Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

Google Fixes Nearly 100 Android Security Issues

Plus: Apple shuts down a Flipper Zero Attack, Microsoft patches more than 30 vulnerabilities, and more critical updates for the last month of 2023.

Wired
Open in Source
#vulnerability#web#ios#android#mac#windows#apple#google#microsoft#dos#apache#rce#buffer_overflow#auth#zero_day#chrome#webkit#firefox#sap
China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks

By Deeba Ahmed The police arrested two suspects in Beijing and two in Inner Mongolia. This is a post from HackRead.com Read the original post: China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks

Malware Leveraging Google Cookie Exploit via OAuth2 Functionality

By Deeba Ahmed Among others, developers of the infamous Lumma, an infostealer malware, are already using the exploit by employing advanced… This is a post from HackRead.com Read the original post: Malware Leveraging Google Cookie Exploit via OAuth2 Functionality

Apache OFBiz 18.12.09 Remote Code Execution

Apache OFBiz version 18.12.09 suffers from a pre-authentication remote code execution vulnerability.

Albanian Parliament and One Albania Telecom Hit by Cyber Attacks

The Assembly of the Republic of Albania and telecom company One Albania have been targeted by cyber attacks, the country’s National Authority for Electronic Certification and Cyber Security (AKCESK) revealed this week. “These infrastructures, under the legislation in force, are not currently classified as critical or important information infrastructure,” AKCESK said. One Albania, which has

iPhone Spyware Exploits Obscure Chip Feature, Targets Researchers

By Deeba Ahmed Triangulation of Terror: Inside the Most Sophisticated iPhone Spyware Campaign Ever Seen. This is a post from HackRead.com Read the original post: iPhone Spyware Exploits Obscure Chip Feature, Targets Researchers

The Worst Hacks of 2023

It was a year of devastating cyberattacks around the globe, from ransomware attacks on casinos to state-sponsored breaches of critical infrastructure.

CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information. The activity, which was detected by the agency between December 15 and 25, 2023, targets government entities

The top 4 ransomware gang failures of 2023

Ransomware gangs don't always win, and when they don't, it feels pretty great.

Microsoft Windows PowerShell Code Execution / Event Log Bypass

Prior work from this researcher disclosed how PowerShell executes unintended files or BASE64 code when processing specially crafted filenames. This research builds on their PSTrojanFile work, adding a PS command line single quote bypass and PS event logging failure. On Windows CL tab, completing a filename uses double quotes that can be leveraged to trigger arbitrary code execution. However, if the filename got wrapped in single quotes it failed, that is until now.