InfoSec News Feeds
Aggregated InfoSec News
Packetstorm
- Zeek 6.0.9on 20 November 2024 at 4:01 PM
Zeek is a powerful network analysis framework that is much different from the typical IDS you may know. While focusing on network security monitoring, Zeek provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Zeek has […]
- Debian Security Advisory 5816-1on 20 November 2024 at 3:51 PM
Debian Linux Security Advisory 5816-1 - The Qualys Threat Research Unit discovered that libmodule-scandeps-perl, a Perl module to recursively scan Perl code for dependencies, allows an attacker to execute arbitrary shell commands via specially crafted file names.
- Debian Security Advisory 5815-1on 20 November 2024 at 3:50 PM
Debian Linux Security Advisory 5815-1 - The Qualys Threat Research Unit discovered several local privilege escalation vulnerabilities in needrestart, a utility to check which daemons need to be restarted after library upgrades. A local attacker can execute arbitrary code as root by tricking […]
THN
- Google's AI-Powered OSS-Fuzz Tool Finds 26...by info@thehackernews.com (The Hacker News) on 21 November 2024 at 7:13 AM
Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library. "These particular vulnerabilities represent a milestone for automated […]
- NodeStealer Malware Targets Facebook Ad Accounts,...by info@thehackernews.com (The Hacker News) on 21 November 2024 at 6:34 AM
Threat hunters are warning about an updated version of the Python-based NodeStealer that's now equipped to extract more information from victims' Facebook Ads Manager accounts and harvest credit card data stored in web browsers. "They collect budget details of Facebook Ads Manager accounts of their […]
- Ghost Tap: Hackers Exploiting NFCGate to Steal...by info@thehackernews.com (The Hacker News) on 20 November 2024 at 1:09 PM
Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim's funds at scale. The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such […]
PortSwigger
- We’re going teetotal: It’s goodbye to The...on 2 March 2023 at 2:05 PM
PortSwigger today announces that The Daily Swig is closing down
- Bug Bounty Radar // The latest bug bounty...on 28 February 2023 at 7:15 PM
New web targets for the discerning hacker
- Indian transport ministry flaws potentially...on 28 February 2023 at 2:15 PM
Armed with personal data fragments, a researcher could also access 185 million citizens’ PII
Security Affaris
- Decade-old local privilege escalation bugs...by Pierluigi Paganini on 21 November 2024 at 7:44 AM
Decade-old flaws in the needrestart package in Ubuntu Server could allow local attackers to gain root privileges without user interaction. The Qualys Threat Research Unit (TRU) discovered five Local Privilege Escalation (LPE) decade-old security vulnerabilities in the needrestart package that could […]
- Ford data breach involved a third-party supplierby Pierluigi Paganini on 20 November 2024 at 9:22 PM
Ford investigates a data breach linked to a third-party supplier and pointed out that its systems and customer data were not compromised. Ford investigation investigated a data breach after a threat actors claimed the theft of customer information on the BreachForums cybercrime. On November 17, […]
- Hacker obtained documents tied to lawsuit over...by Pierluigi Paganini on 20 November 2024 at 3:33 PM
A hacker allegedly accessed a file containing testimony from a woman claiming she had sex with Matt Gaetz when she was 17, sparking controversy. The New York Times reported that a hacker, who goes online with the name name Altam Beezley, gained access to files containing confidential testimony from […]
HackerOne
- How HackerOne Employees Stay Connected and Have...by Marina Briones on 20 November 2024 at 1:15 AM
- How REI Strengthens Security with HackerOne’s...by HackerOne on 19 November 2024 at 12:41 AM
REI's senior application security engineer discusses their program success, evolving goals, and the value of the security researcher community.
- Flexible Data Retrieval at Scale with HAQLby Robert Coleman on 15 November 2024 at 6:12 PM
HAQL: HackerOne's simplified query interface for writing performant aggregate queries on tables modeled purposefully for data analysis.
WeLiveSecurity
- Feed has no items.
TheRegister
- Five Scattered Spider suspects indicted for...by Iain Thomson on 21 November 2024 at 1:29 AM
DoJ also shutters allleged crimeware and credit card mart PopeyeTools The US Department of Justice has issued an indictment that names five people accused of stealing millions in cryptocurrency – and we are told they are suspected members of cyber-gang Scattered Spider.…
- Mega US healthcare payments network restores...by Connor Jones on 20 November 2024 at 6:01 PM
Change Healthcare’s $2 billion recovery is still a work in progress Still reeling from its February ransomware attack, Change Healthcare confirms its clearinghouse services are back up and running, almost exactly nine months since the digital disruption began.…
- Healthcare org Equinox notifies 21K patients and...by Jessica Lyons on 20 November 2024 at 12:30 AM
Ransomware scum LockBit claims it did the dirty deed Equinox, a New York State health and human services organization, has begun notifying over 21 thousand clients and staff that cyber criminals stole their health, financial, and personal information in a "data security incident" nearly seven […]
Security Week
- Feed has no items.
Exploit-DB Updates
- [webapps] SOPlanning 1.52.01 (Simple Online...on 15 November 2024 at 12:00 AM
SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection...on 1 October 2024 at 12:00 AM
reNgine 2.2.0 - Command Injection (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution...on 1 October 2024 at 12:00 AM
dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)on 1 October 2024 at 12:00 AM
openSIS 9.1 - SQLi (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of...on 28 August 2024 at 12:00 AM
Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Invesalius3 - Remote Code Executionon 28 August 2024 at 12:00 AM
Invesalius3 - Remote Code Execution
ABOUT US
RiSec represents an autonomous, non-profit alliance comprising of individuals dedicated to enhancing cybersecurity awareness and education. Read more
Contact us: security@realinfosec.net
Social
Subscribe for weekly updates
Copyright © RiSec 2023 All rights reserved.
All trademarks, logos, images and brand names are the property of their respective owners.