Aggregator

In a new campaign that is aimed at users who speak Russian, the modular remote access tool (RAT) known as DCRat has been utilized.  Delivered through HTML smuggling, a technique not previously seen with DCRat, the malware leverages its typical RAT capabilities to execute shell commands, log keystrokes, exfiltrate files, and steal credentials, which marks […]

The post DCRAt Attacking Users Via HTML Smuggling To Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Протокол снова подвергся атаке из-за ошибки в Compound Finance v2.

A vulnerability classified as problematic has been found in Apple tvOS up to 9.2.1. Affected is an unknown function of the component Kernel. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2016-1865. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.43/6.10.2. It has been declared as problematic. This vulnerability affects the function bwmon_remove of the file drivers/opp/core.c of the component icc-bwmon. The manipulation leads to improper update of reference count. This vulnerability was named CVE-2024-43850. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.1.102/6.6.43/6.10.2. Affected by this vulnerability is the function sync_filesystem of the file fs/f2fs/inode.c of the component f2fs. The manipulation leads to denial of service. This vulnerability is known as CVE-2024-42297. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in infolinks Ad Wrap Plugin up to 1.0.2 on WordPress and classified as problematic. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-8044. The attack may be launched remotely. There is no exploit available.

For the latest discoveries in cyber research for the week of 30th September, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES American money transfer service MoneyGram has experienced a cyber-attack which led to significant network outages that disrupted its services globally. The attack has affected money transactions, particularly in the Caribbean, Jamaica and […]

The post 30th September – Threat Intelligence Report appeared first on Check Point Research.

Global news agency AFP (Agence France-Presse) is warning that it suffered a cyberattack on Friday, which impacted IT systems and content delivery services for its partners. [...]

Raspberry Pi делает компьютерное зрение доступным для всех.

A Deloitte and NASCIO survey found that a third of state CISOs do not have a dedicated cybersecurity budget

WSJ: спецслужбы США успешно используют мессенджер в расследованиях.

The threat actors managed to gain access to Sen. Ben Cardin (D-Md.) by posing as a Ukrainian official, before quickly being outed.

By combining agility with compliance, and security with accessibility, businesses will treat their data as a well-prepared traveler, ready for any adventure.