Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Threat Actors Adopt Havoc Framework for Post-Exploitation in Targeted Attacks

An open source command-and-control (C2) framework known as Havoc is being adopted by threat actors as an alternative to other well-known legitimate toolkits like Cobalt Strike, Sliver, and Brute Ratel. Cybersecurity firm Zscaler said it observed a new campaign in the beginning of January 2023 targeting an unnamed government organization that utilized Havoc. "While C2 frameworks are prolific, the

The Hacker News
Open in Source
#mac#windows#nodejs#git#The Hacker News
CVE-2023-26314: #972146 - /usr/share/applications/mono-runtime-common.desktop: should not handle MIME type by executing arbitrary code (CVE-2023-26314)

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.

CVE-2022-2883: Security Advisory 2023-02

In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service

CVE-2023-20858: VMSA-2023-0004

VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.

Malwarebytes Expands Platform With New Application Block Capabilities

Latest threat prevention module helps resource-strapped security teams block unsafe, untrusted or vulnerable applications.

Cyberthreats, Regulations Mount for Financial Industry

Nation-state adversaries, new reporting regulations, and a fast-paced threat landscape mean that financial services and technology firms need to bolster their security posture.

Sales Tracker System 1.0 SQL Injection

Sales Tracker System version 1.0 suffers from an authenticated remote SQL injection vulnerability.

CVE-2022-45677: temp/README.md at main · yukar1z0e/temp

SQL Injection Vulnerability in tanujpatra228 Tution Management System (TMS) via the email parameter to processes/student_login.process.php.

CVE-2023-0938: CVE_Demo/Music Gallery Site - SQL Injection 1.md at main · navaidzansari/CVE_Demo

A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file music_list.php of the component GET Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221553 was assigned to this vulnerability.

HardBit ransomware tailors ransom to fit your cyber insurance payout

Categories: News Tags: hardbit Tags: ransomware Tags: infection Tags: insurance Tags: cyber Tags: negotiation Tags: encrypted Tags: locked Tags: network We take a look at a ransomware infection which uses a novel approach to payments: asking for the victim's insurance details. (Read more...) The post HardBit ransomware tailors ransom to fit your cyber insurance payout appeared first on Malwarebytes Labs.