RSS Dashboard

The Hackers News

Microsoft Security Response Centre

The National Cyber Security Centre

Zero Day Initiative: Published

NHS High CareCerts

ThreatPost

Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel
Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel

Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers. The issue relates to… [...]

Nearly 100,000 NPM Users' Credentials Stolen in GitHub OAuth Breach
Nearly 100,000 NPM Users' Credentials Stolen in GitHub OAuth Breach

Cloud-based repository hosting service GitHub on Friday shared additional details into the theft of GitHub integration OAuth tokens last month, noting that the attacker was able to access internal NPM data and… [...]

Attackers Can Use Electromagnetic Signals to Control Touchscreens Remotely
Attackers Can Use Electromagnetic Signals to Control Touchscreens Remotely

Researchers have demonstrated what they call the "first active contactless attack against capacitive touchscreens." GhostTouch, as it's called, "uses electromagnetic interference (EMI) to inject fake touch points into a touchscreen… [...]

The Myths of Ransomware Attacks and How To Mitigate Risk
The Myths of Ransomware Attacks and How To Mitigate Risk

Today's modern companies are built on data, which now resides across countless cloud apps. Therefore preventing data loss is essential to your success. This is especially critical for mitigating against rising ransomware… [...]

Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller, and Firewall Devices
Zyxel Issues Patches for 4 New Flaws Affecting AP, API Controller, and Firewall Devices

Zyxel has released patches to address four security flaws affecting its firewall, AP Controller, and AP products to execute arbitrary operating system commands and steal select information. The list of security vulnerabilities… [...]

New Research Paper: Pre-hijacking Attacks on Web User Accounts

In 2020, MSRC awarded two Identity Project Research Grants to support external researchers working to further strengthen the security of identity protocols and systems. Today we are pleased to release… [...]

Researcher Spotlight: Hector Peralta’s Evolution from Popcorn Server to the MSRC Leaderboards

“The bug bounty literally changed my life. Before this, I had nothing.” Coolest thing he purchased: His first vehicle! Best gift to give: Buying his nephew gaming accessories. Favorite Hacking… [...]

Anatomy of a Security Update

The Microsoft Security Response Center is part of the defender community and on the front line of security response for our customers and the company. Our mission is to protect… [...]

Vulnerability mitigated in the third-party Data Connector used in Azure Synapse pipelines and Azure Data Factory (CVE-2022-29972)

Summary Microsoft recently mitigated a vulnerability in Azure Data Factory and Azure Synapse pipelines. The vulnerability was specific to the third-party Open Database Connectivity (ODBC) driver used to connect to… [...]

Azure Database for PostgreSQL Flexible Server Privilege Escalation and Remote Code Execution

MSRC was informed by Wiz, a cloud security vendor, under Coordinated Vulnerability Disclosure (CVD) of an issue with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized… [...]

Weekly Threat Report 27th May 2022

The NCSC's Weekly threat report is drawn from recent open source reporting. [...]

Weekly Threat Report 20th May 2022

The NCSC's weekly threat report is drawn from recent open source reporting. [...]

Organisational use of Enterprise Connected Devices

Assessing the cyber security threat to UK organisations using Enterprise Connected Devices. [...]

ACD - The Fifth Year

Key findings from the 5th year of the Active Cyber Defence (ACD) programme. [...]

Weekly Threat Report 6th May 2022

The NCSC's weekly threat report is drawn from recent open source reporting. [...]

ZDI-22-805: KeySight N6841A RF Sensor UserFirmwareRequestHandler Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of KeySight N6841A RF Sensor. Authentication is not required to exploit this vulnerability. [...]

ZDI-22-804: KeySight N6841A RF Sensor Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of KeySight N6841A RF Sensor. Authentication is not required to exploit this vulnerability. [...]

ZDI-22-803: Cisco RV340 JSON RPC set-snmp Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be… [...]

ZDI-22-802: Cisco RV340 JSON RPC set-snmp Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be… [...]

ZDI-22-801: Trend Micro Internet Security Exposed Dangerous Method Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Internet Security. An attacker must first obtain the ability to execute low-privileged code on the… [...]

No items
Critical Flaws in Popular ICS Platform Can Trigger RCE
Critical Flaws in Popular ICS Platform Can Trigger RCE
Cisco Talos discovered eight vulnerabilities in the Open Automation Software, two of them critical, that pose risk for critical infrastructure networks.
Cybergang Claims REvil is Back, Executes DDoS Attacks
Cybergang Claims REvil is Back, Executes DDoS Attacks
Actors claiming to be the defunct ransomware group are targeting one of Akami’s customers with a Layer 7 attack, demanding an extortion payment in Bitcoin.
Link Found Connecting Chaos, Onyx and Yashma Ransomware
Link Found Connecting Chaos, Onyx and Yashma Ransomware
A slip-up by a malware author has allowed researchers to taxonomize three ransomware variations going by different names.
Zoom Patches ‘Zero-Click’ RCE Bug
Zoom Patches ‘Zero-Click’ RCE Bug
The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.
Verizon Report: Ransomware, Human Error Among Top Security Risks
Verizon Report: Ransomware, Human Error Among Top Security Risks
2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur.