Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Unmasking the new persistent attacks on Japan

Cisco Talos has discovered an active exploitation of CVE-2024-4577 by an attacker in order to gain access to the victim's machines and carry out post-exploitation activities.

TALOS
#xss#vulnerability#web#android#mac#windows#microsoft#ubuntu#linux#debian#cisco#apache#git#java#php#rce#alibaba#auth#ssh#docker#ssl
GHSA-93qr-h8pr-4593: OpenDJ Denial of Service (DoS) using alias loop

### Summary A denial-of-service (DoS) vulnerability in OpenDJ has been discovered that causes the server to become unresponsive to all LDAP requests without crashing or restarting. This issue occurs when an alias loop exists in the LDAP database. If an `ldapsearch` request is executed with alias dereferencing set to "always" on this alias entry, the server stops responding to all future requests. I have confirmed this issue using the latest OpenDJ version (9.2), both with the official OpenDJ Docker image and a local OpenDJ server running on my Windows 10 machine. ### Details An unauthenticated attacker can exploit this vulnerability using a single crafted `ldapsearch` request. Fortunately, the server can be restarted without data corruption. While this attack requires the existence of an alias loop, I am uncertain whether such loops can be easily created in specific environments or if the method can be adapted to execute other DoS attacks more easily. ### PoC (Steps to Reproduce) 1. ...

I spoke to a task scammer. Here’s how it went

Task scams are increasing in volume. We followed up on an invitation by a task scammer to get a first hand look on how they work.

LinkedIn Phishing Scam: Fake InMail Messages Spreading ConnectWise Trojan

Cofense uncovers new LinkedIn phishing scam delivering ConnectWise RAT. Learn how attackers bypass security with fake InMail emails…

Seven Malicious Go Packages Found Deploying Malware on Linux and macOS Systems

Cybersecurity researchers are alerting of an ongoing malicious campaign targeting the Go ecosystem with typosquatted modules that are designed to deploy loader malware on Linux and Apple macOS systems. "The threat actor has published at least seven packages impersonating widely used Go libraries, including one (github[.]com/shallowmulti/hypert) that appears to target financial-sector developers

Scammers Mailing Ransom Letters While Posing as BianLian Ransomware

Scammers are impersonating BianLian ransomware, and mailing fake ransom letters to businesses. Learn the red flags and how…

Delta Electronics CNCSoft-G2

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-G2 Vulnerability: Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to execute code remotely. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Delta Electronics reports that the following versions of CNCSoft-G2, a human-machine interface, are affected: CNCSoft-G2: Versions V2.1.0.10 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 HEAP-BASED BUFFER OVERFLOW CWE-122 Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can manipulate users to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current process. CVE-2025-22881 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:L/PR:N/...

Hitachi Energy MACH PS700

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.7 ATTENTION: Vendor: Hitachi Energy Equipment: MACH PS700 Vulnerability: Uncontrolled Search Path Element 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges and gain control over the software. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports the following products are affected: MACH PS700: Version v2 3.2 VULNERABILITY OVERVIEW 3.2.1 UNCONTROLLED SEARCH PATH ELEMENT CWE-427 Uncontrolled search path element in some Intel(R) Chipset Device Software before Version 10.1.19444.8378 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2023-28388 has been assigned to this vulnerability. A CVSS v3 base score of 6.7 has been calculated; the CVSS vector string is (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H). 3.3 BACKGROUND CRITICAL INFRASTRUCTURE SECTORS: Energy COUNTRIES/AREAS DEPLOYED: Worldwide COMPANY HEADQUARTERS LOCATION: Swi...

AI-powered SEO services: revolutionizing digital marketing

Artificial Intelligence is a tool that is currently changing how businesses approach digital marketing and SEO. Explore how your business can transform with AI-powered SEO services here.