InfoSec News Feeds
Aggregated InfoSec News
Packetstorm
- Feed has no items.
THN
- LockBit Developer Rostislav Panev Charged for...by info@thehackernews.com (The Hacker News) on 21 December 2024 at 9:22 AM
A dual Russian and Israeli national has been charged in the United States for allegedly being the developer of the now-defunct LockBit ransomware-as-a-service (RaaS) operation since its inception in or around 2019 through at least February 2024. Rostislav Panev, 51, was arrested in Israel earlier […]
- Lazarus Group Spotted Targeting Nuclear Engineers...by info@thehackernews.com (The Hacker News) on 20 December 2024 at 10:44 AM
The Lazarus Group, an infamous threat actor linked to the Democratic People's Republic of Korea (DPRK), has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization within the span of one month in January 2024. The […]
- Rspack npm Packages Compromised with Crypto...by info@thehackernews.com (The Hacker News) on 20 December 2024 at 8:39 AM
The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the […]
PortSwigger
- We’re going teetotal: It’s goodbye to The...on 2 March 2023 at 2:05 PM
PortSwigger today announces that The Daily Swig is closing down
- Bug Bounty Radar // The latest bug bounty...on 28 February 2023 at 7:15 PM
New web targets for the discerning hacker
- Indian transport ministry flaws potentially...on 28 February 2023 at 2:15 PM
Armed with personal data fragments, a researcher could also access 185 million citizens’ PII
Security Affaris
- Sophos fixed critical vulnerabilities in its...by Pierluigi Paganini on 20 December 2024 at 9:23 PM
Sophos fixed three Sophos Firewall flaws that could lead to SQL injection, privileged SSH access to devices, and remote code execution. Sophos has addressed three vulnerabilities, respectively tracked as CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729, in its Sophos Firewall solution. The […]
- U.S. CISA adds BeyondTrust software flaw to its...by Pierluigi Paganini on 20 December 2024 at 10:43 AM
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the BeyondTrust […]
- Raccoon Infostealer operator sentenced to 60...by Pierluigi Paganini on 20 December 2024 at 8:41 AM
Raccoon Infostealer operator Mark Sokolovsky was sentenced to 60 months in US prison and ordered to pay over $910,000 in restitution. The US Department of Justice sentenced the Ukrainian national Mark Sokolovsky (28) for his role in the distribution of the Raccoon Infostealer malware. “Ukrainian […]
HackerOne
- Breaking Down the OWASP Top 10: Insecure Designby Andrew Pratt on 17 December 2024 at 10:23 PM
Learn about the different types of insecure design vulnerabilities and how to identify them.
- New York Releases AI Cybersecurity Guidance: What...by Ilona Cohen on 16 December 2024 at 9:37 PM
What does New York's new AI Cybersecurity Guidance mean for financial institutions and other regulated companies?
- Azure Cloud Configuration Reviewby Paul De Baldo V on 13 December 2024 at 9:55 PM
Learn the testing methodologies and security best practices for Azure Cloud Configuration Review.
WeLiveSecurity
- Feed has no items.
TheRegister
- Don't fall for a mail asking for rapid Docusign...by Jessica Lyons on 19 December 2024 at 5:30 AM
Recent campaign targeted 20,000 folk across UK and Europe with this tactic, Unit 42 warns Unknown criminals went on a phishing expedition that targeted about 20,000 users across the automotive, chemical and industrial compound manufacturing sectors in Europe, and tried to steal account credentials […]
- Phishers cast wide net with spoofed Google...by Jessica Lyons on 18 December 2024 at 12:58 AM
Not that you needed another reason to enable the 'known senders' setting Criminals are spoofing Google Calendar emails in a financially motivated phishing expedition that has already affected about 300 organizations with more than 4,000 emails sent over four weeks, according to Check Point […]
- Interpol wants everyone to stop saying 'pig...by Thomas Claburn on 17 December 2024 at 11:29 PM
Victims' feelings might get hurt, global cops contend, and that could hinder reporting Interpol wants to put an end to the online scam known as "pig butchering" – through linguistic policing, rather than law enforcement.…
Security Week
- Feed has no items.
Exploit-DB Updates
- [webapps] SOPlanning 1.52.01 (Simple Online...on 15 November 2024 at 12:00 AM
SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection...on 1 October 2024 at 12:00 AM
reNgine 2.2.0 - Command Injection (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution...on 1 October 2024 at 12:00 AM
dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)on 1 October 2024 at 12:00 AM
openSIS 9.1 - SQLi (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of...on 28 August 2024 at 12:00 AM
Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Invesalius3 - Remote Code Executionon 28 August 2024 at 12:00 AM
Invesalius3 - Remote Code Execution
ABOUT US
RiSec represents an autonomous, non-profit alliance comprising of individuals dedicated to enhancing cybersecurity awareness and education. Read more
Contact us: security@realinfosec.net
Social
Subscribe for weekly updates
Copyright © RiSec 2023 All rights reserved.
All trademarks, logos, images and brand names are the property of their respective owners.