Aggregator

ESET discovered the first Unified Extensible Firmware Interface (UEFI) bootkit specifically designed for Linux systems, named Bootkitty. Cybersecurity researchers from ESET discovered the first UEFI bootkit designed to target Linux systems, called by its authors Bootkitty. The bootkit allows attackers to disable the kernel’s signature verification feature and to preload two as yet unknown ELF […]

Threat actors are using public exploits for a critical authentication bypass flaw in ProjectSend to upload webshells and gain remote access to servers. [...]

CornDB is Allegedly Selling Credit Card Data of Hyp Payment Solutions

A vulnerability was found in ARM Trusted Firmware-M 1.4.0/1.4.1 and classified as critical. Affected by this issue is some unknown functionality of the component Firmware Update Handler. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2021-43619. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability classified as problematic was found in Trusted Firmware-A up to 2.8. Affected by this vulnerability is an unknown functionality of the component X.509 Parser. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2022-47630. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability classified as critical has been found in Trusted Firmware-M up to 1.8.0. This affects an unknown part of the component CryptoCell PSA Driver software Interface. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2023-40271. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A Threat Actor Claims to be Selling Data of Madame GS

A Threat Actor Claims to be Selling Thailand Investment Company Leads

A Threat Actor has Allegedly Leaked the Data of Alihankinta

A Threat Actor is Allegedly Selling the Data of ZuZu[.]ch

Zello is warning customers to reset their passwords if their account was created before November 2nd in what appears to be another security breach. [...]

A Threat Actor Has Allegedly Leaked the Data of St. Andrew's Endicott

Interpol led 19 African countries in a massive anti-cybercriminal effort dubbed "Operation Serengeti" that shut down a range of scams and attacks that bled $193 million from 35,000 victims. More than 1,000 people were arrested and more than 134,000 malicious infrastructures shut down.

The post Interpol, African Nations Arrest 1,006 in Sweeping ‘Operation Serengeti’ appeared first on Security Boulevard.

A vulnerability classified as very critical has been found in Oracle Hospitality Simphony up to 19.5.4. This affects an unknown part of the component Simphony Enterprise Server. The manipulation leads to Privilege Escalation. This vulnerability is uniquely identified as CVE-2024-21010. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.