Aggregator

APT36 evolved its remote access trojan, ElizaRAT, along with introducing a new stealer payload called ApoloStealer

A vulnerability was found in Samba up to 3.6.x. It has been declared as very critical. Affected by this vulnerability is the function GetAliasMembership. The manipulation leads to numeric error. This vulnerability is known as CVE-2012-1182. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Canadian authorities arrested a suspect linked to multiple hacks following a breach of cloud data platform Snowflake earlier this year. Canadian law enforcement agencies arrested a suspect, Alexander “Connor” Moucka (aka Judische and Waifu), who is accused of being responsible for a series of attacks relying on information stolen from the cloud data warehousing platform […]

Security and development teams often face a tough challenge: delivering a secure, quality product quickly without bogging down the pipeline. Security testing is traditionally squeezed in late, sometimes even right...

The post How PTaaS Supports Shift-Left Security Practices? appeared first on Strobes Security.

The post How PTaaS Supports Shift-Left Security Practices? appeared first on Security Boulevard.

Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: CVE-2024-43047, a flaw affecting Qualcomm chipsets, and CVE-2024-43093, a vulnerability in the Google Play framework. The exploited vulnerabilities (CVE-2024-43047, CVE-2024-43093) Qualcomm patched CVE-2024-43047 – a use-after-free vulnerability in the Digital Signal Processor (DSP) service that could be exploited to escalate privileges on targeted devices – in October 2024, and urged original equipment manufacturers (OEMs) to deploy the patches … More →

The post Google patches actively exploited Android vulnerability (CVE-2024-43093) appeared first on Help Net Security.

Команды из школ и вузов примут участие в VIII Кубке CTF.

ИИ становится инструментом хакеров для похищения данных туристов.

A vulnerability was found in Linux Kernel up to 6.7.6. It has been classified as problematic. This affects the function usb_gadget_giveback_request of the component cdns3. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-26748. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.7.6. It has been declared as problematic. This vulnerability affects the function cdns3_gadget_ep_disable of the component cdns3. The manipulation leads to use after free. This vulnerability was named CVE-2024-26749. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.7.6. It has been rated as problematic. This issue affects the function gpiod_lookup_table of the component ep93xx. The manipulation leads to infinite loop. The identification of this vulnerability is CVE-2024-26751. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 5.10.210/5.15.149/6.1.79/6.6.18/6.7.6 and classified as critical. Affected by this vulnerability is the function devm_kasprintf of the component dmaengine. The manipulation leads to null pointer dereference. This vulnerability is known as CVE-2024-26771. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 5.10.210/5.15.149/6.1.79/6.6.18/6.7.6. It has been rated as critical. This issue affects some unknown processing of the component hisi-sfc-v3xx. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2024-26776. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 5.10.211/6.1.79/6.6.18/6.7.6. Affected is the function virtio_crypto_akcipher_session_para of the component crypto. The manipulation leads to stack-based buffer overflow. This vulnerability is traded as CVE-2024-26753. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Nov. 7 Summit to Confront the Next Generation of Financial Cyber Risks
ISMG’s 2024 Financial Services Cybersecurity Summit kicks off Thursday in New York City, bringing together industry leaders and cyber experts to explore critical defense strategies, including digital identity protection, SecOps transformation and realistic threat simulations.

Proof of Concepts Available for Cylon Aspect Energy Management Software
Vulnerabilities in a smart building energy management system including an easily exploitable, two-year-old flaw that hasn't been widely patched could let hackers take over instances misconfigured to allow internet exposure. The flaws affect Cylon Aspect software from electrical engineering firm ABB.