vulnerability

The aggregator of liquidity from decentralized exchanges ParaSwap began to return cryptocurrency to users after fixing a critical vulnerability in the recently launched Augustus v6 smart contract. According to the platform, 213 addresses have not yet revoked their permissions. On March 20...

A critical vulnerability (CVE-2024-29937) has been identified in the implementation of the NFS server used by BSD systems, which allows you to remotely execute your code with root rights on the server. The problem appears in all OpenBSD and FreeBSD releases, up to and including OpenBSD 7.4 and...

On March 21, the accounts of several crypto industry influencers in X were compromised to promote the PACKY scam token. Probably, the hacker got access through the automatic post publishing service IFTTT (If This then That). One of the victims was the adviser Andreessen Horowitz (a16z) Packy...

High competition forces you to exploit 5 errors at once to gain access to corporate networks. Mandiant report that Chinese hackers UNC5174 exploit vulnerabilities in popular products to distribute malware that can install additional backdoors on compromised Linux hosts. The UNC5174 attacks...

On March 18, attackers attacked the servers of a Russian domain registrar. The Russian domain registrar and hosting provider reg.ru, which serves 44% of domains in the .ru zone, was attacked by hackers. The attackers tried to break into one of the company's virtual hosting servers, the reg.ru...

The SmartScreen security bug served hackers well. Maybe you also managed to become a victim of it? In mid-January, security researchers noticed a new large-scale campaign to distribute malicious software DarkGate, exploiting a recently fixed vulnerability in the Microsoft Windows security...

The US National Vulnerability Database has stopped analyzing vulnerabilities in software and services. It is not maintained for more than a month, which affects the process of eliminating "holes". The same thing happens with the database of well-known information security vulnerabilities-CVE...

A bug in Pixel 8 allows you to take control of the device. The GrapheneOS project team, which is working on a secure version of the Android Open Source Project (AOSP), has discovered a problem in the Android 14 Bluetooth stack, leading to remote code execution. A Use-After-Free (UAF)...

To fix the breach, you need to install the latest firmware version. Moxa Company thanked Positive Technologies specialists for detecting a dangerous vulnerability in the NPort line of industrial wireless converters. Identified as CVE-2024-1220, this vulnerability received a high score of 8.2 on...

A botched fix allowed hackers to inject a backdoor into the device's codebase. Hackers are exploiting an SSRF (Server-Side Request Forgery) vulnerability in Ivanti Connect Secure (ICS), Policy Secure (IPS), and ZTA products to deploy a new DSLog backdoor on vulnerable devices. Bug...

Rather, upgrade, attackers will not give you a head start. Fortinet has published a warning about a new critical vulnerability in the FortiOS VPN system, which, as expected, can already be used in hacker attacks. The vulnerability, designated CVE-2024-21762 (FG-IR-24-015), is characterized as...

In 43 seconds, you can find out everything that the user is hiding. Hacking BitLocker protection in 43 seconds using hardware costing less than $10 has become possible, which calls into question the reliability of one of the most popular methods of encrypting hard drives in Windows. Since its...

CVE-2024-23832 requires immediate action from administrators. Mastodon, a decentralized social network, has uncovered a serious security vulnerability that allows attackers to pretend to be other users and hijack their accounts. "Due to insufficient verification of origin in all versions of...

A vulnerability CVE-2024-21626 was found in the runc isolated container startup toolkit used in Docker and Kubernetes, which allows access to the file system of the host environment from an isolated container. In the course of an attack, an attacker can overwrite some executable files in the...

We have disclosed information about a vulnerability (CVE-2023-6200) in the Linux kernel network stack, which, under certain circumstances, allows an attacker from a local network to execute their code by sending a specially designed ICMPv6 packet with an RA (Router Advertisement) message...

Qualys has identified a dangerous vulnerability (CVE-2023-6246) in the standard C library Glibc, which allows you to manipulate the launch of SUID applications to execute your code with elevated privileges. Researchers were able to develop a working exploit that allows you to gain root rights by...

Translation into poorly understood languages allows you to bypass the security restrictions of OpenAI. A recent study by scientists from Brown University in the United States revealed that security restrictions that prevent the GPT-4 neural network from issuing malicious text from OpenAI can be...

Cisco urges users to take urgent security measures. Cisco has released updates to address a critical vulnerability affecting Unified Communications and Contact Center products that could allow an unauthenticated remote attacker to execute arbitrary code on the target device. Tracked as...

Godzilla uses an unknown format to bypass security features. Trustwave warns of a significant increase in the active use of a patched vulnerability in Apache ActiveMQ to deliver the Godzilla web shell to compromised hosts. Web shells are hidden in an unknown binary format and are designed to...

Information about a vulnerability (CVE-2023-4001) in patches for the GRUB2 boot loader prepared by Red Hat has been disclosed. The vulnerability allows many systems with UEFI to bypass the password check set in GRUB2 to restrict access to the boot menu or boot loader command line. The...