Aggregator

Head Mare, a hacktivist group targeting Russia and Belarus, leverages phishing campaigns distributing WinRAR archives to exploit CVE-2023-38831 for initial access. By deploying LockBit and Babuk ransomware, they encrypt victim systems and publicly disclose stolen data.  The group shares similarities with other anti-Russian hacktivists in tactics but employs more advanced access methods, as their operations, […]

The post Hackers Exploiting WinRAR Flaw To Attacks Windows & Linux(ESXi) Machines appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

In the beginning of August 2024, Sonos released a security advisory in which they fixed two security vulnerabilities that were associated with Remote Code Execution. These vulnerabilities have been assigned with CVE-2023-50810 and CVE-2023-50809.  These vulnerabilities were existing in Sonos One and Sonos Era-100 Bluetooth speakers which could allow a threat actor to record the […]

The post Sonos Smart Speaker Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.

A vulnerability classified as critical has been found in FIWARE Keyrock up to 8.4. Affected is the function generate_app_certificates of the file controllers/saml2/saml2.js. The manipulation leads to os command injection. This vulnerability is traded as CVE-2024-42167. It is possible to launch the attack remotely. There is no exploit available.

Сервис аренды превратился в сеть конспиративных квартир.

攻击危害较大，建议立即封禁

Businesses are rapidly adopting digital transformations such as cloud migrations, software as a service (SaaS), and unified communications as a service (UCaaS) to gain a competitive edge. These advancements enable seamless communication and agility but also introduce complexity to network environments. This complexity...

从任意物理内存写出发的心灵奇旅

The threat landscape is significantly evolving, and cybersecurity researchers are continuously developing new security mechanisms to mitigate such evolving and sophisticated threats. Cybersecurity researchers Lloyd Fournier, Nick Farrow, and Robin Linus recently discovered a new Dark Skippy attack that enables hackers to steal secret keys from signing devices. While it was discovered on the 8th […]

The post New Dark Skippy Attack Let Hackers Steal Secret Keys From Signing Device appeared first on Cyber Security News.

Как Живой Журнал получил вторую жизнь благодаря хакерам.

New lunar time proposal is a first step for Moon GPS.

For the latest discoveries in cyber research for the week of 12th August, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Financial data systems of The Grand Palais which hosts Olympic events in France, were targeted by an undisclosed ransomware group. As part of the attack, also the financial systems of around 40 […]

The post 12th August – Threat Intelligence Report appeared first on Check Point Research.

A vulnerability was found in FIWARE Keyrock up to 8.4. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument random leads to insufficiently random values. The identification of this vulnerability is CVE-2024-42165. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in FIWARE Keyrock up to 8.4. It has been declared as critical. This vulnerability affects the function generate_app_certificates in the library lib/app_certificates.js. The manipulation leads to os command injection. This vulnerability was named CVE-2024-42166. The attack can be initiated remotely. There is no exploit available.