Cyber security aggregate rss news

Cyber security aggregator - feeds history

totals: cyware (4) packetstormsecurity (6) thehackernews (3)

New Truebot Malware Variant Leveraging Netwrix Auditor Bug and Raspberry Robin Worm

cyware Dec 10, 2022 Malware and Vulnerabilities

Cisco Talos said the attackers behind the operation have moved from using malicious emails to alternative delivery methods such as the exploitation of a now-patched RCE flaw in Netwrix auditor as well as the Raspberry Robin worm.

MuddyWater Hackers Target Asian and Middle East Countries with Updated Tactics

cyware Dec 10, 2022 Threat Actors

The Iran-linked MuddyWater threat actor has been observed targeting several countries in the Middle East as well as Central and West Asia as part of a new spear-phishing activity.

Iranian APT Targets US With Drokbk Spyware via GitHub

cyware Dec 10, 2022 Threat Actors

A subgroup of the state-backed Iranian threat actor Cobalt Mirage is using a new custom malware dubbed "Drokbk" to attack a variety of US organizations, using GitHub as a "dead-drop resolver."

Over 4,000 Vulnerable Pulse Connect Secure Hosts Exposed to Internet

cyware Dec 10, 2022 Malware and Vulnerabilities

More than 4,000 internet-accessible Pulse Connect Secure hosts are impacted by at least one known vulnerability, attack surface management firm Censys warns. Pulse Connect Secure provides remote users with secure access to corporate resources.

Debian Security Advisory 5298-1

packetstormsecurity Dec 10, 2022 Feed

Debian Linux Security Advisory 5298-1 - Two security vulnerabilities have been discovered in Cacti, a web interface for graphing of monitoring systems, which could result in unauthenticated command injection or LDAP authentication bypass.

Spitfire CMS 1.0.475 PHP Object Injection

packetstormsecurity Dec 10, 2022 Feed

Spitfire CMS version 1.0.475 is prone to a PHP object injection vulnerability due to the unsafe use of unserialize() function. A potential attacker, authenticated, could exploit this vulnerability by sending specially crafted requests to the web application containing malicious serialized input.

Senayan Library Management System 9.1.0 SQL Injection

packetstormsecurity Dec 10, 2022 Feed

Senayan Library Management System 9.1.0 suffers from a remote SQL injection vulnerability.

Senayan Library Management System 9.0.0 SQL Injection

packetstormsecurity Dec 10, 2022 Feed

Senayan Library Management System version 9.0.l0 suffers from a remote SQL injection vulnerability.

Senayan Library Management System 9.0.0 Cross Site Scripting

packetstormsecurity Dec 10, 2022 Feed

Senayan Library Management System version 9.0.0 suffers from a cross site scripting vulnerability.

Senayan Library Management System 9.4.0 Cross Site Scripting

packetstormsecurity Dec 10, 2022 Feed

Senayan Library Management System version 9.4.0 suffers from a cross site scripting vulnerability.

Researchers Detail New Attack Method to Bypass Popular Web Application Firewalls

thehackernews Dec 10, 2022 Feed

A new attack method can be used to circumvent web application firewalls (WAFs) of various vendors and infiltrate systems, potentially enabling attackers to gain access to sensitive business and customer information. Web application firewalls are a key line of defense to help filter, monitor, and block HTTP(S) traffic to and from a web application, and safeguard against attacks such as cross-site

Cisco Warns of High-Severity Unpatched Flaw Affecting IP Phones Firmware

thehackernews Dec 10, 2022 Feed

Cisco has released a new security advisory warning of a high-severity flaw affecting IP Phone 7800 and 8800 Series firmware that could be potentially exploited by a remote attacker to cause remote code execution or a denial-of-service (DoS) condition. The networking equipment major said it's working on a patch to address the vulnerability, which is tracked as CVE-2022-20968 (CVSS score: 8.1) and

Hack-for-Hire Group Targets Travel and Financial Entities with New Janicab Malware Variant

thehackernews Dec 10, 2022 Feed

Travel agencies have emerged as the target of a hack-for-hire group dubbed Evilnum as part of a broader campaign aimed at legal and financial investment institutions in the Middle East and Europe. The attacks targeting law firms throughout 2020 and 2021 involved a revamped variant of a malware called Janicab that leverages a number of public services like YouTube as dead drop resolvers,

2022-12

202020212022202320242025

Aggregator history

Saturday, December 10

THU

FRI

SAT

SUN

MON

TUE

WED