-
Exploiting GOG Galaxy XPC service for privilege escalation in macOS
Extending and automating NightHawk with DayBird 13 min read – NightHawk, MDSec’s commercial C2 product, has focused on operational …
-
Think Twice Before Giving Surveillance for the Holidays
With the holidays upon us, it’s easy to default to giving the tech gifts that retailers tend to push on us this time of year: smart …
-
Microsoft’s CISO Bret Arsenault to helm Chief Security Advisor position
To fill the vacancy left by Arsenault, Igor Tsyganskiy has been appointed as the new CISO, effective January 1, 2024. Tsyganskiy previously …
-
Russian Star Blizzard hackers linked to efforts to hamper war crimes investigation
Russia’s cyberwar against the west, which accelerated after its 2014 annexation of Crimea, has been executed by a constellation of elite …
-
Akamai discovers Active Directory DNS spoofing exploit
The combination of Domain Name System, Active Directory and the Dynamic Host Configuration Protocol is a potential cybersecurity threat, …
-
A guide to avoiding 10 common holiday scams this season
Scammers target people in the following ways. We’re here to help you and yours avoid a heartbreaking holiday …
-
Attacks against personal data are up 300%, Apple warns
It’s been another bad week in security. Not only do we learn that so-called …
-
New XorDdos-Linked Linux RAT Krasue Targeting Telecom Firms
The Krasue Linux RAT is quite sophisticated, and equipped with the capability to evade detection through Rootkit and RTSP communication. …
-
US and EU infosec authorities pen intel-sharing pact
The US Cybersecurity and Infrastructure Security Agency (CISA) has signed a working arrangement with its EU counterparts to increase …
-
Piiano Flows Scans for Sensitive Data Leaks in Git Code
When his cybersecurity company NorthBit was acquired by Florida-based augmented reality vendor Magic Leap, Gil Dabah became head of …
-
CISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its
-
UK reveals years-long Russian cyber-espionage activities
This probably comes as no surprise to anyone, but Britain’s Foreign Office revealed on Thursday that it has found long-term evidence of …
●●●
NVD
- CVE-2023-36409 – Microsoft Edge (Chromium-based) Information Disclosure Vulnerability …
- CVE-2023-47272 – Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Conte …
- CVE-2023-47271 – PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Jour …
- CVE-2023-20702 – In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This …
- CVE-2018-25093 – A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been rated as …
EXPLOITS
- Splunk 9.0.5 – admin account take over
- GLPI GZIP(Py3) 9.4.5 – RCE
- Shuttle-Booking-Software v1.0 – Multiple-SQLi
- Atcom 2.7.x.x – Authenticated Command Injection
- OpenPLC WebServer 3 – Denial of Service
SECURELIST