[NetworkSecurity] BGP Flaw Can Be Exploited for Prolonged Internet Outages #CVE-2023-38802
Serious flaw affecting major BGP implementations can be exploited to cause prolonged internet outages, but several vendors have not patched it.
[Ubuntu] USN-6250-1: Linux kernel vulnerabilities (severe!)
Discover critical Linux kernel vulnerabilities fixed in Ubuntu's USN-6250-1 update. Stay secure! #LinuxSecurity #CVEFixes #UbuntuUpdate
[tom's hardware] AMD 'Zenbleed' Bug Leaks Data From Zen 2 Ryzen, EPYC CPUs: Most Patches Coming Q4 (Updated)
Tavis Ormandy, a researcher with Google Information Security, posted today about a new vulnerability he independently found in AMD's Zen 2 processors. The 'Zenbleed' vulnerability spans the entire Zen 2 product stack, including AMD's EPYC data center processors and the Ryzen 3000/4000/5000 CPUs.
[TheRegister] RIP Kevin Mitnick: Former most-wanted hacker dies at 59
Kevin Mitnick, probably the world's most-famous computer hacker – and subsequently writer, public speaker, and security consultant – has succumbed to pancreatic cancer. He was 59.
[Qualys] CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent
The Qualys Threat Research Unit (TRU) has discovered a remote code execution vulnerability in OpenSSH’s forwarded ssh-agent. This vulnerability allows a remote attacker to potentially execute arbitrary commands on vulnerable OpenSSH’s forwarded ssh-agent.
[THN] U.S. Government Agencies' Emails Compromised in China-Backed Cyber Attack
An unnamed Federal Civilian Executive Branch (FCEB) agency in the U.S. detected anomalous email activity in mid-June 2023, leading to Microsoft's discovery of a new China-linked espionage campaign targeting two dozen organizations.
[TheHackerNews] Zero-Day Alert: Apple Releases Patches for Actively Exploited Flaws in iOS, macOS, and Safari
Apple on Wednesday released a slew of updates for iOS, iPadOS, macOS, watchOS, and Safari browser to address a set of flaws it said were actively exploited in the wild.
[VulnCheck] Fake Security Researcher GitHub Repositories Deliver Malicious Implant
As part of VulnCheck’s Exploit Intelligence offering, we monitor and review large amounts of GitHub repositories. The review process exists to filter out useless, malicious, and/or scam repositories.
[YT/SomeOrdinaryGames] The FBI Just Arrested The Owner Of The Largest Hacker Forum...
This time we take a look at how the FBI just hammered the owner of the largest forum regarding the biggest breaches we've seen in the last year. With so much prodding, it was only time this was going to happen. The arrest of Conor Brian Fitzpatrick (aka “pompompurin”).
[HelpNetSecurity] Security teams have no control over risky SaaS-to-SaaS connections
With no oversight or control from security teams, companies have no way to quantify the risk that these SaaS-to-SaaS connections present to their businesses.