Principal With Racist Deepfake Rant

Plus: Google holds off on killing cookies, Samourai Wallet founders get arrested, and GM stops driver surveillance program...

DHS Establishes AI Safety Board with Tech Titans and Experts

By Waqas The Department of Homeland Security DHS has formed an AI Safety Board to ensure secure AI use in critical infrastructure. This is a post from HackRead.com Read the original post: DHS Establishes AI Safety Board with Tech Titans and Experts...

Google ad for Facebook redirects to scam

Today, we are looking at a malicious ad campaign targeting Facebook users via Google search. It is well-known that tech support scammers attract new victims by buying ads for certain keywords related to their audience. What is perhaps less known is how it is even possible to impersonate top brand...

Microsoft and Security Incentives

Former senior White House cyber policy director A. J. Grotto talks about the economic incentives for companies to improve their security--in particular, Microsoft: Grotto told us Microsoft had to be "dragged kicking and screaming" to provide logging capabilities to the government by default, and...

Police Chiefs Call for Solutions to Access Encrypted Data in Serious Crime Cases

European Police Chiefs said that the complementary partnership between law enforcement agencies and the technology industry is at risk due to end-to-end encryption E2EE. They called on the industry and governments to take urgent action to ensure public safety across social media platforms. "Priva...

Keep Your Tech Flame Alive: Trailblazer Samantha Lee

...

Huawei EulerOS: Security Advisory for openssh (EulerOS-SA-2024-1533)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.10.0 : libssh2 (EulerOS-SA-2024-1529)

According to the versions of the libssh2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attacke...

The Real-Time Deepfake Romance Scams Have Arrived

Watch how smooth-talking scammers known as “Yahoo Boys” use widely available face-swapping tech to carry out elaborate romance scams...