Security Affairs

JUNE 6, 2023

The vulnerability was discovered by Clement Lecigne of Google’s Threat Analysis Group (TAG), which is the team at Google that monitors the activity of nation-state actors. The IT giant is aware that the vulnerability is being actively exploited in the wild. “Google is aware that an exploit for CVE-2023-3079 exists in the wild.”

Engineering 89

Engineering Hacking Information Security 89

Security Affairs

JUNE 6, 2019

for Windows, Mac, Linux, and Android. for Windows, Mac, Linux, and Android, the new version of the popular anonymizing browser. for Windows, Mac, Linux, and Android appeared first on Security Affairs. A new version of the popular Tor Browser was released by the Tor Project, it is Tor Browser 8.5.1 Pierluigi Paganini.

Advertising 84

Advertising Mobile Information Security 84

Google Security

JUNE 30, 2020

Initializing memory We’ve enabled forms of automatic memory initialization in both Android 11’s userspace and the Linux kernel. Initializing the Kernel: Automatic stack and heap initialization were recently merged in the upstream Linux kernel. For kernel stack initialization we adopted the CONFIG_INIT_STACK_ALL from upstream Linux.

Software 77

Software DNS Media 77

Security Affairs

APRIL 1, 2023

Google TAG shared indicators of compromise (IoCs) for both campaigns. The threat actors behind the attacks used both zero-day and n-day exploits in their exploits. The exploits were used to install commercial spyware and malicious apps on targets’ devices.

Spyware 79

Spyware Surveillance Mobile Education 79

Security Affairs

NOVEMBER 29, 2023

The fact that the issue was discovered by Google TAG suggests it was exploited by a nation-state actor or by a surveillance firm. “The Stable channel has been updated to 119.0.6045.199 for Mac and Linux and 119.0.6045.199/.200 200 for Windows, which will roll out over the coming days/weeks.”

Surveillance 114

Surveillance Engineering Hacking Software 114

Security Affairs

APRIL 9, 2024

“In particular, neither switching to a memory safe language , such as Rust, nor using current or future hardware memory safety features, such as memory tagging , can help with the security challenges faced by V8 today.” .” reads the announcement.

Engineering 116

Engineering Software Hacking Information Security 116

Security Affairs

SEPTEMBER 25, 2021

Google released a Chrome emergency update for Windows, Mac, and Linux that addresses a high-severity zero-day flaw exploited in the wild. for Windows, Mac, and Linux that addresses a high-severity zero-day vulnerability (CVE-2021-37973) exploited in the wild. Google has released Chrome 94.0.4606.61

Hacking 88

Hacking Information Security 88

Security Affairs

MARCH 13, 2022

CVE-2022-0492 flaw in Linux Kernel cgroups feature allows container escape Charities and NGOs providing support in Ukraine hit by malware. Is it fake news? Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini. SecurityAffairs – hacking, newsletter).

Data breaches 84

Data breaches Firmware Hacking Ransomware 84

Security Affairs

OCTOBER 1, 2021

The CVE-2021-37976 is an Information leak that resides in the core, it was reported by Clément Lecigne from Google TAG, with technical assistance from Sergei Glazunov and Mark Brand from Google Project Zero on 2021-09-21. version for Windows, Mac, and Linux. ” states the update provided by Google. Pierluigi Paganini.

Engineering 79

Engineering Hacking Government Information Security 79

eSecurity Planet

OCTOBER 9, 2023

And Linux distributions and the TorchServe AI tool were confronted with major security flaws too. The issue affects all TeamCity versions prior to the patched release in on-premises servers running Windows, Linux, macOS, or Docker. dynamic loader, which is a fundamental component of most Linux kernel-based systems.

Architecture 104

Architecture Ransomware Software Accountability 104

Security Affairs

MAY 20, 2019

Security researchers from Chronicle, Alphabet’s cyber-security division, have spotted a Linux variant of the Winnti backdoor. Security experts from Chronicle, the Alphabet’s cyber-security division, have discovered a Linux variant of the Winnti backdoor. samples designed specifically for Linux.” Winnti ver.

Malware 94

Malware Advertising Hacking Cyber Attacks 94

Security Affairs

SEPTEMBER 17, 2021

The vulnerabilities were reported by Wiz’s research team, an attacker could exploit OMIGOD vulnerabilities to execute code remotely or elevate privileges on vulnerable Linux virtual machines running on Azure. Tags available to all GN users and customers now. CVE-2021-38648 – Privilege Escalation vulnerability (Severity: 7.8)

Internet 78

Internet Internet DDOS Firewall 78

Kali Linux

MARCH 9, 2022

From zero to hero in 30 seconds (You really want to enable video playback in your browser for this): Your browser does not support the video tag. All it takes is installing Kali Linux version 2022.1

Software 52

Software 52

ForAllSecure

MARCH 16, 2023

with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata (tags, labels) for Docker id: meta uses: docker/metadata-action@v4.1.1 Once complete, you’ll need to modify any corresponding Mayhem.yml file to use your specific tagged release and test your changes.

Passwords 52

Passwords Accountability 52

Security Affairs

AUGUST 6, 2023

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Malware 76

Malware Cybercrime Cryptocurrency Social Engineering 76

Security Affairs

NOVEMBER 9, 2022

All three vulnerabilities in this chain were in the manufacturer’s custom components rather than in the AOSP platform or the Linux kernel.” The TAG team only obtained a partial exploit chain for Samsung phones that were likely in the testing phase. ” reads the advisory published by Google Project Zero.

Surveillance 104

Surveillance Spyware Mobile Manufacturing 104

CyberSecurity Insiders

FEBRUARY 9, 2021

It should cover both structured and unstructured data, tagging it based on its level of sensitivity and making it easier to find, track, and safeguard. Applying persistent classification tags to data is essential and allows your organizations to track their use. Identify & assess compliance obligations. Educate your employees.

Unstructured Data 145

Unstructured Data Risk Education Marketing 145

Security Affairs

AUGUST 6, 2019

” The KDE Frameworks is currently adopted by several Linux distros, including Kubuntu, OpenMandriva, openSUSE , and OpenMandriva. directory files, we can force the file to evaluate some of the entries within the [Desktop Entry] tag.” “Some of the entries in this tag include “Icon”, “Name”, etc.

Advertising 86

Advertising Software Hacking Information Security 86

Security Affairs

JUNE 5, 2021

She previously hosted even TrickBot "red" group tag payload on her own website -> see URLhaus [link] [link] pic.twitter.com/qG977wjgLN — Vitali Kremez (@VK_Intel) June 4, 2021. A few days after the TrickBot takedown, Netscout researchers spotted a new TrickBot Linux variant that was used by its operators.

Malware 120

Malware Banking Ransomware Encryption 120

Malwarebytes

FEBRUARY 15, 2022

The researchers who found and reported the flaw are Adam Weidemann and Clément Lecigne of Google’s Threat Analysis Group (TAG). If you’re a Chrome user on Windows, Mac, or Linux, you should update to version 98.0.4758.102 as soon as possible. As usual, Google hasn’t gone into any more detail about the bug.

93

93

Security Affairs

APRIL 23, 2023

Abandoned Eval PHP WordPress plugin abused to backdoor websites CISA adds MinIO, PaperCut, and Chrome bugs to its Known Exploited Vulnerabilities catalog At least 2 critical infrastructure orgs breached by North Korea-linked hackers behind 3CX attack American Bar Association (ABA) suffered a data breach,1.4

Spyware 72

Spyware Ransomware Malware Data breaches 72

Kali Linux

MAY 29, 2023

Quick off the mark from previous 10 year anniversary , Kali Linux 2023.2 It is ready for immediate download or upgrading if you have an existing Kali Linux installation. The GNOME desktop already uses PipeWire by default in most Linux distributions, including Kali Linux since version 2022.4. Get Kali Linux 2023.2

Firmware 52

Firmware Phishing Architecture Authentication 52

LRQA Nettitude Labs

JUNE 5, 2023

This is the tagline associated with Kali Linux, a Linux distribution used by security researchers, penetration testers, and hackers alike. If for whatever reason a physical security penetration tester cannot reach or otherwise see a target device’s tag, looking up the product online may be the best option.

Penetration Testing 52

Penetration Testing Firmware 52

Kali Linux

MAY 31, 2021

Say hello to Kali Linux 2021.2 ! This release welcomes a mixture of new items as well as enhancements of existing features, and is ready to be downloaded (from our updated page) or upgraded if you have an existing Kali Linux installation. A quick summary of the changelog since the 2021.1 A quick summary of the changelog since the 2021.1

Engineering 52

Engineering Firmware Architecture Backups 52

Kali Linux

MARCH 12, 2023

Remember what we did a decade ago with Kali Linux? No expensive licenses required, no need for commercial grade infrastructure, no writing code or compiling tools to make it all work… Just download Kali Linux and do your thing. Your browser does not support the video tag. Your browser does not support the video tag.

Firmware 52

Firmware Architecture Engineering Technology 52

ForAllSecure

SEPTEMBER 4, 2020

” VDA Labs chose to test this app because it is an open source C++ application running on Linux, that is easy to input (just pass in an MP3 file) and has about 12,000 downloads per week, according to SourceForge. Mayhem has a CLI available to download and that was used on a local Linux host. 2) Finding CVE-2020-15359.

IoT 52

IoT Technology 52

ForAllSecure

SEPTEMBER 3, 2020

” VDA Labs chose to test this app because it is an open source C++ application running on Linux, that is easy to input (just pass in an MP3 file) and has about 12,000 downloads per week, according to SourceForge. Mayhem has a CLI available to download and that was used on a local Linux host. 2) Finding CVE-2020-15359.

IoT 52

IoT 52

ForAllSecure

SEPTEMBER 3, 2020

” VDA Labs chose to test this app because it is an open source C++ application running on Linux, that is easy to input (just pass in an MP3 file) and has about 12,000 downloads per week, according to SourceForge. Mayhem has a CLI available to download and that was used on a local Linux host. 2) Finding CVE-2020-15359.

IoT 52

IoT 52

Security Boulevard

AUGUST 4, 2021

Founded in August 2020, OpenSSF is a Linux Foundation-funded project focused on establishing metrics, tooling, best practices, developer identity validation, and vulnerability disclosures to improve open source software security. Signed Tags. Developers often use tags to mark versions. Who is OpenSSF?

Software 83

Software Risk Government Technology 83

eSecurity Planet

OCTOBER 26, 2021

Developed by the Linux Foundation in 2010, the Software Package Data Exchange (SPDX) is the leading open standard for SBOM formats. SWID: Software Identification Tagging. With a few standards already in place, organizations have the framework to write, maintain, and share software component data quickly. OWASP’s CycloneDX.

Software 135

Software Risk Healthcare Cybersecurity 135

Google Security

JULY 20, 2021

As Lynn Dohm, executive director of WiCyS, told us, “You cannot put a price tag on the power of community, and last year’s WiCyS Security Training Program proved just that.”

Information Security 105

Information Security Cybersecurity Education 105

CyberSecurity Insiders

FEBRUARY 25, 2022

Following trends observed last year by Alien Labs, the ransomware targets multiple platforms (Windows and Linux), and it uses additional code to infect VMware’s ESXi hypervisor. Linux BlackCat Payload. Linux BlackCat Payload. Linux BlackCat Payload. Linux BlackCat Payload. Linux BlackCat Payload.

Ransomware 119

Ransomware Encryption Malware Backups 119

Krebs on Security

JULY 25, 2023

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks. SocksEscort[.]com com , is what’s known as a “SOCKS Proxy” service.

Malware 205

Malware VPN Internet Internet 205

Malwarebytes

JUNE 15, 2022

Depending on what’s being collected, you may end up with a huge slice of identifiable data tagged to your identity without you ever even seeing it yourself. Mozilla claims that this release makes Firefox: The most private and secure major browser available across Windows, Mac, and Linux. The cookie controversy.

Advertising 98

Advertising Internet Internet Mobile 98

Kali Linux

MAY 15, 2022

It’s that time of year again, time for another Kali Linux release! Quarter #2 - Kali Linux 2022.2. Your browser does not support the video tag. Running x86 on ARM (New) Accessing Xfce with RDP (Updated) Download Kali Linux 2022.2 The summary of the changelog since the 2022.1 We call it Kali Unkaputtbar !

Wireless 52

Wireless Firmware Architecture Media 52

Kali Linux

DECEMBER 8, 2021

With the end of 2021 just around the corner, we are pushing out the last release of the year with Kali Linux 2021.4 , which is ready for immediate download or updating. we supported installing Kali Linux on Parallels on Apple Silicon Macs, well with 2021.4, Extended Compatibility for the Samba Client Starting Kali Linux 2021.4,

Social Engineering 52

Social Engineering VPN Architecture Engineering 52

Security Affairs

NOVEMBER 24, 2020

A few days after the TrickBot takedown, Netscout researchers spotted a new TrickBot Linux variant that was used by its operators. Following the takedown, the operators behind the TrickBot malware have implemented several improvements to make it more resilient. This technique was also implemented by the Bazar backdoor.

Malware 83

Malware Backups Ransomware Hacking 83