Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

File Management System 1.0 Insecure Direct Object Reference

File Management System version 1.0 suffers from an insecure direct object reference vulnerability.

Packet Storm
Open in Source
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#ubuntu#linux#debian#cisco#java#php#perl#auth#ruby#firefox
The 2024 Threat Landscape State of Play

Talos' Nick Biasini discusses the biggest shifts and trends in the threat landscape so far. We also focus on one state sponsored actor that has been particularly active this year, and talk about why defenders need to be paying closer attention to infostealers.

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution

A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5), affects all versions of the software before 18.12.16. "An attacker with no valid

ASIS 3.2.0 SQL Injection

Aplikasi Sistem Sekolah using CodeIgniter 3 versions 3.0.0 through 3.2.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore

Threat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from Cisco Talos. The program in question is a payload generation framework called MacroPack, which is used to generate Office documents, Visual Basic scripts, Windows shortcuts, and other formats for penetration testing and social engineering assessments. It was developed

New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm

The Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyber attack targeting an unnamed trading company based in China. The previously unreported malware is written in Golang, and thus is a cross-platform weapon capable of targeting both Microsoft Windows and Linux systems. "KTLVdoor is a highly obfuscated malware that

“Hello pervert” sextortion scam includes new threat of Pegasus—and a picture of your home

" Hello pervert" sextortion mails keep adding new features to their email to increase credibility and urge victims to pay

North Korean Hackers Targets Job Seekers with Fake FreeConference App

North Korean threat actors have leveraged a fake Windows video conferencing application impersonating FreeConference.com to backdoor developer systems as part of an ongoing financially-driven campaign dubbed Contagious Interview. The new attack wave, spotted by Singaporean company Group-IB in mid-August 2024, is yet another indication that the activity is also leveraging native installers for

Backdoor.Win32.Optix.02.b MVID-2024-0690 Hardcoded Credential

Backdoor.Win32.Optix.02.b malware suffers from a hardcoded credential vulnerability.