RSS Dashboard

The Hackers News

Microsoft Security Response Centre

The National Cyber Security Centre

Zero Day Initiative: Published

NHS High CareCerts

ThreatPost

London Police Arrested 17-Year-Old Hacker Suspected of Uber and GTA 6 Breaches
London Police Arrested 17-Year-Old Hacker Suspected of Uber and GTA 6 Breaches

The City of London Police on Friday revealed that it has arrested a 17-year-old teenager from Oxfordshire on suspicion of hacking. "On the evening of Thursday 22 September 2022, the… [...]

Hackers Exploited Zero-Day RCE Vulnerability in Sophos Firewall — Patch Released
Hackers Exploited Zero-Day RCE Vulnerability in Sophos Firewall — Patch Released

Security software company Sophos has released a patch update for its firewall product after it was discovered that attackers were exploiting a new critical zero-day vulnerability to attack its customers'… [...]

Hackers Using Fake CircleCI Notifications to Hack GitHub Accounts
Hackers Using Fake CircleCI Notifications to Hack GitHub Accounts

GitHub has put out an advisory detailing what may be an ongoing phishing campaign targeting its users to steal credentials and two-factor authentication (2FA) codes by impersonating the CircleCI DevOps… [...]

Researchers Uncover New Metador APT Targeting Telcos, ISPs, and Universities
Researchers Uncover New Metador APT Targeting Telcos, ISPs, and Universities

A previously undocumented threat actor of unknown origin has been linked to attacks targeting telecom, internet service providers, and universities across multiple countries in the Middle East and Africa. "The… [...]

CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability
CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed security flaw in Zoho ManageEngine to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation. "Zoho… [...]

Defense-in-Depth Updates for Azure Identity libraries and Azure Key Vault libraries within Azure SDK plus Best Practice Implementation Guidance

Summary Today, Microsoft released new versions of the Azure Key Vault libraries and Azure Identity libraries as part of the Azure Software Development Kit (SDK) that includes defense-in-depth feature improvements.… [...]

Curious, Innovative, Creative, Community Driven: Meet Cyb3rWard0g, Roberto Rodriquez

When I grow up I want to be? Dancer or a veterinarian Happiest memories: Tearing up the dance floor at weddings and playing soccer in the streets of Lima, Peru… [...]

What’s the smallest variety of CHERI?

The Portmeirion project is a collaboration between Microsoft Research Cambridge, Microsoft Security Response Center, and Azure Silicon Engineering & Solutions. Over the past year, we have been exploring how to… [...]

Vulnerability Fixed in Azure Synapse Spark

Summary: Microsoft takes a proactive approach to continually probe our defenses, hunt for vulnerabilities, and seek new, innovative ways to protect our customers. Security researchers are an important part of… [...]

Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards

The Microsoft Bug Bounty Programs and partnerships with the global security research community are important parts of Microsoft’s holistic approach to defending customers against security threats. Our bounty programs incentivize… [...]

Threat Report 2nd September 2022

The NCSC's threat report is drawn from recent open source reporting. [...]

Threat Report 19th August 2022

The NCSC's threat report is drawn from recent open source reporting. [...]

Threat Report 5th August 2022

The NCSC's threat report is drawn from recent open source reporting. [...]

Threat Report 22nd July 2022

The NCSC's threat report is drawn from recent open source reporting. [...]

Threat Report 8th July 2022

The NCSC's threat report is drawn from recent open source reporting. [...]

ZDI-22-1299: Trend Micro Deep Security Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the… [...]

ZDI-22-1298: Trend Micro Deep Security Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the… [...]

ZDI-22-1297: Trend Micro Deep Security Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the… [...]

ZDI-22-1296: Trend Micro Deep Security Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Deep Security. An attacker must first obtain the ability to execute low-privileged code on the target… [...]

ZDI-22-1295: Apple macOS TIFF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the CoreGraphics framework is required to exploit this vulnerability but attack vectors may… [...]

CC-4175 - Baxter Sigma Spectrum Infusion Pump Vulnerabilities

Severity: Low CISA Medical Advisory released for four vulnerabilities found in four Sigma Spectrum and two Baxter Spectrum product lines CISA Medical Advisory released for four vulnerabilities found in four… [...]

CC-4173 - ISC Releases Security Advisories for Multiple Versions of BIND 9

Severity: Information only Update for the Berkeley Internet Name Domain system Update for the Berkeley Internet Name Domain system Updated: 23 Sep 2022 [...]

CC-4174 - Active Exploitation of Zoho ManageEngine RCE Vulnerability CVE-2022-35405

Severity: Medium CISA have announced that a critical vulnerability affecting Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus is being actively exploited CISA have announced that a critical… [...]

CC-4172 - Microsoft Releases Out-of-Band Security Update for Microsoft Endpoint Configuration Manager

Severity: Medium Microsoft security update addresses a spoofing vulnerability in Endpoint Configuration Manager Microsoft security update addresses a spoofing vulnerability in Endpoint Configuration Manager Updated: 22 Sep 2022 [...]

CC-4171 - Critical Vulnerabilities in Dataprobe iBoot-PDU Power Distribution Units

Severity: Information only Dataprobe has released firmware updates to address several critical and high-severity vulnerabilities in iBoot-PDU power distribution units Dataprobe has released firmware updates to address several critical and… [...]

CC-4170 - Vulnerabilities in Contec Health CMS8000

Severity: Low Five vulnerabilities affect Contec's ICU CCU Vital Signs Patient Monitor Five vulnerabilities affect Contec's ICU CCU Vital Signs Patient Monitor Updated: 22 Sep 2022 [...]

CC-3875 - Hillrom Medical Device Management Tools Vulnerabilities

Severity: Low Two out-of-bounds read and write issues are causing vulnerabilities in the Hillrom medical device management tools, which are Welch Allyn products. Two out-of-bounds read and write issues are… [...]

CC-3510 - Baxter Sigma Spectrum Infusion Pump Vulnerabilities

Severity: Low CISA Medical Advisory released for six vulnerabilities found in two Sigma Spectrum and four Baxter Spectrum product lines CISA advisory released for six vulnerabilities found in two Sigma… [...]

CC-4169 - Critical RCE Vulnerability in Microsoft Windows Internet Key Exchange (IKE) Protocol Extensions

Severity: High Microsoft security updates addressed a remote code execution vulnerability in IKE Protocol Extensions Microsoft security updates addressed a remote code execution vulnerability in IKE Protocol Extensions Updated: 16… [...]

CC-4168 - Sophos Release Security Update for Sophos Firewall

Severity: Information only Security update addresses one Critical vulnerability, three High severity vulnerabilities and one Medium severity vulnerability. Security update addresses one Critical vulnerability, three High severity vulnerabilities and one… [...]

Student Loan Breach Exposes 2.5M Records
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
Watering Hole Attacks Push ScanBox Keylogger
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
Ransomware Attacks are on the Rise
Ransomware Attacks are on the Rise
Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.