Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

AmberWolf Launches NachoVPN Tool to Tackle VPN Security Risks

Researchers reveal major vulnerabilities in popular corporate VPN clients, allowing remote attacks. Discover the NachoVPN tool and expert…

HackRead
Open in Source
#vulnerability#ios#mac#windows#cisco#git#backdoor#rce#asus#ssl
Russian Script Kiddie Assembles Massive DDoS Botnet

Over the past year, "Matrix" has used publicly available malware tools and exploit scripts to target weakly secured IoT devices — and enterprise servers.

News Desk 2024: Can GenAI Write Secure Code?

GenAI's 30%-50% coding productivity boost comes with a downside — it's also generating vulnerabilities. Veracode's Chris Wysopal talks about what he finds out in this News Desk interview during Black Hat USA.

APT-C-60 Exploits WPS Office Vulnerability to Deploy SpyGlace Backdoor

The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. That's according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August 2024. "In this attack,

Israel Defies VC Downturn With More Cybersecurity Investments

With a focus on creating technologies for other markets, Israel continues to be a valued destination for venture capital in cybersecurity outside the US and Europe.

Matrix Botnet Exploits IoT Devices in Widespread DDoS Botnet Campaign

A threat actor named Matrix has been linked to a widespread distributed denial-of-service (DoD) campaign that leverages vulnerabilities and misconfigurations in Internet of Things (IoT) devices to co-opt them into a disruptive botnet. "This operation serves as a comprehensive one-stop shop for scanning, exploiting vulnerabilities, deploying malware, and setting up shop kits, showcasing a

Hacker in Snowflake Extortions May Be a U.S. Soldier

Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect -- a prolific hacker known as Kiberphant0m -- remains at large and continues to publicly extort victims. However, this person's identity may not remain a secret for long: A careful review of Kiberphant0m's daily chats across multiple cybercrime personas suggests they are a U.S. Army soldier who is or was recently stationed in South Korea.

ABB Cylon Aspect 3.08.01 (vstatConfigurationDownload.php) Config Download

The ABB BMS/BAS controller suffers from an unauthenticated configuration download vulnerability. This can be exploited to download the CSV DB that contains the configuration mappings information via the VMobileImportExportServlet by directly calling the vstatConfigurationDownload.php script.

GHSA-7p9f-6x8j-gxxp: CRI-O: Maliciously structured checkpoint file can gain arbitrary node access

### Impact ### Patches 1.31.1, 1.30.6, 1.29.8 ### Workarounds set `enable_criu_support = false` ### References _Are there any links users can visit to find out more?_

'RomCom' APT Mounts Zero-Day, Zero-Click Browser Escapes in Firefox, Tor

The innocuously named Russian-sponsored cyber threat actor has combined critical and serious vulnerabilities in Windows and Firefox products in a zero-click code execution exploit.