Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Over 12,000 Computers Compromised by Info Stealers Linked to Users of Cybercrime Forums

A "staggering" 120,000 computers infected by stealer malware have credentials associated with cybercrime forums, many of them belonging to malicious actors. The findings come from Hudson Rock, which analyzed data collected from computers compromised between 2018 to 2023. "Hackers around the world infect computers opportunistically by promoting results for fake software or through YouTube

The Hacker News
Open in Source
#web#mac#intel#The Hacker News
Fake Chrome Browser Update Installs NetSupport Manager RAT

By Waqas Trellix Uncovers Deceptive Chrome Browser Update Campaign Leveraging NetSupport Manager RAT. This is a post from HackRead.com Read the original post: Fake Chrome Browser Update Installs NetSupport Manager RAT

Ubuntu Security Notice USN-6286-1

Ubuntu Security Notice 6286-1 - Daniel Moghimi discovered that some Intel Processors did not properly clear microarchitectural state after speculative execution of various instructions. A local unprivileged user could use this to obtain to sensitive information. It was discovered that some Intel Xeon Processors did not properly restrict error injection for Intel SGX or Intel TDX. A local privileged user could use this to further escalate their privileges.

CVE-2023-40359: XTERM - Change Log

xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue.

Advantech EKI-1524-CE / EKI-1522 / EKI-1521 Cross Site Scripting

Advantech EKI-1524-CE series, EKI-1522 series,and EKI-1521 series versions 1.21 and below and 1.24 and below suffer from cross site scripting vulnerabilities.

Stellar Cyber and Oracle Cloud Partner for Enhanced Cybersecurity

By Owais Sultan Powered by Oracle Cloud, Stellar Cyber Open XDR offers best-in-class cyberattack detection and response capabilities to Oracle Cloud Infrastructure users. This is a post from HackRead.com Read the original post: Stellar Cyber and Oracle Cloud Partner for Enhanced Cybersecurity

The rise of AI-powered criminals: Identifying threats and opportunities

A major area of impact of AI tools in cybercrime is the reduced need for human involvement in certain aspects of cybercriminal organizations.

CVE-2023-40293: Dude, It’s my Car: How to develop intimacy with your car !

Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object.

A New Attack Reveals Everything You Type With 95 Percent Accuracy

A pair of major data breaches rock the UK, North Korea hacks a Russian missile maker, and Microsoft’s Chinese Outlook breach sparks new problems.

CVE-2023-3452: Canto <= 3.0.4 - Unauthenticated Remote File Inclusion — Wordfence Intelligence

The Canto plugin for WordPress is vulnerable to Remote File Inclusion in versions up to, and including, 3.0.4 via the 'wp_abspath' parameter. This allows unauthenticated attackers to include and execute arbitrary remote code on the server, provided that allow_url_include is enabled. Local File Inclusion is also possible, albeit less useful because it requires that the attacker be able to upload a malicious php file via FTP or some other means into a directory readable by the web server.