All the latest news on Cybersecurity

Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year. [...]

impacting iPhone

Capital Health hospitals and physician offices across New Jersey are experiencing IT outages after a cyberattack hit the non-profit organization's network earlier this week. [...]

Capital Health Health Hospitals physician offices

A critical vulnerability in Zoom Room allowed threat actors to take over meetings and steal sensitive data. Researchers at AppOms discovered a vulnerability in Zoom Room as part of the HackerOne live hacking event H1-4420. Zoom Rooms is a feature of the Zoom video conferencing platform designed to enhance collaboration in physical meeting spaces, such as conference […]

Zoom Tenants

By Waqas Thus far, the FjordPhantom malware has defrauded victims of around 0,000 (£225,000). This is a post from HackRead.com Read the original post: Android Banking Malware FjordPhantom Steals Funds Via Virtualization

FjordPhantom Steals Malware FjordPhantom

Yu Hao discovered that the UBI driver in the Linux kernel did not properly check for MTD with zero erasesize during device attachment. A local privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-31085) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information (kernel memory). (CVE-2023-39189) Sunjoo Park discovered that the netfilter subsystem in the Linux kernel did not properly validate u32 packets content, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39192) Lucas Leong discovered that the netfilter subsystem in the Linux kernel did not properly validate SCTP data, leading to an out-of-bounds read vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39193) Lucas Leong discovered that the Netlink Transformation (XFRM) subsystem in the Linux kernel did not properly handle state filters, leading to an out- of-bounds read vulnerability. A privileged local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2023-39194) Kyle Zeng discovered that the IPv4 implementation in the Linux kernel did not properly handle socket buffers (skb) when performing IP routing in certain circumstances, leading to a null pointer dereference vulnerability. A privileged attacker could use this to cause a denial of service (system crash). (CVE-2023-42754) It was discovered that the USB ENE card reader driver in the Linux kernel did not properly allocate enough memory when processing the storage device boot blocks. A local attacker could use this to cause a denial of service (system crash). (CVE-2023-45862) Manfred Rudigier discovered that the Intel(R) PCI-Express Gigabit (igb) Ethernet driver in the Linux kernel did not properly validate received frames that are larger than the set MTU size, leading to a buffer overflow vulnerability. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-45871) Budimir Markovic discovered that the perf subsystem in the Linux kernel did not properly handle event groups, leading to an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2023-5717)

Join the Be.Cyber community! On the program: news and tools monitoring, mutual aid and knowledge sharing, event organization (workshops, CTF resolution), ... And it's all in good fun!

Cactus ransomware has been exploiting critical vulnerabilities in the Qlik Sense data analytics solution to get initial access on corporate networks. [...]

exploiting Qlik Sense data Sense flaws

American office supply retailer Staples took down some of its systems earlier this week after a cyberattack to contain the breach's impact and protect customer data. [...]

American office issues American office supply service outages

By Deeba Ahmed The conclusion was reached after researchers evaluated over 9,500 of the largest transactional websites in terms of traffic,… This is a post from HackRead.com Read the original post: 68% of US Websites Exposed to Bot Attacks

largest transactional researchers evaluated

In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii Chychasov, a 37-year-old Ukrainian citizen, to an eight-year federal prison term.  Chychasov played a pivotal role in orchestrating the notorious SSNDOB Marketplace, a clandestine platform thriving in the shadows of the dark web, specializing in the illicit trade of sensitive […] The post SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data appeared first on Cyber Security News.

District Judge Judge Kathryn Kathryn Kimball

A fake antivirus alert may suddenly hijack your screen while browsing. This latest malvertising campaign hit top publishers.

CBS ESPN serving fake suddenly hijack

With the average cost of a breach at an all time high of .45 million, there's an undeniable need for teams to enlist the right experts to quickly eradicate threats.

average cost Clock eradicate threats Luckily