Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Black Basta-Style Cyberattack Hits Inboxes with 1,165 Emails in 90 Minutes

A recent cyberattack, mimicking the tactics of the notorious Black Basta ransomware group, targeted one of SlashNext’s clients.…

HackRead
Open in Source
#vulnerability#web#google#ddos#git#wordpress#botnet#vmware
GHSA-2c6g-pfx3-w7h8: Insecure Temporary File in RESTEasy

### Impact In RESTEasy the insecure `File.createTempFile()` is used in the `DataSourceProvider`, `FileProvider` and `Mime4JWorkaround` classes which creates temp files with insecure permissions that could be read by a local user. ### Patches Fixed in the following pull requests: * https://github.com/resteasy/resteasy/pull/3409 (7.0.0.Alpha1) * https://github.com/resteasy/resteasy/pull/3423 (6.2.3.Final) * https://github.com/resteasy/resteasy/pull/3412 (5.0.6.Final) * https://github.com/resteasy/resteasy/pull/3413 (4.7.8.Final) * https://github.com/resteasy/resteasy/pull/3410 (3.15.5.Final) ### Workarounds There is no workaround for this issue. ### References * https://nvd.nist.gov/vuln/detail/CVE-2023-0482 * https://bugzilla.redhat.com/show_bug.cgi?id=2166004 * https://github.com/advisories/GHSA-jrmh-v64j-mjm9

CISA: Second BeyondTrust Vulnerability Added to KEV Catalog

BeyondTrust has patched all cloud instances of the vulnerability and has released patches for self-hosted versions.

OWASP's New LLM Top 10 Shows Emerging AI Threats

Ultimately, there is no replacement for an intuitive, security-focused developer working with the critical thinking required to drive down the risk of both AI and human error.

Slew of WavLink vulnerabilities

Lilith >_> of Cisco Talos discovered these vulnerabilities.  Forty-four vulnerabilities and sixty-three CVEs were discovered across ten .cgi and three .sh files, as well as the static login page, of the Wavlink AC3000 wireless router web application.   The Wavlink AC3000 wireless router is one of the

Google Cloud Researchers Uncover Flaws in Rsync File Synchronization Tool

As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a client. "Attackers can take control of a malicious server and read/write arbitrary files of any connected client," the CERT Coordination Center (CERT/CC) said in an advisory. "Sensitive data, such as SSH keys,

Microsoft Discovers macOS Flaw CVE-2024-44243, Bypassing SIP

CVE-2024-44243, a critical macOS vulnerability discovered recently by Microsoft, can allow attackers to bypass Apple’s System Integrity Protection…

What has become known about the Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138) vulnerability from the December Microsoft Patch Tuesday a month later?

What has become known about the Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138) vulnerability from the December Microsoft Patch Tuesday a month later? Almost nothing. 🙄 This is a vulnerability in a standard Windows component, available in all versions starting with Windows Server 2003 R2. Its description is typical for EoP […]