Aggregator

The government’s top cybersecurity unit is requiring civilian federal agencies to better secure

The global Secure Access Service Edge (SASE) market reached $2.4 billion in the third quarter of

Catch this episode on YouTube, Apple, Spotify, or Amazon. You can read the show notes her

Бесплатный VPN превратил VR-устройства в кибероружие.

A vulnerability was suspected in Linux Kernel up to 6.6.17/6.7/6.7.5. Further analysis revealed that this issues is a false-positive. Please take a look at the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in Linux Kernel up to 6.1.85/6.6.26/6.8.5. Further analysis revealed that this issues is a false-positive. Please take a look at the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in Linux Kernel up to 6.6.30/6.8.9. This issue appears to be a false-positive. Please verify the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in Linux Kernel up to 6.6.40/6.9.9. Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

A vulnerability was suspected in Linux Kernel up to 6.1.104/6.6.45/6.10.4. Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

A vulnerability, which was classified as problematic, was found in AutomatorWP Plugin up to 5.0.9 on WordPress. This affects an unknown part. The manipulation of the argument a-0-o-search_field_value leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-12626. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability classified as critical has been found in Xen. Affected is an unknown function of the component VGA Handler. The manipulation leads to deadlock. This vulnerability is traded as CVE-2024-45818. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in Xen. Affected by this vulnerability is an unknown functionality of the component libxl. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-45819. Access to the local network is required for this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was suspected in Linux Kernel up to 6.7.5. Further investigation has shown that this issues is a false-positive. Please review the sources mentioned and consider not using this entry at all.

Through the use of XLoader and impersonating SharePoint notifications, researchers were able to identify a sophisticated malware delivery campaign.  A link that was disguised as a legitimate SharePoint notification was included in the emails that were sent out at the beginning of the attack.  The engine flagged the message as malicious based on several factors: […]

The post Beware Of Malicious SharePoint Notifications That Delivers Xloader Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Researchers have identified a rise in malicious activity on the VSCode Marketplace, highlighting the vulnerability of the platform to supply chain attacks similar to those previously seen in the npm community. Malicious actors are increasingly exploiting npm packages to distribute malicious code, mirroring tactics previously used in VSCode extensions that involve the npm package etherscancontracthandler, […]

The post Malicious Supply Chain Attacking Moving From npm Community To VSCode Marketplace appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability was found in BlueSocket Bsc 2100 up to 5.1. It has been classified as critical. This affects an unknown part of the file admin.pl. The manipulation of the argument ad_name leads to basic cross site scripting. This vulnerability is uniquely identified as CVE-2006-6363. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

TA397, also known as Bitter, targeted a Turkish defense organization with a spearphishing email containing a RAR archive, which included a decoy PDF, a malicious LNK file disguised as a PDF, and an ADS file with PowerShell code.  This technique, common for TA397, leverages NTFS ADS to establish persistence and deploy further malware like wmRAT […]

The post Hackers Weaponizing LNK Files To Create Scheduled Task And Deliver Malware Payload appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A vulnerability, which was classified as critical, has been found in Adobe Flash Player. This issue affects some unknown processing. The manipulation leads to use after free. The identification of this vulnerability is CVE-2016-4226. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.