S3 Ep119: Breaches, patches, leaks and tweaks! [Audio + Text]
Lastest episode – listen now! (Or read the transcript.)
Vulnerability
What Is Vulnerability Scanning: Definition, Types, Best Practices
What Is Vulnerability Scanning? Vulnerability scanning is the process of discovering, analysing, and reporting security flaws and vulnerabilities. Alongside vulnerability assessment, vulnerability scanning is an essential step in the vulnerability mana…
Researchers release PoC exploit for critical Windows CryptoAPI bug (CVE-2022-34689)
Akamai researchers have published a PoC exploit for a critical vulnerability (CVE-2022-34689) in Windows CryptoAPI, which validates public key certificates. “An attacker could manipulate an existing public x.509 certificate to spoof their identit…
New Wave of Cyberattacks Targeting MS Exchange Servers
By Waqas
Cybercriminals are leveraging two exploit chains (ProxyNotShell/OWASSRF) to target Microsoft Exchange servers, as warned by Bitdefender Labs.
This is a post from HackRead.com Read the original post: New Wave of Cyberattacks Targeting MS Exchan…
Critical VMware vRealize Log Insight flaws patched (CVE-2022-31706, CVE-2022-31704)
VMware has fixed two critical (CVE-2022-31706, CVE-2022-31704) and two important (CVE-2022-31710, CVE-2022-31711) security vulnerabilities in VMware vRealize Log Insight, its multi-cloud solution for centralized log management, operational visibility a…
Hackers Using Sliver Framework as an Alternative to Cobalt Strike & Metasploit
Silver is an open-source command-and-control framework that is becoming increasingly popular among malicious actors at current attacks. As threat actors are opting for this option since it offers a viable alternative to commercial tools such as:- Desig…
Arm Vulnerability Leads to Code Execution, Root on Pixel 6 Phones
Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.
The post Arm Vulnerability Leads to Code Execution, Root on Pixel 6 Phones appeared first on SecurityWeek.
Attacks Targeting Realtek SDK Vulnerability Ramping Up
Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.
The post Attacks Targeting Realtek SDK Vulnerability Ramping Up appeared first on SecurityWeek.
Chinese Hackers Exploit FortiOS Zero-Day Vulnerability to Deploy New Malware
Mandiant recently reported that a group of hackers originating from China utilized a vulnerability within FortiOS SSL-VPN that had only recently been discovered, and marked as a zero-day exploit, in December. The hackers targeted both a governmen…
6 of the Best Crypto Bug Bounty Programs
By Waqas
Crypto bug bounty programs have become essential as the number of blockchain platforms grows exponentially, making it increasingly difficult for developers to keep up with all the necessary security protocols on their own.
This is a post from …