Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Pakistan-linked Malware Campaign Evolves to Target Windows, Android, and macOS

Threat actors with ties to Pakistan have been linked to a long-running malware campaign dubbed Operation Celestial Force since at least 2018. The activity, still ongoing, entails the use of an Android malware called GravityRAT and a Windows-based malware loader codenamed HeavyLift, according to Cisco Talos, which are administered using another standalone tool referred to as GravityAdmin. The

The Hacker News
Open in Source
#android#mac#windows#cisco#The Hacker News
Operation Celestial Force employs mobile and desktop malware to target Indian entities

Cisco Talos is disclosing a new malware campaign called “Operation Celestial Force” running since at least 2018. It is still active today, employing the use of GravityRAT, an Android-based malware, along with a Windows-based malware loader we track as “HeavyLift.”

Pakistani Hacking Team 'Celestial Force' Spies on Indian Gov't, Defense

Against a backdrop of political conflict, a years-long cyber-espionage campaign in South Asia is coming to light.

New Cross-Platform Malware 'Noodle RAT' Targets Windows and Linux Systems

A previously undocumented cross-platform malware codenamed Noodle RAT has been put to use by Chinese-speaking threat actors either for espionage or cybercrime for years. While this backdoor was previously categorized as a variant of Gh0st RAT and Rekoobe, Trend Micro security researcher Hara Hiroaki said "this backdoor is not merely a variant of existing malware, but is a new type altogether."

Nvidia Patches High-Severity Flaws in GPU Drivers

Nvidia's latest GPUs are a hot commodity for AI, but security vulnerabilities could expose them to attacks from hackers.

GHSA-wrvh-rcmr-9qfc: @strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass

### Summary By combining two vulnerabilities (an `Open Redirect` and `session token sent as URL query parameter`) in Strapi framework is its possible of an unauthenticated attacker to bypass authentication mechanisms and retrieve the 3rd party tokens. The attack requires user interaction (one click). ### Impact Unauthenticated attackers can leverage two vulnerabilities to obtain an 3rd party token and the bypass authentication of Strapi apps. ### Technical details #### Vulnerability 1: Open Redirect ##### Description Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain. In the specific context of Strapi, this vulnerability allows the SSO token to be stolen, allowing an attacker to authenticate himself within the application. ##### Remediation If possible, applications shoul...

TellYouThePass Ransomware Group Exploits Critical PHP Flaw

An RCE vulnerability that affects the Web scripting language on Windows systems is easy to exploit and can provide a broad attack surface.

Carbon Forum 5.9.0 Cross Site Scripting

Carbon Forum version 5.9.0 suffers from a persistent cross site scripting vulnerability.

XMB 1.9.12.06 Cross Site Scripting

XMB version 1.9.12.06 suffers from a persistent cross site scripting vulnerability.

Black Basta Ransomware May Have Exploited MS Windows Zero-Day Flaw

Threat actors linked to the Black Basta ransomware may have exploited a recently disclosed privilege escalation flaw in the Microsoft Windows Error Reporting Service as a zero-day, according to new findings from Symantec. The security flaw in question is CVE-2024-26169 (CVSS score: 7.8), an elevation of privilege bug in the Windows Error Reporting Service that could be exploited to achieve