Some vendors and users of Adobe Commerce and Magento decided to make a difficult choice between "safe" and "convenient". As we reported, the February patch from Adobe, released to eliminate the critical vulnerability of mail templates CVE-2022-24086 (CVSS score 9.8), was actively bypassed by attackers.
American security forces have detained Anatoly Legkodymov, the founder of the Bitzlato cryptocurrency exchange registered in Hong Kong, who is accused of collaborating with extortionists and laundering money received from drug trafficking.
Oracle has announced the release of the first critical update in 2023, which includes 327 new security fixes. At the same time, more than 70 fixes eliminate critical vulnerabilities, and almost 200 fixes eliminate errors that can be used remotely without authentication. Some of the corrected shortcomings affect more than one product of the company.
RCE vulnerabilities were discovered in TP-Link and NetComm routers. CVE-2022-4498 and CVE-2022-4499 affect TP-Link WR710N-V1-151022 and Archer-C5-V2-160201 SOHO.
In modern conditions, the security of information systems of corporations and government agencies is of particular importance, and in 2023 its role will increase even more.
??Attackers can use ChatGPT to Create ? Polymorphic Malware Cyberark researchers Eran Shimoni and Omer Tsarfati claim that HATGPT is capable of creating relatively simple polymorphic malware:
Orca provided information about 4 server-side request forgery attacks (SSRF) in Microsoft Azure services, including two errors that could be used without authentication for unauthorized access to cloud resources.
Git has fixed two critical vulnerabilities that could allow attackers to execute RCE after successfully exploiting heap-based buffer overflow vulnerabilities.
As a result of the ransowmare attack on the DNV shipping software provider, more than 70 customers and about 1,000 vessels were affected. Norwegian company DNV GL is the largest software supplier in the marine industry, providing solutions and services throughout the life cycle of any vessel, including a full range from design to risk assessment and management.
Horizon3 Attack Team resellers warn that by the end of the week, a PoC for a critical RCE vulnerability affecting Zoho ManageEngine products will be available.
Trend Micro resellers have found out that the GitHub Codespaces feature, which has been publicly available since November 2022, can be used to deliver malware.
A serious vulnerability in the firmware of InHand Networks' InRouter industrial routers threatens robots, electricity meters, medical and other Internet of Things devices.
Datadog, specializing in cloud security, reports that it has become a conditional victim of a recent incident with CircleCI. According to the company, one of its RPM GPG signature keys and a passphrase have been disclosed.
For more than a year, the secure boot feature on MSI motherboards had a vulnerability and allowed malicious code to run. The error was discovered by David Potocki, a researcher from Poland, who repeatedly made attempts to contact the developer and did not receive a response.