New cybersecurity findings have revealed that approximately 60% of emails containing QR codes are classified as spam, with a smaller subset being overtly malicious, targeting users with phishing schemes or credential theft. Cisco Talos, the firm behind the findings, highlighted…
Nov 20, 2024Ravie LakshmananSoftware Security / Vulnerability Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild. The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited…
Five Local Privilege Escalation (LPE) vulnerabilities in Ubuntu Server’s needrestart utility have been discovered. These flaws, found by the Qualys Threat Research Unit (TRU), affect versions prior to 3.8, enabling unprivileged users to escalate their privileges to root without requiring user…
Nov 20, 2024Ravie LakshmananEndpoint Security / AI Research Microsoft has announced a new Windows Resiliency Initiative as a way to improve security and reliability, as well as ensure that system integrity is not compromised. The idea, the tech giant said,…
Apple has urged customers to apply emergency security updates, which fixes two actively exploited vulnerabilities on its devices. The fixes are included in the iOS 18.1.1 and iPadOS 18.1.1, Safari 18.1.1, visionOS 2.1.1 and macOS Sequoia 15.1.1 updates, available across…
Nov 20, 2024Ravie LakshmananPayment Security / Cybercrime Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim’s funds at scale. The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money…
Cyber intrusions affecting telecom providers previously attributed to the Chinese hacking group LightBasin (UNC1945) are now believed to come from another Chinese-sponsored group, according to CrowdStrike. In a November 19 testimony in front of the US Senate Judiciary Subcommittee on…
Nov 20, 2024The Hacker NewsIdentity Security / Cyber Defense The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can…
Sensitive information disclosure via large language models (LLMs) and generative AI has become a more critical risk as AI adoption surges, according to the Open Worldwide Application Security Project (OWASP) To this end, ‘sensitive information disclosure’ has been designated as…
Nov 20, 2024Ravie LakshmananLinux / Vulnerability Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction.…
All Rights Reserved. Kowatek Blog by IWUCHI
Home | About Us | Disclaimer | Privacy Policy | Contact Us
