GitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be abused to gain site administrator privileges.
The most severe of the shortcomings has been assigned the CVE identifier CVE-2024-6800, and carries a CVSS score of 9.5.
“On GitHub Enterprise Server instances that use SAML single sign-on (SSO)
Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild.
Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine.
“Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap
Cybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that’s designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances.
“Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gained, exploiting weak passwords,” Aqua security researcher Assaf Morag said in a technical report.
”
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-21 21:06:372024-08-21 21:06:37From Offices to Hotels: Backdoor in Contactless Key Cards Enables Mass Cloning
Is your favorite emerging tech about to explode – or fizzle out? Gartner’s hype cycle offers crucial insights into the future of AI, developer tools, and security. See what’s coming tomorrow.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-21 20:06:332024-08-21 20:06:33What Gartner’s 2024 hype cycle forecast tells us about the future of AI (and other tech)
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-21 20:06:322024-08-21 20:06:32Stadiums Are Embracing Face Recognition. Privacy Advocates Say They Should Stick to Sports
A new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity cluster as part of a new campaign.
Cisco Talos attributed the malicious cyber campaign to a hacking group it tracks as UAT-5394, which it said exhibits some level of tactical overlaps with a known nation-state actor codenamed Kimsuky.
MoonPeak, under active development
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-08-21 17:06:412024-08-21 17:06:41North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign
Cybersecurity researchers have disclosed a critical security flaw impacting Microsoft’s Copilot Studio that could be exploited to access sensitive information.
Tracked as CVE-2024-38206 (CVSS score: 8.5), the vulnerability has been described as an information disclosure bug stemming from a server-side request forgery (SSRF) attack.
“An authenticated attacker can bypass Server-Side Request
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges
/in General NewsGitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be abused to gain site administrator privileges.
The most severe of the shortcomings has been assigned the CVE identifier CVE-2024-6800, and carries a CVSS score of 9.5.
“On GitHub Enterprise Server instances that use SAML single sign-on (SSO)
The Hacker News – Read More
Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild
/in General NewsGoogle has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild.
Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine.
“Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap
The Hacker News – Read More
New Malware PG_MEM Targets PostgreSQL Databases for Crypto Mining
/in General NewsCybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that’s designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances.
“Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gained, exploiting weak passwords,” Aqua security researcher Assaf Morag said in a technical report.
”
The Hacker News – Read More
Bangladeshi Hackers Deface India’s Zee Media Website for Mocking Floods
/in General NewsBangladeshi hackers “SYSTEMADMINBD” defaced Zee Media’s website, accusing them of mocking the situation in Bangladesh amid severe flooding.…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
From Offices to Hotels: Backdoor in Contactless Key Cards Enables Mass Cloning
/in General NewsMillions of office and hotel contactless access cards using Fudan Microelectronics chips are vulnerable to a hardware backdoor…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
What Gartner’s 2024 hype cycle forecast tells us about the future of AI (and other tech)
/in General NewsIs your favorite emerging tech about to explode – or fizzle out? Gartner’s hype cycle offers crucial insights into the future of AI, developer tools, and security. See what’s coming tomorrow.
Latest stories for ZDNET in Security – Read More
Stadiums Are Embracing Face Recognition. Privacy Advocates Say They Should Stick to Sports
/in General NewsProtesters took to Citi Field Wednesday to raise awareness of the facial recognition systems that have become common at major league sporting venues.
Security Latest – Read More
New PG_MEM Malware Targets PostgreSQL Databases to Mine Cryptocurrency
/in General NewsThe new PG_MEM malware targets PostgreSQL databases, exploiting weak passwords to deliver payloads and mine cryptocurrency. Researchers warn…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign
/in General NewsA new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity cluster as part of a new campaign.
Cisco Talos attributed the malicious cyber campaign to a hacking group it tracks as UAT-5394, which it said exhibits some level of tactical overlaps with a known nation-state actor codenamed Kimsuky.
MoonPeak, under active development
The Hacker News – Read More
Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data
/in General NewsCybersecurity researchers have disclosed a critical security flaw impacting Microsoft’s Copilot Studio that could be exploited to access sensitive information.
Tracked as CVE-2024-38206 (CVSS score: 8.5), the vulnerability has been described as an information disclosure bug stemming from a server-side request forgery (SSRF) attack.
“An authenticated attacker can bypass Server-Side Request
The Hacker News – Read More