Passport-SAML auth bypass triggers fix of critical, upstream XMLDOM bug
Adam Bannister 08 November 2022 at 16:33 UTC Updated: 25 November 2022 at 10:37 UTC Rapid remedy follows reawakening of long-dormant bug threat A critical…
Latest Cybersecurity News — Page 6098
View all →Russia’s Cyberwar Foreshadowed Deadly Attacks on Civilians
But for anyone involved in fending off Russia’s cyberattacks on Ukraine over the past eight years, Russia’s preference for civilian over military targets has long…
BitKeep Confirms Cyber Attack, Loses Over $9 Million in Digital Currencies
Dec 28, 2022Ravie LakshmananBlockchain / Android Malware Decentralized multi-chain crypto wallet BitKeep on Wednesday confirmed a cyberattack that allowed threat actors to distribute fraudulent versions…
CSS injection flaw patched in Acronis cloud management console
CSRF attacks could be triggered to access and exfiltrate information A security researcher has disclosed a CSS injection flaw in Acronis software which could be…
Google Pixel screen-lock hack earns researcher $70k
John Leyden 10 November 2022 at 16:14 UTC Updated: 11 November 2022 at 11:23 UTC Android security pwned by PUK reset trick A security researcher…
APT Hackers Turn to Malicious Excel Add-ins as Initial Intrusion Vector
Dec 28, 2022Ravie LakshmananMalware / Windows Security Microsoft’s decision to block Visual Basic for Applications (VBA) macros by default for Office files downloaded from the…
CSRF in Plesk API enabled server takeover
Ben Dickson 11 November 2022 at 11:31 UTC Updated: 11 November 2022 at 16:51 UTC Bugs in programming interfaces of web hosting admin tool patched…
Google wants its Gmail users to take these security steps in 2023
Google, the much-used search engine across the world, has disclosed some security steps to its Gmail users to stay cyber safe in the year 2023.…
Prototype pollution project yields another Parse Server RCE
Adam Bannister 11 November 2022 at 15:37 UTC Updated: 02 December 2022 at 11:49 UTC Bug emerges from ambition to find ‘end-to-end exploits beyond DoS’…
Black Basta Ransomware hits two electric utilities in America
Black Basta Ransomware Group has reportedly hit two electric utilities in North America in October this year and the attack took place after they compromised…
Linux Kernel Use-After-Free RCE Vulnerability
An emergency security patch was released by Linux recently to fix a kernel-level security critical severity vulnerability. This vulnerability has achieved a CVSS Score of…
All Day DevOps: Third of Log4j downloads still pull vulnerable version despite threat of supply chain attacks
Adam Bannister 14 November 2022 at 16:16 UTC Updated: 24 November 2022 at 12:50 UTC AppSec engineer keynote says Log4j revealed lessons were not learned…