Hacking News

US CISA adds Centos Web Panel RCE CVE-2022-44877 to its Known Exploited Vulnerabilities Catalog

US CISA added the vulnerability CVE-2022-44877 in CentOS Control Web Panel utility to its Known Exploited Vulnerabilities Catalog. The US CISA added the Centos Web Panel 7 unauthenticated remote code execution flaw (CVE-2022-44877) to its Known Exploited Vulnerabilities Catalog. The flaw impacts the software before 0.9.8.1147, it was addressed with the release of 0.9.8.1147 version on October 25, […]

The post US CISA adds Centos Web Panel RCE CVE-2022-44877 to its Known Exploited Vulnerabilities Catalog appeared first on Security Affairs.

January 19, 2023
0 comment
Read More >>

Two critical flaws discovered in Git source code version control system

The maintainers of the Git source code version control system urge to update the software to fix two critical vulnerabilities. The maintainers of the Git source code version control system announced to have fixed a couple of critical vulnerabilities, tracked as CVE-2022-23521 and CVE-2022-41903, in their software. The flaws were discovered as part of a security source code audit of the source […]

The post Two critical flaws discovered in Git source code version control system appeared first on Security Affairs.

January 18, 2023
0 comment
Read More >>

A couple of bugs can be chained to hack Netcomm routers

A couple of critical vulnerabilities have been discovered in Netcomm rourers, experts warn of their potential exploitation in the wild. The vulnerabilities discovered in the Netcomm routers are a a stack based buffer overflow and an authentication bypass, respectively tracked as CVE-2022-4873 and CVE-2022-4874. Both issues impact the Netcomm router models NF20MESH, NF20, and NL1902 running software versions […]

The post A couple of bugs can be chained to hack Netcomm routers appeared first on Security Affairs.

January 18, 2023
0 comment
Read More >>

Myrocket HR platform’s data leak turns into privacy nightmare for employees

HR management platform myrocket.co has exposed the personal information of hundreds of thousands of employees and millions of job candidates. Original post at CyberNews On December 12, 2022, the Cybernews research team discovered a publicly accessible database with 260GB of sensitive personal data belonging to myrocket.co, offering ‘end-to-end’ recruitment solutions and HR services for companies […]

The post Myrocket HR platform’s data leak turns into privacy nightmare for employees appeared first on Security Affairs.

January 18, 2023
0 comment
Read More >>

1,000 ships impacted by a ransomware attack on maritime software supplier DNV

A ransomware attack against the maritime software supplier DNV impacted approximately 1,000 vessels. About 1,000 vessels have been impacted by a ransomware attack against DNV, one of the major maritime software suppliers.  DNV GL provides solutions and services throughout the life cycle of any vessel, from design and engineering to risk assessment and ship management. […]

The post 1,000 ships impacted by a ransomware attack on maritime software supplier DNV appeared first on Security Affairs.

January 17, 2023
0 comment
Read More >>

How to abuse GitHub Codespaces to deliver malicious content

Researchers demonstrated how to abuse a feature in GitHub Codespaces to deliver malware to victim systems. Trend Micro researchers reported that it is possible to abuse a legitimate feature in the development environment GitHub Codespaces to deliver malware to victim systems. Users can customize their project for GitHub Codespaces by committing configuration files to their repository, which […]

The post How to abuse GitHub Codespaces to deliver malicious content appeared first on Security Affairs.

January 17, 2023
0 comment
Read More >>

Patch your Zoho ManageEngine instance immediately! PoC Exploit for CVE-2022-47966 will be released soon

A PoC exploit code for the unauthenticated remote code execution vulnerability CVE-2022-47966 in Zoho ManageEngine will be released soon. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine setup. The issue also impacts products that had the feature enabled in the past. The […]

The post Patch your Zoho ManageEngine instance immediately! PoC Exploit for CVE-2022-47966 will be released soon appeared first on Security Affairs.

January 17, 2023
0 comment
Read More >>

Avast researchers released a free BianLian ransomware decryptor for some variants of the malware

Antivirus firm Avast released a free decryptor for the BianLian ransomware family that allows victims to recover locked files. Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. The BianLian ransomware emerged in August 2022, the malware was employed in attacks against organizations in […]

The post Avast researchers released a free BianLian ransomware decryptor for some variants of the malware appeared first on Security Affairs.

January 16, 2023
0 comment
Read More >>

Experts spotted a backdoor that borrows code from CIA’s Hive malware

Netlab 360 observed unidentified threat actors using a new backdoor based on the US CIA’s Project Hive malware suite. Researchers from Qihoo Netlab 360 reported that unidentified threat actors using a new backdoor based on the US CIA’s Project Hive malware suite. “Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated […]

The post Experts spotted a backdoor that borrows code from CIA’s Hive malware appeared first on Security Affairs.

January 16, 2023
0 comment
Read More >>

T95 Android TV Box sold on Amazon hides sophisticated malware

Expert discovered that the T95 Android TV box, available for sale on Amazon and AliExpress, came with sophisticated pre-installed malware. Security researcher, Daniel Milisic, discovered that the T95 Android TV box he purchased on Amazon was infected with sophisticated pre-installed malware. This Android TV box model is available on Amazon and AliExpress for as low […]

The post T95 Android TV Box sold on Amazon hides sophisticated malware appeared first on Security Affairs.

January 16, 2023
0 comment
Read More >>