Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Apple, Google, and Microsoft Just Fixed Zero-Day Security Flaws

Firefox gets a needed tune-up, SolarWinds squashes two high-severity bugs, Oracle patches 433 vulnerabilities, and more updates you should make now.

Wired
Open in Source
#vulnerability#web#android#mac#windows#apple#google#microsoft#cisco#oracle#intel#auth#zero_day#chrome#firefox#sap
The Tragic Fallout From a School District’s Ransomware Breach

Plus: Cyber Command’s disruption of Iranian election hacking, an exposé on child sex trafficking on Meta’s platforms, and more.

CVE-2023-31485: Add verify_SSL=>1 to HTTP::Tiny to verify https server identity by stigtsp · Pull Request #57 · bluefeet/GitLab-API-v4

GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks.

CVE-2023-31486: security - Perl's HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules

HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.

Threat Roundup for April 14 to April 21

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between April 21 and April 28. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key

CVE-2023-26782: There is a denial of service vulnerability in your project · Issue #2 · chshcms/mccms

An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters.

CVE-2023-28471: Home

Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name.

New Atomic macOS Malware Steals Keychain Passwords and Crypto Wallets

Threat actors are advertising a new information stealer for the Apple macOS operating system called Atomic macOS Stealer (or AMOS) on Telegram for $1,000 per month, joining the likes of MacStealer. "The Atomic macOS Stealer can steal various types of information from the victim's machine, including Keychain passwords, complete system information, files from the desktop and documents folder, and

Why Your Detection-First Security Approach Isn't Working

Stopping new and evasive threats is one of the greatest challenges in cybersecurity. This is among the biggest reasons why attacks increased dramatically in the past year yet again, despite the estimated $172 billion spent on global cybersecurity in 2022. Armed with cloud-based tools and backed by sophisticated affiliate networks, threat actors can develop new and evasive malware more quickly

ViperSoftX InfoStealer Adopts Sophisticated Techniques to Avoid Detection

A significant number of victims in the consumer and enterprise sectors located across Australia, Japan, the U.S., and India have been affected by an evasive information-stealing malware called ViperSoftX. ViperSoftX was first documented in 2020, with cybersecurity company Avast detailing a campaign in November 2022 that leveraged the malware to distribute a malicious Google Chrome extension