InfoSec News Feeds
Aggregated InfoSec News
Packetstorm
- Debian Security Advisory 5665-1on 18 April 2024 at 4:54 PM
Debian Linux Security Advisory 5665-1 - Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.
- Debian Security Advisory 5664-1on 18 April 2024 at 4:54 PM
Debian Linux Security Advisory 5664-1 - Jetty 9 is a Java based web server and servlet engine. It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid […]
- Elber Wayber Analog/Digital Audio STL 4.00...on 18 April 2024 at 4:53 PM
Elber Wayber Analog/Digital Audio STL version 4.00 suffers from an unauthenticated device configuration and client-side hidden functionality disclosure vulnerability.
THN
- BlackTech Targets Tech, Research, and Gov Sectors...by info@thehackernews.com (The Hacker News) on 19 April 2024 at 2:44 PM
Technology, research, and government sectors in the Asia-Pacific region have been targeted by a threat actor called BlackTech as part of a recent cyber attack wave. The intrusions pave the way for an updated version of modular backdoor dubbed Waterbear as well as its enhanced […]
- How Attackers Can Own a Business Without Touching...by info@thehackernews.com (The Hacker News) on 19 April 2024 at 12:08 PM
Attackers are increasingly making use of “networkless” attack techniques targeting cloud apps and identities. Here’s how attackers can (and are) compromising organizations – without ever needing to touch the endpoint or conventional networked systems and services. Before getting […]
- Akira Ransomware Gang Extorts $42 Million; Now...by info@thehackernews.com (The Hacker News) on 19 April 2024 at 12:01 PM
Threat actors behind the Akira ransomware group have extorted approximately $42 million in illicit proceeds after breaching the networks of more than 250 victims as of January 1, 2024. "Since March 2023, Akira ransomware has impacted a wide range of businesses and critical infrastructure entities […]
PortSwigger
- We’re going teetotal: It’s goodbye to The...on 2 March 2023 at 3:05 PM
PortSwigger today announces that The Daily Swig is closing down
- Bug Bounty Radar // The latest bug bounty...on 28 February 2023 at 8:15 PM
New web targets for the discerning hacker
- Indian transport ministry flaws potentially...on 28 February 2023 at 3:15 PM
Armed with personal data fragments, a researcher could also access 185 million citizens’ PII
Security Affaris
- MITRE revealed that nation-state actors breached...by Pierluigi Paganini on 19 April 2024 at 10:54 PM
The MITRE Corporation revealed that a nation-state actor compromised its systems in January 2024 by exploiting Ivanti VPN zero-days. In April 2024, MITRE disclosed a security breach in one of its research and prototyping networks. The security team at the organization promptly launched an […]
- FBI chief says China is preparing to attack US...by Pierluigi Paganini on 19 April 2024 at 10:16 AM
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher Wray. FBI Director Christopher Wray warned this week that China-linked threat actors are preparing an attack against U.S. critical infrastructure, Reuters reported. According […]
- United Nations Development Programme (UNDP)...by Pierluigi Paganini on 19 April 2024 at 7:52 AM
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack and the subsequent theft of data. The United Nations Development Programme (UNDP) is investigating an alleged ransomware attack that resulted in data theft. The United Nations […]
HackerOne
- Code Reviews, Small Moments, Big Impactsby Rafael de Carvalho on 18 April 2024 at 6:08 PM
Rafael de Carvalho shares tips for code reviews, how to optimize delivery, and providing effective feedback.
- AI Interaction Hacks: Tips and Tricks for...by Zahra Putri Fitrianti on 18 April 2024 at 5:59 PM
AI prompting is more of an art than a science. Zahra Putri Fitrianti shares tips and tricks for creating effective prompts.
- FAQ: Everything Hackers Need to Know About the...by Ariel Garcia on 18 April 2024 at 5:58 PM
Answer all your questions about how to get involved in HackerOne's Ambassador World Cup!
WeLiveSecurity
- RDP remains a security concern – Week in...on 29 March 2024 at 11:24 AM
Much has been written about the risks that poorly-secured RDP connections entail, but many organizations continue to leave themselves at risk and get hit by data breaches as a result
- Cybercriminals play dirty: A look back at 10...on 28 March 2024 at 11:30 AM
This rundown of 10 cyberattacks against the sports industry shows why every team needs to keep its eyes on the ball when it comes to cybersecurity
- Borrower beware: Common loan scams and how to...on 26 March 2024 at 11:30 AM
Personal loan scams prey on your financial vulnerability and might even trap you in a vicious circle of debt. Here’s how to avoid being scammed when considering a loan.
TheRegister
- Sacramento airport goes no-fly after AT&T...by Brandon Vigliarolo on 19 April 2024 at 9:30 PM
Police say this appears to be a 'deliberate act.' Sacramento International Airport (SMF) suffered hours of flight delays yesterday after what appears to be an intentional cutting of an AT&T internet cable serving the facility.…
- Cybercriminals threaten to leak all 5 million...by Connor Jones on 19 April 2024 at 12:28 PM
It’s the second time the World-Check list has fallen into the wrong hands The World-Check database used by businesses to verify the trustworthiness of users has fallen into the hands of cybercriminals.…
- Ransomware feared as IT 'issues' force Octapharma...by Jessica Lyons on 18 April 2024 at 11:27 PM
Source blames BlackSuit infection – as separately ISP Frontier confirms cyberattack Updated Octapharma Plasma has blamed IT "network issues" for the ongoing closure of its 150-plus centers across the US. It's feared a ransomware infection may be the root cause of the medical firm's ailment.…
Security Week
- BreachRx Raises $6.5M to Revamp Incident Response...by Ryan Naraine on 19 April 2024 at 6:14 PM
Investors make an early-stage $6.5 million bet on BreachRx, a startup promising to shield cybersecurity executives from personal liability. The post BreachRx Raises $6.5M to Revamp Incident Response Reporting Systems appeared first on SecurityWeek.
- Threat-Intelligence Startup VulnCheck Closes $8M...by SecurityWeek News on 19 April 2024 at 3:36 PM
VulnCheck banks $8 million in early stage capital to build 'exploit intelligence' technologies and services. The post Threat-Intelligence Startup VulnCheck Closes $8M Seed Financing appeared first on SecurityWeek.
- In Other News: OSS Backdooring Attempts, Botnet...by SecurityWeek News on 19 April 2024 at 2:24 PM
Noteworthy stories that might have slipped under the radar: OpenSSF and OpenJS incidents similar to XZ backdoor, Moldovan botnet operator charged, US automotive company targeted by FIN7. The post In Other News: OSS Backdooring Attempts, Botnet Operator Charged, Automotive Firm Attack appeared first […]
Exploit-DB Updates
- [webapps] djangorestframework-simplejwt 5.3.1 -...on 15 April 2024 at 1:00 AM
djangorestframework-simplejwt 5.3.1 - Information Disclosure
- [webapps] Jenkins 2.441 - Local File Inclusionon 15 April 2024 at 1:00 AM
Jenkins 2.441 - Local File Inclusion
- [webapps] OpenClinic GA 5.247.01 - Information...on 15 April 2024 at 1:00 AM
OpenClinic GA 5.247.01 - Information Disclosure
- [webapps] OpenClinic GA 5.247.01 - Path Traversal...on 15 April 2024 at 1:00 AM
OpenClinic GA 5.247.01 - Path Traversal (Authenticated)
- [webapps] Stock Management System v1.0 -...on 13 April 2024 at 1:00 AM
Stock Management System v1.0 - Unauthenticated SQL Injection
- [webapps] Savsoft Quiz v6.0 Enterprise - Stored...on 13 April 2024 at 1:00 AM
Savsoft Quiz v6.0 Enterprise - Stored XSS
ABOUT US
RiSec represents an autonomous, non-profit alliance comprising of individuals dedicated to enhancing cybersecurity awareness and education. Read more
Contact us: security@realinfosec.net
Social
Subscribe for weekly updates
Copyright © RiSec 2023 All rights reserved.
All trademarks, logos, images and brand names are the property of their respective owners.