#web

The State of Malware 2024 report covers some topics that are of special interest to home users: privacy, passwords, malvertising, banking Trojans, and Mac malware.

Three new security vulnerabilities have been discovered in Azure HDInsight's Apache Hadoop, Kafka, and Spark services that could be exploited to achieve privilege escalation and a regular expression denial-of-service (ReDoS) condition. "The new vulnerabilities affect any authenticated user of Azure HDInsight services such as Apache Ambari and Apache Oozie," Orca security

Big Game ransomware is just one of six threats resource-constrained IT teams need to pay attention to in 2024.

By Uzair Amir The appointment is a major coup for Resonance as Skouroupathis is widely regarded as an expert innovator in the cybersecurity space. This is a post from HackRead.com Read the original post: Resonance Hires Cybersecurity Pro George Skouroupathis As Its Offensive Security Engineer

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.9 ATTENTION: Exploitable locally Vendor: HID Global Equipment: iCLASS SE, OMNIKEY Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read data from reader configuration cards and credentials. Reader configuration cards contain credential and device administration keys which could be used to create malicious configuration cards or credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following HID products are affected when configured as an encoder: iCLASS SE CP1000 Encoder: All versions iCLASS SE Readers: All versions iCLASS SE Reader Modules: All versions iCLASS SE Processors: All versions OMNIKEY 5427CK Readers: All versions OMNIKEY 5127CK Readers: All versions OMNIKEY 5023 Readers: All versions OMNIKEY 5027 Readers: All versions 3.2 Vulnerability Overview 3.2.1 IMPROPER AUTHORIZATION CWE-285 Certain configuration available in the communication channel for enc...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Low attack complexity Vendor: HID Global Equipment: Reader Configuration Cards Vulnerability: Improper Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to read the credential and device administration keys from a configuration card. Those keys could be used to create malicious configuration cards or credentials. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following HID products are affected: HID iCLASS SE reader configuration cards: All versions OMNIKEY Secure Elements reader configuration cards: All versions 3.2 Vulnerability Overview 3.2.1 IMPROPER AUTHORIZATION CWE-285 Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys. CVE-2024-23806 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is (AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)...

“If molecules really were the new microchips, the promise of remote gene editing was that the body could be manipulated to upgrade itself.” An exclusive excerpt from 2054: A Novel.

Employment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumented threat actor known as ResumeLooters since early 2023 with the goal of stealing sensitive data. Singapore-headquartered Group-IB said the hacking crew's activities are geared towards job search platforms and the theft of resumes, with as many as 65

You’ve probably heard the phrase, “Attackers don’t hack anyone these days. They log on.” In this blog, we describe the various tools and techniques bad actors are using to steal credentials so they can 'log on' with valid account details, and outline our recommendations for defense.

A recently disclosed server-side request forgery (SSRF) vulnerability impacting Ivanti Connect Secure and Policy Secure products has come under mass exploitation. The Shadowserver Foundation said it observed exploitation attempts originating from more than 170 unique IP addresses that aim to establish a reverse shell, among others. The attacks exploit CVE-2024-21893 (CVSS