Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

Red Hat Security Advisory 2023-3349-01

Red Hat Security Advisory 2023-3349-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include privilege escalation and use-after-free vulnerabilities.

Packet Storm
Open in Source
#vulnerability#linux#red_hat#git#intel
Scrubs & Beyond Leaks 400GB of User PII and Card Data in Plain Text

By Waqas Scrubs & Beyond were alerted multiple times about the data leak, but the company did not respond or secure the server. This is a post from HackRead.com Read the original post: Scrubs & Beyond Leaks 400GB of User PII and Card Data in Plain Text

Microsoft: Lace Tempest Hackers Behind Active Exploitation of MOVEit Transfer App

Microsoft has officially linked the ongoing active exploitation of a critical flaw in the Progress Software MOVEit Transfer application to a threat actor it tracks as Lace Tempest. "Exploitation is often followed by deployment of a web shell with data exfiltration capabilities," the Microsoft Threat Intelligence team said in a series of tweets today. "CVE-2023-34362 allows attackers to

The 2023 State of Ransomware in Education: 84% increase in attacks over 6-month period

Categories: Threat Intelligence In total, 26 separate ransomware-as-a-service gangs contributed to the onslaught on education. (Read more...) The post The 2023 State of Ransomware in Education: 84% increase in attacks over 6-month period appeared first on Malwarebytes Labs.

Trusting AI not to lie: The cost of truth: Lock and Code S04E12

Categories: Podcast This week on Lock and Code, we ask whether AI can lie and whether companies and individuals are placing too much trust into tools like ChatGPT. (Read more...) The post Trusting AI not to lie: The cost of truth: Lock and Code S04E12 appeared first on Malwarebytes Labs.

Brazilian Cybercriminals Using LOLBaS and CMD Scripts to Drain Bank Accounts

An unknown cybercrime threat actor has been observed targeting Spanish- and Portuguese-speaking victims to compromise online banking accounts in Mexico, Peru, and Portugal. "This threat actor employs tactics such as LOLBaS (living-off-the-land binaries and scripts), along with CMD-based scripts to carry out its malicious activities," the BlackBerry Research and Intelligence Team said in a report

AI Is Being Used to ‘Turbocharge’ Scams

Plus: Amazon’s Ring was ordered to delete algorithms, North Korea’s failed spy satellite, and a rogue drone “attack” isn’t what it seems.

How AI Protects (and Attacks) Your Inbox

Criminals may use artificial intelligence to scam you. Companies, like Google, are looking for ways AI and machine learning can help prevent phishing.

Cloud Security Tops Concerns for Cybersecurity Leaders: EC-Council's Certified CISO Hall of Fame Report 2023

A survey of global cybersecurity leaders through the 2023 Certified CISO Hall of Fame Report commissioned by the EC-Council identified 4 primary areas of grave concern: cloud security, data security, security governance, and lack of cybersecurity talent. EC-Council, the global leader in cybersecurity education and training, released its Certified Chief Information Security Officer Hall of Fame

CVE-2023-2301: Contact Form Builder by vcita <= 4.9.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Wordfence Intelligence

The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.1. This is due to missing nonce validation on the ls_parse_vcita_callback function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.