Security
Headlines
HeadlinesLatestCVEs

Tag

#windows

Red Hat Security Advisory 2023-1006-01

Red Hat Security Advisory 2023-1006-01 - This release of Red Hat build of Quarkus 2.7.7 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section. Issues addressed include code execution, denial of service, deserialization, information leakage, memory leak, and remote SQL injection vulnerabilities.

Packet Storm
Open in Source
#sql#vulnerability#windows#red_hat#dos#apache#java#oracle#rce#perl#postgres#docker#jira#maven
Wondershare Dr Fone 12.9.6 Weak Permissions / Privilege Escalation

Wondershare Dr Fone version 12.9.6 suffers from a weak service permission vulnerability that can allow for privilege escalation.

IceFire Ransomware Exploits IBM Aspera Faspex to Attack Linux-Powered Enterprise Networks

A previously known Windows-based ransomware strain known as IceFire has expanded its focus to target Linux enterprise networks belonging to several media and entertainment sector organizations across the world. The intrusions entail the exploitation of a recently disclosed deserialization vulnerability in IBM Aspera Faspex file-sharing software (CVE-2022-47986, CVSS score: 9.8), according to

Prometei botnet improves modules and exhibits new capabilities in recent updates

Prometei botnet continued its activity since Cisco Talos first reported about it in 2020. Since November 2022, we have observed Prometei improving the infrastructure components and capabilities.

New ScrubCrypt Crypter Used in Cryptojacking Attacks Targeting Oracle WebLogic

The infamous cryptocurrency miner group called 8220 Gang has been observed using a new crypter called ScrubCrypt to carry out cryptojacking operations. According to Fortinet FortiGuard Labs, the attack chain commences with successful exploitation of susceptible Oracle WebLogic servers to download a PowerShell script that contains ScrubCrypt. Crypters are a type of software that can encrypt,

CVE-2023-27986: security - Shell command and Emacs Lisp code injection in emacsclient-mail.desktop

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters.

CVE-2023-26948: Background arbitrary file reading vulnerability 2 · Issue #5 · keheying/onekeyadmin

onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download.

BlackLotus UEFI bootkit Can Bypass Secure Boot on Windows

By Deeba Ahmed Security firm ESET’s cybersecurity researchers have shared their analysis of the world’s first UEFI bootkit being used in… This is a post from HackRead.com Read the original post: BlackLotus UEFI bootkit Can Bypass Secure Boot on Windows