Security
Headlines
HeadlinesLatestCVEs

Latest News

Genetec Physical Security Report Shows Accelerating Hybrid Cloud Adoption

More than 4% of US attempted e-commerce transactions between Thanksgiving and Cyber Monday suspected to be fraudulent.

DARKReading
Open in Source
#git#intel
How Art Appreciation Supplements Cybersecurity Skills

Using different parts of our brains gives us different perspectives on the world around us and new approaches to the problems we face in security.

Google Launches Open Source Patch Validation Tool

Vanir automates the process of scanning source code to identify missing security patches.

Black Basta Ransomware Evolves with Email Bombing, QR Codes, and Social Engineering

The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024. "Users within the target environment will be email bombed by the threat actor, which is often achieved by signing up the user's email to numerous mailing lists simultaneously," Rapid7

Digital Assets Cybersecurity Essentials

Discover essential tips to secure your digital assets like crypto, NFTs, and tokens. Learn about wallet safety, avoiding…

Encrypted messaging service intercepted, 2.3 million messages read by law enforcement

Authorities were able to intercept the Matrix messaging service’s traffic and monitor criminal activity for three months.

GHSA-35fc-9hrj-3585: Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled

Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Allows for lower privilege users to use this API.  issue affects Apache Superset: from 2.0.0 before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue.

GHSA-2cx9-54hp-r698: Apache Superset: Error verbosity exposes metadata in analytics databases

Generation of Error Message Containing analytics metadata Information in Apache Superset. This issue affects Apache Superset: before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue.

GHSA-92qf-8gh3-gwcm: Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887 with additional disallowed PostgreSQL functions now included: query_to_xml_and_xmlschema, table_to_xml, table_to_xml_and_xmlschema. This issue affects Apache Superset: <4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue or add these Postgres functions to the config set DISALLOWED_SQL_FUNCTIONS.

Large-Scale Incidents &amp; the Art of Vulnerability Prioritization

We can anticipate a growing number of emerging vulnerabilities in the near future, emphasizing the need for an effective prioritization strategy.