#exploit

[ follow ]
Engadget
1 week ago
Information security

Google just patched the fifth zero-day exploit for Chrome this year

Google issued a security update for Chrome browser to address a zero-day vulnerability, the fifth this year for the company. [ more ]
Theregister
4 months ago
Information security

CISA: Critical SharePoint vuln is under active exploitation

Ransomware criminals have acquired a functional exploit for a critical Microsoft SharePoint vulnerability.
The vulnerability, known as CVE-2023-29357, allows for remote code execution (RCE) and has a severity score of 9.8. [ more ]
Dark Reading
6 months ago
Information security

Dangerous Apache ActiveMQ Exploit Allows Stealthy EDR Bypass

A fresh proof-of-concept exploit for a critical security vulnerability in Apache ActiveMQ allows remote code execution on servers.
The exploit cuts down on intruder noise by launching attacks from memory, making it harder to detect.
The vulnerability has been patched, but thousands of organizations remain vulnerable. [ more ]
SecurityWeek
6 months ago
Information security

New Intel CPU Vulnerability 'Reptar' Can Allow DoS Attacks, Privilege Escalation

A newly disclosed vulnerability affecting some Intel processors could lead to a crash and potentially privilege escalation and information disclosure.
The vulnerability, known as Reptar and CVE-2023-23583, can be exploited by an attacker who already has access to the targeted system.
Intel has released microcode updates to patch the issue and users are advised to ensure their BIOS, system OS, and drivers are up to date. [ more ]
Zero Day Initiative
2 weeks ago
JavaScript

Zero Day Initiative - CVE-2024-2887: A Pwn2Own Winning Bug in Google Chrome

Exploiting CVE-2024-2887 type confusion bug in Google Chrome and Microsoft Edge renderer process. [ more ]
Kotaku
2 months ago
Video games

PSA: Unicorn Overlord's Sellswords Make Leveling A Breeze

Players can power level quickly in Unicorn Overlord using the Sellsword class and an exploit with the 'Summon Warriors' Valor Skill.
The exploit involves using high-level allied units summoned by the 'Summon Warriors' skill to chip down enemy health and level up main underleveled units. [ more ]
Theregister
3 months ago
Privacy professionals

Akira ransomware attacks linked to Cisco vuln fixed in 2020

The Akira ransomware group may be exploiting a four-year-old Cisco vulnerability to gain access to organizations' systems.
The vulnerability, CVE-2020-3259, allows attackers to extract usernames and passwords stored in memory in clear text. [ more ]
Databreaches
3 months ago
Privacy professionals

Leading Mobile Banking App Hit by IntelBroker Hackers, Sensitive Data Up for Sale

IntelBroker hacker group claims responsibility for potential cyberattack on mobile banking app
Exploit allows scraping and leaking of sensitive user information [ more ]
Dark Reading
5 months ago
Privacy professionals

Exploit for Critical Windows Defender Bypass Goes Public

A proof-of-concept exploit (PoC) is available for a critical zero-day vulnerability in Windows SmartScreen.
The exploit allows attackers to bypass Windows Defender SmartScreen checks.
Organizations need to address the vulnerability and apply the patch if they haven't already. [ more ]
Engadget
6 months ago
Privacy professionals

An email vulnerability let hackers steal data from governments around the world

Google's Threat Analysis Group discovered and helped patch an email server flaw used to steal data from government organizations in several countries.
The exploit targeted the email server Zimbra Collaboration and stole email data, user credentials, and authentication tokens.
Updating software with the latest fixes is crucial to protect against these types of exploits. [ more ]
www.npr.org
4 months ago
Europe news

Hundreds of Nepalese men moved to Russia to join in its fight against Ukraine

Nepalese men have died and gone missing while working for Russia's army.
Families blame local recruiters for the deaths and disappearances. [ more ]
Databreaches
4 months ago
Privacy technologies

Compromising Google Accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking

The PRISMA exploit allows for the generation of persistent Google cookies, providing continuous access to Google services even after a password reset.
CloudSEK's threat research team discovered the exploit's root at an undocumented Google OAuth endpoint called 'MultiLogin'. [ more ]
Databreaches
4 months ago
Privacy technologies

Operation Triangulation: The last (hardware) mystery

Operation Triangulation research presented at 37C3
First public disclosure of exploits and vulnerabilities [ more ]
www.standard.co.uk
4 months ago
London

Migrant workers paid below minimum wage or 'given meals only' at Balham restaurant

A south London restaurant, Lebanese Garden Lounge, has had its late-night license revoked after being found guilty of exploiting migrant workers.
The owner, Karim Ali, has been fined nearly £15,000 and ordered to pay the council's legal costs.
The case sends a strong message that businesses must not employ people without legal right to work and must pay employees at least the minimum wage. [ more ]
www.nytimes.com
4 months ago
Digital life

I Just Learned My Son Is a Webcam Model. Should I Be Troubled?

There is a debate over whether camming, like other forms of performance, should be seen as a legitimate way to earn money.
The focus should be on whether the person involved is being exploited or exploiting others, rather than the specific nature of the work. [ more ]
www.theguardian.com
4 months ago
Europe politics

Ramen noodles budget': EU moves to end exploitation of unpaid internships

Unpaid internships are becoming increasingly common and can be financially burdensome for young people.
The European Parliament is working towards legislation to ban most unpaid internships in the EU. [ more ]
[ Load more ]