#zero_day

No patch or workaround is currently available for the maximum severity flaw, which allows attackers to gain complete administrator privilege on affected devices remotely and without authentication.

By Deeba Ahmed Watch out, ladies! This is a post from HackRead.com Read the original post: ROMCOMLITE: Stealthier Version of ROMCOM Backdoor Targets Female Politicians

By Deeba Ahmed Zero-Day Scare: Signal Messaging App Emerges Unscathed After Thorough Probe. This is a post from HackRead.com Read the original post: Signal Zero-Day Vulnerability Rumors Refuted by Company

Pro-Russian hacking groups have exploited a recently disclosed security vulnerability in the WinRAR archiving utility as part of a phishing campaign designed to harvest credentials from compromised systems. "The attack involves the use of malicious archive files that exploit the recently discovered vulnerability affecting the WinRAR compression software versions prior to 6.23 and traced as

Encrypted messaging app Signal has pushed back against "viral reports" of an alleged zero-day flaw in its software, stating it found no evidence to support the claim. "After responsible investigation *we have no evidence that suggests this vulnerability is real* nor has any additional info been shared via our official reporting channels," it said in a series of messages posted in X (formerly

Ransomware attacks have only increased in sophistication and capabilities over the past year. From new evasion and anti-analysis techniques to stealthier variants coded in new languages, ransomware groups have adapted their tactics to bypass common defense strategies effectively.  This article will cover just some of those new developments in Q3-2023 as well as give predictions on quarters to

Dubbed “HTTP/2 Rapid Reset,” the flaw requires issuing patches to virtually every web server around the world before the problem can be eradicated.

By Waqas New CISA Advisories Highlight Vulnerabilities in Siemens, Mitsubishi Electric, Hikvision, and Schneider Electric ICS Products. This is a post from HackRead.com Read the original post: New CISA Advisories Highlight Vulnerabilities in Top ICS Products

Plus, many of the world’s largest cloud providers are warning of a vulnerability that attackers exploited in August to launch the largest distributed denial-of-service attack on record.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: low attack complexity Vendor: Schneider Electric Equipment: IGSS (Interactive Graphical SCADA System) Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow arbitrary code execution or loss of control of the SCADA system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Schneider Electric reports these vulnerabilities affect the following IGSS (Interactive Graphical SCADA System) products: IGSS Update Service (IGSSupdateservice.exe): v16.0.0.23211 and prior. 3.2 Vulnerability Overview 3.2.1 Missing Authentication for Critical Function CWE-306 A missing authentication for critical function vulnerability that could allow a local attacker to change the update source exists in the IGSS Update Service, which could lead to remote code execution the attacker force an update containing malicious content. CVE-2023-4516 has been assigned to this vulnerability. A CV...