Information Security newsfeeds from around the world in English and French. Find it all in one place since 2004. You'll find online the last 5 years.
Cisco has been discovered with an arbitrary code execution flaw on their Cisco IOS XR Software image verification checks, which allows an authenticated, local attacker to execute arbitrary code on their underlying operating system. Cisco Internetwork Operating System (IOS) is a network operating system that can be used in large-scale enterprise environments for high-performance and […]
Continue ReadingBurp Suite, the renowned Bug Bounty Hunting and Web Application Penetration Testing tool, has been improvised with many extensions over the years. Many of Burp’s Extensions have been used by Bug Bounty Hunters and Security Researchers for various purposes. It has been nearly a year since the introduction of ChatGPT by OpenAI. Several sectors have […]
Continue ReadingSoftware as a Service (SaaS) security refers to the measures and practices employed to protect SaaS solutions’ data, applications, and infrastructure. SaaS is a cloud computing model where software applications are hosted and delivered over the internet, rather than installed and run on individual devices or servers. While SaaS offers numerous benefits, such as scalability […]
Continue ReadingTwo Zero-Day flaws have been discovered on Apple Devices affecting macOS, iOS, and iPadOS. The vulnerabilities involve an arbitrary code execution and a buffer overflow. Reports indicate that these vulnerabilities are being actively exploited. This is considered a high-risk vulnerability as it requires no user interaction. Apple has swiftly acted on the report and released […]
Continue ReadingRaaS (Ransomware-as-a-service) is actively strengthening the ransomware attacks, but understanding their operations is restricted by illegality. That’s why ransomware attacks have surged in scale and complexity over the past decade, driven by RaaS models like Conti (formerly Ryuk). However, the Conti RaaS (Ransomware-as-a-service) operator’s recent chat leak provides valuable insights into their inner workings. The […]
Continue ReadingOn Tuesday, Synopsys addressed High and medium vulnerabilities CVE-2023-2453, and CVE-2023-4480 discovered in PHPFusion by the researchers. PHPFusion is an open-source content management system (CMS) designed for managing personal or commercial websites and is offered under the GNU Affero General Public License v3.0. These vulnerabilities impact versions 9.10.30 and earlier versions of PHP fusion, which […]
Continue ReadingPhylum analyzes source code and metadata for all registry-pushed packages. This year, in millions of packages they are aiming to examine nearly a billion files, as this will enable them to get unique insights into package behaviors across ecosystems. That’s why it has been actively tracking various recent malware campaigns, from fake npm package updates […]
Continue ReadingIn a recent development, NSFOCUS Security Labs has detected a fresh APT34 phishing attack. During this operation, APT34, believed to originate from Iran and also known as OilRig or Helix Kitten, assumed the identity of a marketing services company named Ganjavi Global Marketing Services (GGMS). They meticulously targeted enterprises, employing a variant of the SideTwist […]
Continue ReadingMultiple vulnerabilities have been found in IBM Sterling Secure Proxy, mostly related to Denial of Service and Information Disclosure. It also consisted of a code execution vulnerability and an unidentified vulnerability. The severities of these vulnerabilities vary from 4.5 (Medium) to 9.8 (Critical). IBM Sterling Secure Proxy is a DMZ-based software proxy application that provides […]
Continue ReadingVMware Aria Operations for Network was discovered with an Authentication Bypass vulnerability previously, which had a critical severity. VMware has released patches for fixing this vulnerability. However, a Proof-of-concept and the patch file provided by VMware have been briefed. CVE-2023-34039 was the CVE ID assigned to this vulnerability. According to VMware, the vulnerability exists due […]
Continue Reading