Security
Headlines
HeadlinesLatestCVEs

Tag

#zero_day

Chinese Hackers Exploit Zero-Day Flaws in Ivanti Connect Secure and Policy Secure

A pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors to breach less than 10 customers. Cybersecurity firm Volexity, which identified the activity on the network of one of its customers in the second week of December 2023, attributed it to a hacking group it tracks under the name UTA0178

The Hacker News
Open in Source
#vulnerability#web#git#java#backdoor#auth#zero_day#ssl#The Hacker News
Microsoft's January 2024 Windows Update Patches 48 New Vulnerabilities

Microsoft has addressed a total of 48 security flaws spanning its software as part of its Patch Tuesday updates for January 2024. Of the 48 bugs, two are rated Critical and 46 are rated Important in severity. There is no evidence that any of the issues are publicly known or under active attack at the time of release, making it the second consecutive Patch Tuesday with no zero-days. The

Microsoft starts off new year with relatively light Patch Tuesday, no zero-days

One of the critical vulnerabilities patched Tuesday is CVE-2024-20674, a security bypass vulnerability in the Windows Kerberos authentication protocol.

Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution

Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager (EPM) solution that, if successfully exploited, could result in remote code execution (RCE) on susceptible servers. Tracked as CVE-2023-39336, the vulnerability has been rated 9.6 out of 10 on the CVSS scoring system. The shortcoming impacts EPM 2021 and EPM 2022 prior to SU5. “If exploited, an

X Account of Google Cybersecurity Firm Mandiant Hacked in Crypto Scam

By Waqas The hackers changed Mandiant's Twitter handle from "@Mandiant" to "@phantomsolw." This is a post from HackRead.com Read the original post: X Account of Google Cybersecurity Firm Mandiant Hacked in Crypto Scam

Google Fixes Nearly 100 Android Security Issues

Plus: Apple shuts down a Flipper Zero Attack, Microsoft patches more than 30 vulnerabilities, and more critical updates for the last month of 2023.

Malware Leveraging Google Cookie Exploit via OAuth2 Functionality

By Deeba Ahmed Among others, developers of the infamous Lumma, an infostealer malware, are already using the exploit by employing advanced… This is a post from HackRead.com Read the original post: Malware Leveraging Google Cookie Exploit via OAuth2 Functionality

iPhone Spyware Exploits Obscure Chip Feature, Targets Researchers

By Deeba Ahmed Triangulation of Terror: Inside the Most Sophisticated iPhone Spyware Campaign Ever Seen. This is a post from HackRead.com Read the original post: iPhone Spyware Exploits Obscure Chip Feature, Targets Researchers

The Worst Hacks of 2023

It was a year of devastating cyberattacks around the globe, from ransomware attacks on casinos to state-sponsored breaches of critical infrastructure.

The Most Dangerous People on the Internet in 2023

From Sam Altman and Elon Musk to ransomware gangs and state-backed hackers, these are the individuals and groups that spent this year disrupting the world we know it.