A PoC code has been released for the a serious vulnerability, CVE-2023-41974, on iOS and macOS. This vulnerability can be used to gain full control of a mobile device by exploiting a critical issue in the kernel, giving an application access to run any code with kernel privileges. This discovery …
Read More »
A new security flaw was found in Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system. This flaw could be used to get around authentication protections. The vulnerability, CVE-2023-51467, is found in the login feature and is caused by a partial fix for another serious vulnerability (CVE-2023-49070, CVSS score: 9.8) …
Read More »
Barracuda, fixed a zero-day bug on December 21. The bug was used by hackers known as UNC4841 to exploit Email Security Gateway (ESG) appliances. The company released additional security updates the following day for compromised ESG appliances that were attacked with SeaSpy and Saltwater malware. A security vulnerability was disclosed …
Read More »
China proposed a four-tier classification to respond to data security incidents, showing its concern about data leaks and hacking in the country. The plan is due to increased tensions with the United States and its allies. It follows an incident where a hacker claimed to have gotten a large amount …
Read More »
The Indian government urgently asked Samsung smartphone users to update their devices due to security vulnerabilities. CERT-In issued a warning about a threat to certain Samsung devices running on Android versions 11, 12, 13, and 14. These vulnerabilities could be exploited to gain unauthorized access to sensitive data on these …
Read More »
Sophos had to update old firewall firmware versions due to a security vulnerability (CVE-2022-3236) after attacked by hackers. There is a code injection flaw in the User Portal and Webadmin of Sophos Firewall. This flaw allows for remote code execution. ALSO READ: Bypassing major EDRS using “POOL PARTY”, Hackers revealed …
Read More »
Researchers at cybersecurity firm SafeBreach created a new method called Pool Party. This method allows attackers to bypass EDR solutions. The researchers presented Pool Party at Black Hat Europe 2023. The experts discovered an new way to inject processes by using Windows thread pools. Researchers found eight new process injection …
Read More »
The Apache Software Foundation fixed a critical file upload vulnerability in the Struts 2 open-source framework. This flaw, tracked as CVE-2023-50164, could allow remote code execution. An attacker can manipulate file upload parameters to upload a malicious file and execute code on the server. “An attacker can manipulate file upload …
Read More »
A hacktivist group named “Team Network Nine” claimed a cyber attack on “Bangladesh Space Research and Remote Sensing Organization (SPARSO). The group claimed that the December 1 attack resulted in Sparrso’s website being down for 1 hour. An Indian media reported on the issue. According to the report, the hacktivist …
Read More »
15,000 Go module repositories on GitHub are vulnerable to repojacking attack, according to new research. VulnCheck chief technology officer jacob Baines shared a report with renowned newspaper where he said, “More than 9,000 repositories are vulnerable to repojacking due to GitHub username changes, “More than 6,000 repositories were vulnerable to …
Read More »
InfoSecBulletin Cybersecurity for mankind