Aggregator

Anubis Ransomware-as-a-Service Kit Adds Data Wiper

darkreading
2 months 3 weeks ago
The threat of wiping files and servers clean gives Anubis affiliates yet another way to leverage ransomware victims who may be hesitant to pay to get their data back, Trend Micro said.
Alexander Culafi, Senior News Writer, Dark Reading

CVE-2023-21413 | AXIS OS Application Handling Service command injection (EUVD-2023-25581)

Vuldb Updates
2 months 3 weeks ago
A vulnerability, which was classified as critical, has been found in AXIS OS. Affected by this issue is some unknown functionality of the component Application Handling Service. The manipulation leads to command injection. This vulnerability is handled as CVE-2023-21413. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2023-45648 | Apache Tomcat up to 8.5.93/9.0.80/10.1.13/11.0.0-M11 request smuggling (DLA 3617-1 / EUVD-2023-2799)

Vuldb Updates
2 months 3 weeks ago
A vulnerability was found in Apache Tomcat up to 8.5.93/9.0.80/10.1.13/11.0.0-M11. It has been classified as critical. Affected is an unknown function. The manipulation leads to http request smuggling. This vulnerability is traded as CVE-2023-45648. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-5485 | Google Chrome up to 117.0.5938.149 Autofill information disclosure (EUVD-2023-57799)

Vuldb Updates
2 months 3 weeks ago
A vulnerability, which was classified as problematic, was found in Google Chrome. Affected is an unknown function of the component Autofill. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2023-5485. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2023-45648 | Oracle Communications Service Catalog and Design 7.4.2.8.0 PSR Designer input validation (EUVD-2023-2799 / Nessus ID 210913)

Vuldb Updates
2 months 3 weeks ago
A vulnerability has been found in Oracle Communications Service Catalog and Design 7.4.2.8.0 and classified as critical. This vulnerability affects unknown code of the component PSR Designer. The manipulation leads to improper input validation. This vulnerability was named CVE-2023-45648. The attack can be initiated remotely. There is no exploit available.
vuldb.com

CVE-2023-45648 | Oracle Communications Diameter Signaling Router 8.6.0.0 Platform input validation (EUVD-2023-2799 / Nessus ID 210913)

Vuldb Updates
2 months 3 weeks ago
A vulnerability, which was classified as critical, was found in Oracle Communications Diameter Signaling Router 8.6.0.0. This affects an unknown part of the component Platform. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2023-45648. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2023-43989 | mokumoku chohu mini-app on Line 13.6.1 Channel Access Token information disclosure (EUVD-2023-48348)

Vuldb Updates
2 months 3 weeks ago
A vulnerability was found in mokumoku chohu mini-app on Line 13.6.1 and classified as problematic. This issue affects some unknown processing of the component Channel Access Token Handler. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2023-43989. The attack needs to be done within the local network. There is no exploit available.
vuldb.com

LinuxFest Northwest: Code-By-Mail: A Rough And Tumble Guide To Submitting To Mailing Lists

Security Boulevard
2 months 3 weeks ago

Authors/Presenters: Sen Hastings (Software Dev And SBC Enthusiast)

Our sincere appreciation to LinuxFest Northwest (Now Celebrating Their Organizational 25th Anniversary Of Community Excellence), and the Presenters/Authors for publishing their superb LinuxFest Northwest 2025 video content. Originating from the conference’s events located at the Bellingham Technical College in Bellingham, Washington; and via the organizations YouTube channel.

Thanks and a Tip O' The Hat to Verification Labs :: Penetration Testing Specialists :: Trey Blalock GCTI, GWAPT, GCFA, GPEN, GPCS, GCPN, CRISC, CISA, CISM, CISSP, SSCP, CDPSE for recommending and appearing as speaker at the LinuxFest Northwest conference.

Permalink

The post LinuxFest Northwest: Code-By-Mail: A Rough And Tumble Guide To Submitting To Mailing Lists appeared first on Security Boulevard.

Marc Handelman

Katz Stealer Boosts Credential Theft with System Fingerprinting and Persistence Mechanisms

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
2 months 3 weeks ago

The emergence of Katz Stealer, a sophisticated information-stealing malware-as-a-service (MaaS) that is redefining the boundaries of credential theft. First detected this year, Katz Stealer combines aggressive data exfiltration with advanced system fingerprinting, stealthy persistence mechanisms, and evasive loader tactics. Distributed primarily through phishing emails and fake software downloads, this malware targets a vast array of […]

The post Katz Stealer Boosts Credential Theft with System Fingerprinting and Persistence Mechanisms appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Washington Post Hacked – Multiple Journalists’ Email Accounts Compromised

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
2 months 3 weeks ago

The Washington Post confirmed late last week that its email systems were targeted in a cyberattack, resulting in the compromise of several journalists’ email accounts. “The Wall Street Journal, which first reported the breach, said it was potentially the work of a foreign government.” The attack, discovered on Thursday evening, affected Microsoft email accounts belonging […]

The post Washington Post Hacked – Multiple Journalists’ Email Accounts Compromised appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Balaji

Managed ad