cybersecurity

Aug
30
[NetworkSecurity] BGP Flaw Can Be Exploited for Prolonged Internet Outages #CVE-2023-38802

[NetworkSecurity] BGP Flaw Can Be Exploited for Prolonged Internet Outages #CVE-2023-38802

Serious flaw affecting major BGP implementations can be exploited to cause prolonged internet outages, but several vendors have not patched it.
1 min read
Jul
28
[Ubuntu] USN-6250-1: Linux kernel vulnerabilities (severe!)

[Ubuntu] USN-6250-1: Linux kernel vulnerabilities (severe!)

Discover critical Linux kernel vulnerabilities fixed in Ubuntu's USN-6250-1 update. Stay secure! #LinuxSecurity #CVEFixes #UbuntuUpdate
2 min read
Jul
27
[tom's hardware] AMD 'Zenbleed' Bug Leaks Data From Zen 2 Ryzen, EPYC CPUs: Most Patches Coming Q4 (Updated)

[tom's hardware] AMD 'Zenbleed' Bug Leaks Data From Zen 2 Ryzen, EPYC CPUs: Most Patches Coming Q4 (Updated)

Tavis Ormandy, a researcher with Google Information Security, posted today about a new vulnerability he independently found in AMD's Zen 2 processors. The 'Zenbleed' vulnerability spans the entire Zen 2 product stack, including AMD's EPYC data center processors and the Ryzen 3000/4000/5000 CPUs.
1 min read
Jul
24
[TheRegister] RIP Kevin Mitnick: Former most-wanted hacker dies at 59

[TheRegister] RIP Kevin Mitnick: Former most-wanted hacker dies at 59

Kevin Mitnick, probably the world's most-famous computer hacker – and subsequently writer, public speaker, and security consultant – has succumbed to pancreatic cancer. He was 59.
1 min read
Jul
24
[Qualys] CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent

[Qualys] CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent

The Qualys Threat Research Unit (TRU) has discovered a remote code execution vulnerability in OpenSSH’s forwarded ssh-agent. This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH’s forwarded ssh-agent.
1 min read
Jul
13
[THN] U.S. Government Agencies' Emails Compromised in China-Backed Cyber Attack

[THN] U.S. Government Agencies' Emails Compromised in China-Backed Cyber Attack

An unnamed Federal Civilian Executive Branch (FCEB) agency in the U.S. detected anomalous email activity in mid-June 2023, leading to Microsoft's discovery of a new China-linked espionage campaign targeting two dozen organizations.
1 min read
Jun
22
[TheHackerNews] Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari

[TheHackerNews] Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari

Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild.
1 min read
Jun
14
[VulnCheck] Fake Security Researcher GitHub Repositories Deliver Malicious Implant

[VulnCheck] Fake Security Researcher GitHub Repositories Deliver Malicious Implant

As part of VulnCheck’s Exploit Intelligence offering, we monitor and review large amounts of GitHub repositories. The review process exists to filter out useless, malicious, and/or scam repositories.
1 min read
Mar
30
[YT/SomeOrdinaryGames] The FBI Just Arrested The Owner Of The Largest Hacker Forum...

[YT/SomeOrdinaryGames] The FBI Just Arrested The Owner Of The Largest Hacker Forum...

This time we take a look at how the FBI just hammered the owner of the largest forum regarding the biggest breaches we've seen in the last year. With so much prodding, it was only time this was going to happen. The arrest of Conor Brian Fitzpatrick (aka “pompompurin”).
Mar
04
[HelpNetSecurity] Security teams have no control over risky SaaS-to-SaaS connections

[HelpNetSecurity] Security teams have no control over risky SaaS-to-SaaS connections

With no oversight or control from security teams, companies have no way to quantify the risk that these SaaS-to-SaaS connections present to their businesses.
1 min read