Splunk fixed high-severity flaw impacting Windows versions

Deserialization of untrusted data can allow malicious code to be executed on the system. This is because the serialized data can contain instructions that the application will execute when it deserializes the data.

Cyware News – Latest Cyber News – ​Read More

Chrome 121 Patches 17 Vulnerabilities

Google releases Chrome 121 to the stable channel with 17 security fixes, including 11 reported by external researchers.

The post Chrome 121 Patches 17 Vulnerabilities appeared first on SecurityWeek.

SecurityWeek – ​Read More

Trello API Abused to Link Email Addresses to 15 Million Accounts

For those concerned, the Trello leak has been added to the Have I Been Pwned data breach notification service, allowing anyone to check if they are among the 15 million leaked email addresses.

Cyware News – Latest Cyber News – ​Read More

GoAnywhere MFT Critical Flaw Lets Anyone Be Admin

Authentication bypass in Fortra’s GoAnywhere MFT before 7.4.1 allows an unauthorized user to create an admin user via the administration portal,” Fortra said in an advisory released on January 22, 2024.

Cyware News – Latest Cyber News – ​Read More

US, UK, AU Officials Sanction 33-Year-Old Russian Medibank Hacker

Aleksandr Ermakov, alongside other members of the REvil ransomware gang, are responsible for one of the biggest cyberattacks in Australia’s history.

darkreading – ​Read More

Google Chrome adds new AI features to boost productivity and creativity

Google Chrome introduces new AI features to help you organize tabs, create themes and write text on the web, and faces some challenges along the way.Read More

Security News | VentureBeat – ​Read More

Patch Your GoAnywhere MFT Immediately – Critical Flaw Lets Anyone Be Admin

A critical security flaw has been disclosed in Fortra’s GoAnywhere Managed File Transfer (MFT) software that could be abused to create a new administrator user.
Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10.
“Authentication bypass in Fortra’s GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal,” Fortra&

The Hacker News – ​Read More

Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine

The new bug is Apple’s 12th WebKit zero-day in the last year, highlighting the increasing enterprise exposure to browser-borne threats.

darkreading – ​Read More

Cybercrime’s Silent Operator: The Unraveling of VexTrio’s Malicious Network Empire

VexTrio is a traffic direction system (TDS) with more than 60 affiliates feeding an unknown number of malicious campaigns.

The post Cybercrime’s Silent Operator: The Unraveling of VexTrio’s Malicious Network Empire appeared first on SecurityWeek.

SecurityWeek – ​Read More