Cyber security aggregate rss news

Cyber security aggregator - feeds history

totals: cyware (3) packetstormsecurity (14) thehackernews (3)

CISA: Hackers exploit critical Bitbucket Server flaw in attacks

cyware Oct 01, 2022 Malware and Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has added three more security flaws to its list of bugs exploited in attacks, including a Bitbucket Server RCE and two Microsoft Exchange zero-days.

SolarMarker Attack Leverages Weak WordPress Sites, Fake Chrome Browser Updates

cyware Oct 01, 2022 Malware and Vulnerabilities

Researchers have discovered the group behind the SolarMarker malware targeting a global tax consulting organization with a presence in the US, Canada, the UK, and Europe, which is using fake Chrome browser updates as part of watering hole attacks.

Cybercriminals See Allure in BEC Attacks Over Ransomware

cyware Oct 01, 2022 Threat Intel & Info Sharing

While published trends in ransomware attacks have been contradictory — with some firms tracking more incidents and other fewer — business email compromise (BEC) attacks continue to have proven success against organizations.

Gone In A Day: Ethical Hackers Say It Would Take Mere Hours To Empty Your Network

packetstormsecurity Oct 01, 2022 headline,hacker,data loss,flaw

This Is The GrayKey 2.0, The Tool Cops Use To Hack Phones

packetstormsecurity Oct 01, 2022 headline,government,privacy,phone,google

Rights Groups Say Pentagon Is Buying Its Way Around The 4th Amendment

packetstormsecurity Oct 01, 2022 headline,government,privacy,usa

Microsoft Says Fix For Two Exchange Zero Days On Accelerated Timeline

packetstormsecurity Oct 01, 2022 headline,hacker,microsoft,email,data los

Packet Storm New Exploits For September, 2022

packetstormsecurity Oct 01, 2022 Feed

This archive contains all of the 118 exploits added to Packet Storm in September, 2022.

Ubuntu Security Notice USN-5650-1

packetstormsecurity Oct 01, 2022 Feed

Ubuntu Security Notice 5650-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the show more ...

virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice USN-5648-1

packetstormsecurity Oct 01, 2022 Feed

Ubuntu Security Notice 5648-1 - It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Duoming Zhou discovered show more ...

that race conditions existed in the timer handling implementation of the Linux kernel's Rose X.25 protocol layer, resulting in use-after-free vulnerabilities. A local attacker could use this to cause a denial of service.

ZKSecurity BIO 3.0.5.0_R Privilege Escalation

packetstormsecurity Oct 01, 2022 Feed

ZKSecurity BIO version 3.0.5.0_R suffers from a privilege escalation vulnerability.

ZKSecurity BIO 4.1.2 SQL Injection / Code Execution

packetstormsecurity Oct 01, 2022 Feed

ZKSecurity BIO version 4.1.2 suffers from a remote SQL injection vulnerability that can allow for remote code execution.

Centreon 22.04.0 Cross Site Scripting

packetstormsecurity Oct 01, 2022 Feed

Centreon version 22.04.0 suffers from a persistent cross site scripting vulnerability.

GuppY CMS 6.00.10 Shell Upload

packetstormsecurity Oct 01, 2022 Feed

GuppY CMS version 6.00.10 suffers from an authenticated remote shell upload vulnerability.

Joomla MyMuse 4.3.0 SQL Injection

packetstormsecurity Oct 01, 2022 Feed

Joomla MyMuse extension version 4.3.0 suffers from a remote SQL injection vulnerability.

Joomla JS Jobs Pro 1.3.6 SQL Injection

packetstormsecurity Oct 01, 2022 Feed

Joomla JS Jobs Pro extension version 1.3.6 suffers from a remote SQL injection vulnerability.

Joomla jMarket 5.15 Cross Site Scripting

packetstormsecurity Oct 01, 2022 Feed

Joomla jMarket extension version 5.15 suffers from a cross site scripting vulnerability.

State-Sponsored Hackers Likely Exploited MS Exchange 0-Days Against ~10 Organizations

thehackernews Oct 01, 2022 Feed

Microsoft on Friday disclosed that a single activity group in August 2022 achieved initial access and breached Exchange servers by chaining the two newly disclosed zero-day flaws in a limited set of attacks aimed at less than 10 organizations globally. "These attacks installed the Chopper web shell to facilitate hands-on-keyboard access, which the attackers used to perform Active Directory

CISA Warns of Hackers Exploiting Critical Atlassian Bitbucket Server Vulnerability

thehackernews Oct 01, 2022 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed critical flaw impacting Atlassian's Bitbucket Server and Data Center to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2022-36804, the issue relates to a command injection vulnerability that could allow malicious actors to gain arbitrary

Pay What You Want for This Collection of White Hat Hacking Courses

thehackernews Oct 01, 2022 Feed

Whether you relish a mental challenge or fancy a six-figure paycheck, there are many good reasons to get into white hat hacking. That said, picking up the necessary knowledge to build a new career can seem like a daunting task. There is a lot to learn, after all. To help you get started, The Hacker News Deals is currently running an eye-catching offer: pay what you want for one video course, and

2022-10

202020212022202320242025

Aggregator history

Saturday, October 01

SAT

SUN

MON

TUE

WED

THU

FRI