Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers

Threat actors associated with North Korea are continuing to target the cybersecurity community using a zero-day bug in unspecified software over the past several weeks to infiltrate their machines. The findings come from Google’s Threat Analysis Group (TAG), which found the adversary setting up fake accounts on social media platforms like X (formerly Twitter) and Mastodon to forge relationships

The Hacker News
Open in Source
#vulnerability#web#mac#windows#google#microsoft#nodejs#git#intel#backdoor#zero_day#ruby#sap#The Hacker News
CVE-2023-41775: "direct" Desktop App for macOS fails to restrict access permissions

Improper access control vulnerability in 'direct' Desktop App for macOS ver 2.6.0 and earlier allows a local attacker to bypass access restriction and to use camrea, microphone, etc. of the device where the product is installed without the user's consent.

CVE-2023-32470: DSA-2023-224: Security Update for a Dell Digital Delivery Service Vulnerability

Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).

CVE-2022-27599: Vulnerability in QVR Pro Client - Security Advisory

An insertion of sensitive information into Log file vulnerability has been reported to affect product. If exploited, the vulnerability possibly provides local authenticated administrators with an additional, less-protected path to acquiring the information via unspecified vectors. We have already fixed the vulnerability in the following version: Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Pro Client 2.3.0.0420 and later

CVE-2023-4528: Binary Management Service Patch (CVE-2023-4528) for JSCAPE MFT Server

Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface

Microsoft: How Chinese Hackers Stole Signing Key to Breach Outlook Accounts

By Deeba Ahmed Microsoft has shared its findings related to the Outlook breach in July in a write-up titled “Results of Major Technical Investigations for Storm-0558 Key Acquisitions.” This is a post from HackRead.com Read the original post: Microsoft: How Chinese Hackers Stole Signing Key to Breach Outlook Accounts

A secondhand account of the worst possible timing for a scammer to strike

Cybercriminals are abusing Advanced Installer, a legitimate Windows tool used for creating software packages, to drop cryptocurrency-mining malware on infected machines, new Cisco Talos research shows.

Mac Users Beware: Malvertising Campaign Spreads Atomic Stealer macOS Malware

A new malvertising campaign has been observed distributing an updated version of a macOS stealer malware called Atomic Stealer (or AMOS), indicating that it’s being actively maintained by its author. An off-the-shelf Golang malware available for $1,000 per month, Atomic Stealer first came to light in April 2023. Shortly after that, new variants with an expanded set of information-gathering

JPC2 CMS 1.0 SQL Injection

JPC2 CMS version 1.0 suffers from a remote SQL injection vulnerability.